security-audit

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A static analysis security vulnerability scanner for Ruby on Rails applications

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls and many more additional checks that help on GDPR, HIPAA and other security frameworks.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Collaborative Penetration Test and Vulnerability Management Platform

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Web Application Security Scanner Framework

Source Code Security Audit (源代码安全审计)

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

Patch-level verification for Bundler

Advanced vulnerability scanning with Nmap NSE

Automated NoSQL database enumeration and web application exploitation tool.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Cloud Security Posture Management (CSPM)

Find leaked secrets via github search

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

Collection of the most common vulnerabilities found in iOS applications

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

pentest framework

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

Semi-automatic OSINT framework and package manager

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Simple Golang HTTPS/TLS Examples

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Directory Services Internals (DSInternals) PowerShell Module and Framework

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.