security-scanner

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Source Code Security Audit (源代码安全审计)

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Official Black Hat Arsenal Security Tools Repository

A high performance offensive security tool for reconnaissance and vulnerability scanning

Advanced vulnerability scanning with Nmap NSE

nodejsscan is a static security code scanner for Node.js applications.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Kubernetes object analysis with recommendations for improved reliability and security

Application Layer DoS attack simulator

Discover Your Attack Surface!

Golang安全资源合集

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

A default credential scanner.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Semi-automatic OSINT framework and package manager

Simple Golang HTTPS/TLS Examples

🆕 The Multi-Tool Web Vulnerability Scanner.

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

Enumeration sub domains(枚举子域名)

Open-Source Security Architecture | 开源安全架构