Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A static analysis security vulnerability scanner for Ruby on Rails applications

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.

Collaborative Penetration Test and Vulnerability Management Platform

Web Application Security Scanner Framework

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

Source Code Security Audit (源代码安全审计)

Advanced vulnerability scanning with Nmap NSE

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automated NoSQL database enumeration and web application exploitation tool.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Collection of the most common vulnerabilities found in iOS applications

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Cloud Security Posture Management (CSPM)

Find leaked secrets via github search

pentest framework

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

GDA is a new fast and powerful decompiler for the APK, DEX, ODEX, OAT, JAR, AAR and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption and encryption etc.

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Simple Golang HTTPS/TLS Examples

Open-Source Security Architecture | 开源安全架构

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Semi-automatic OSINT framework and package manager

被动式漏洞扫描系统

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.