security-audit

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

A static analysis security vulnerability scanner for Ruby on Rails applications

Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android(GKI) Aarch64.

Open Source Vulnerability Management Platform

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Web Application Security Scanner Framework

Source Code Security Audit (源代码安全审计)

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

Advanced vulnerability scanning with Nmap NSE

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

Patch-level verification for Bundler

Cloud Security Posture Management (CSPM)

Automated NoSQL database enumeration and web application exploitation tool.

Find leaked secrets via github search

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Collection of the most common vulnerabilities found in iOS applications

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Semi-automatic OSINT framework and package manager

Pentest Report Generator

Directory Services Internals (DSInternals) PowerShell Module and Framework

pentest framework

grep rough audit - source code auditing tool