SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Support
Quality
Security
License
Reuse
Just Announced - "Learn Spring Security OAuth":
Support
Quality
Security
License
Reuse
项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统,项目采用分模块开发方式, 权限控制采用 RBAC,支持数据字典与数据权限管理,支持一键生成前后端代码,支持动态路由
Support
Quality
Security
License
Reuse
🔥 官方推荐 🔥 RuoYi-Vue 全新 Pro 版本,优化重构所有功能。基于 Spring Boot + MyBatis Plus + Vue & Element 实现的后台管理系统 + 微信小程序,支持 RBAC 动态权限、数据权限、SaaS 多租户、Flowable 工作流、三方登录、支付、短信、商城等功能。你的 ⭐️ Star ⭐️,是作者生发的动力!
Support
Quality
Security
License
Reuse
M
Mobile-Security-Framework-MobSFby MobSF
JavaScript 
14251 Version:Current License: Strong Copyleft (GPL-3.0)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Support
Quality
Security
License
Reuse
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Support
Quality
Security
License
Reuse
Protect and discover secrets using Gitleaks 🔑
Support
Quality
Security
License
Reuse
Protect and discover secrets using Gitleaks 🔑
Support
Quality
Security
License
Reuse
Find and verify credentials
Support
Quality
Security
License
Reuse
The OWASP ZAP core project
Support
Quality
Security
License
Reuse
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Support
Quality
Security
License
Reuse
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Support
Quality
Security
License
Reuse
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Support
Quality
Security
License
Reuse
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Support
Quality
Security
License
Reuse
Firmware Analysis Tool
Support
Quality
Security
License
Reuse
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Support
Quality
Security
License
Reuse
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Support
Quality
Security
License
Reuse
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
Support
Quality
Security
License
Reuse
m
my-arsenal-of-aws-security-toolsby toniblyx
Shell 8193 Version:Current License: Permissive (Apache-2.0)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Support
Quality
Security
License
Reuse
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Support
Quality
Security
License
Reuse
Spring Security
Support
Quality
Security
License
Reuse
Application to comfortably monitor your Internet traffic 🕵️♂️
Support
Quality
Security
License
Reuse
Nginx configuration static analyzer
Support
Quality
Security
License
Reuse
Some setup scripts for security research tools.
Support
Quality
Security
License
Reuse
A collection of android security related resources
Support
Quality
Security
License
Reuse
Golang security checker
Support
Quality
Security
License
Reuse
A static analysis security vulnerability scanner for Ruby on Rails applications
Support
Quality
Security
License
Reuse
Main Sigma Rule Repository
Support
Quality
Security
License
Reuse
Security scanner for your Terraform code
Support
Quality
Security
License
Reuse
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Support
Quality
Security
License
Reuse
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Support
Quality
Security
License
Reuse
WebGoat is a deliberately insecure application
Support
Quality
Security
License
Reuse
p
privilege-escalation-awesome-scripts-suiteby carlospolop
C# 5752 Version:Current License: Permissive (MIT)
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Support
Quality
Security
License
Reuse
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Support
Quality
Security
License
Reuse
Reconnaissance tool for GitHub organizations
Support
Quality
Security
License
Reuse
A curated list of resources for learning about application security
Support
Quality
Security
License
Reuse
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Support
Quality
Security
License
Reuse
Dshell is a network forensic analysis framework.
Support
Quality
Security
License
Reuse
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Support
Quality
Security
License
Reuse
Bandit is a tool designed to find common security issues in Python code.
Support
Quality
Security
License
Reuse
Malicious traffic detection system
Support
Quality
Security
License
Reuse
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Support
Quality
Security
License
Reuse
P
Practical-Ethical-Hacking-Resourcesby TCM-Course-Resources
Python 4852 Version:Current
License: No License (No License)
License: No License (No License)Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course
Support
Quality
Security
License
Reuse
↥ ↥ ↥ 点击关注更新,基于 Spring Cloud 2021 、Spring Boot 2.7、 OAuth2 的 RBAC 权限管理系统
Support
Quality
Security
License
Reuse
The open source high performance data integration platform built for developers.
Support
Quality
Security
License
Reuse
syzkaller is an unsupervised coverage-guided kernel fuzzer
Support
Quality
Security
License
Reuse
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Support
Quality
Security
License
Reuse
Snyk CLI scans and monitors your projects for security vulnerabilities.
Support
Quality
Security
License
Reuse
Automated Adversary Emulation Platform
Support
Quality
Security
License
Reuse
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Support
Quality
Security
License
Reuse
S
SecListsby danielmiessler
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
PHP 47110Updated: 11 mo ago License: Permissive (MIT)
47110Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
t
tutorialsby eugenp
Just Announced - "Learn Spring Security OAuth":
Java 34354Updated: 11 mo ago License: Permissive (MIT)
34354Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
e
eladminby elunez
项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统,项目采用分模块开发方式, 权限控制采用 RBAC,支持数据字典与数据权限管理,支持一键生成前后端代码,支持动态路由
Java 19839Updated: 11 mo ago License: Permissive (Apache-2.0)
19839Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
r
ruoyi-vue-proby YunaiV
🔥 官方推荐 🔥 RuoYi-Vue 全新 Pro 版本,优化重构所有功能。基于 Spring Boot + MyBatis Plus + Vue & Element 实现的后台管理系统 + 微信小程序,支持 RBAC 动态权限、数据权限、SaaS 多租户、Flowable 工作流、三方登录、支付、短信、商城等功能。你的 ⭐️ Star ⭐️,是作者生发的动力!
Java 16959Updated: 11 mo ago License: Permissive (MIT)
16959Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
M
Mobile-Security-Framework-MobSFby MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
JavaScript 14251Updated: 11 mo ago License: Strong Copyleft (GPL-3.0)
14251Updated: 11 mo ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
b
bettercapby bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Go 14138Updated: 11 mo ago License: Proprietary (Proprietary)
14138Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
g
gitleaksby gitleaks
Protect and discover secrets using Gitleaks 🔑
Go 13219Updated: 11 mo ago License: Permissive (MIT)
13219Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
g
gitleaksby zricethezav
Protect and discover secrets using Gitleaks 🔑
Go 11798Updated: 1 y ago License: Permissive (MIT)
11798Updated: 1 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
t
trufflehogby trufflesecurity
Find and verify credentials
Go 11386Updated: 11 mo ago License: Strong Copyleft (AGPL-3.0)
11386Updated: 11 mo ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
z
zaproxyby zaproxy
The OWASP ZAP core project
Java 10937Updated: 11 mo ago License: Permissive (Apache-2.0)
10937Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
l
lynisby CISOfy
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Shell 10880Updated: 11 mo ago License: Strong Copyleft (GPL-3.0)
10880Updated: 11 mo ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
o
owasp-mastgby OWASP
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Python 10297Updated: 12 mo ago License: Strong Copyleft (CC-BY-SA-4.0)
10297Updated: 12 mo ago License: Strong Copyleft (CC-BY-SA-4.0)Support
Quality
Security
License
Reuse
s
social-analyzerby qeeqbox
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
JavaScript 10077Updated: 11 mo ago License: Strong Copyleft (AGPL-3.0)
10077Updated: 11 mo ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
s
spiderfootby smicallef
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Python 9740Updated: 11 mo ago License: Permissive (MIT)
9740Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
b
Support
Quality
Security
License
Reuse
o
owasp-mstgby OWASP
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Python 8710Updated: 2 y ago License: Strong Copyleft (CC-BY-SA-4.0)
8710Updated: 2 y ago License: Strong Copyleft (CC-BY-SA-4.0)Support
Quality
Security
License
Reuse
k
kubescapeby kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Go 8544Updated: 11 mo ago License: Permissive (Apache-2.0)
8544Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
prowlerby prowler-cloud
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
Python 8206Updated: 11 mo ago License: Permissive (Apache-2.0)
8206Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
m
my-arsenal-of-aws-security-toolsby toniblyx
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Shell 8193Updated: 11 mo ago License: Permissive (Apache-2.0)
8193Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
t
tsunami-security-scannerby google
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Java 7847Updated: 12 mo ago License: Permissive (Apache-2.0)
7847Updated: 12 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
s
spring-securityby spring-projects
Spring Security
Java 7756Updated: 11 mo ago License: Permissive (Apache-2.0)
7756Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
s
sniffnetby GyulyVGC
Application to comfortably monitor your Internet traffic 🕵️♂️
Rust 7629Updated: 11 mo ago License: Permissive (Apache-2.0)
7629Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
g
gixyby yandex
Nginx configuration static analyzer
Python 7575Updated: 1 y ago License: Proprietary (Proprietary)
7575Updated: 1 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
c
ctf-toolsby zardus
Some setup scripts for security research tools.
Shell 7473Updated: 11 mo ago License: Permissive (BSD-3-Clause)
7473Updated: 11 mo ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
a
android-security-awesomeby ashishb
A collection of android security related resources
Shell 6976Updated: 11 mo ago License: Permissive (Apache-2.0)
6976Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
g
Support
Quality
Security
License
Reuse
b
brakemanby presidentbeef
A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby 6660Updated: 12 mo ago License: Proprietary (Proprietary)
6660Updated: 12 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
s
sigmaby SigmaHQ
Main Sigma Rule Repository
Python 6471Updated: 11 mo ago License: Proprietary (Proprietary)
6471Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
t
tfsecby aquasecurity
Security scanner for your Terraform code
Go 5959Updated: 11 mo ago License: Permissive (MIT)
5959Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
t
truffleHogby trufflesecurity
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Python 5914Updated: 3 y ago License: Strong Copyleft (GPL-2.0)
5914Updated: 3 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
k
kube-benchby aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Go 5902Updated: 11 mo ago License: Permissive (Apache-2.0)
5902Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
W
WebGoatby WebGoat
WebGoat is a deliberately insecure application
JavaScript 5757Updated: 11 mo ago License: Proprietary (Proprietary)
5757Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
p
privilege-escalation-awesome-scripts-suiteby carlospolop
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
C# 5752Updated: 3 y ago License: Permissive (MIT)
5752Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
c
checkovby bridgecrewio
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Python 5668Updated: 11 mo ago License: Permissive (Apache-2.0)
5668Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
g
gitrobby michenriksen
Reconnaissance tool for GitHub organizations
Go 5653Updated: 11 mo ago License: Permissive (MIT)
5653Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
awesome-appsecby paragonie
A curated list of resources for learning about application security
PHP 5615Updated: 11 mo ago License: Permissive (MIT)
5615Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
t
truffleHogby dxa4481
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Python 5601Updated: 3 y ago License: Strong Copyleft (GPL-2.0)
5601Updated: 3 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
D
Dshellby USArmyResearchLab
Dshell is a network forensic analysis framework.
Python 5392Updated: 1 y ago License: Proprietary (Proprietary)
5392Updated: 1 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
z
zeekby zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
C++ 5289Updated: 11 mo ago License: Proprietary (Proprietary)
5289Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
b
banditby PyCQA
Bandit is a tool designed to find common security issues in Python code.
Python 5261Updated: 11 mo ago License: Permissive (Apache-2.0)
5261Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
m
maltrailby stamparm
Malicious traffic detection system
Python 5140Updated: 11 mo ago License: Permissive (MIT)
5140Updated: 11 mo ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
D
DependencyCheckby jeremylong
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Java 5129Updated: 11 mo ago License: Permissive (Apache-2.0)
5129Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
P
Practical-Ethical-Hacking-Resourcesby TCM-Course-Resources
Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course
Python 4852Updated: 11 mo ago License: No License (No License)
4852Updated: 11 mo ago License: No License (No License)Support
Quality
Security
License
Reuse
p
pigby pig-mesh
↥ ↥ ↥ 点击关注更新,基于 Spring Cloud 2021 、Spring Boot 2.7、 OAuth2 的 RBAC 权限管理系统
Java 4773Updated: 11 mo ago License: Permissive (Apache-2.0)
4773Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
c
cloudqueryby cloudquery
The open source high performance data integration platform built for developers.
Go 4730Updated: 11 mo ago License: Weak Copyleft (MPL-2.0)
4730Updated: 11 mo ago License: Weak Copyleft (MPL-2.0)Support
Quality
Security
License
Reuse
s
syzkallerby google
syzkaller is an unsupervised coverage-guided kernel fuzzer
Go 4730Updated: 11 mo ago License: Permissive (Apache-2.0)
4730Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
prowlerby toniblyx
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Shell 4601Updated: 2 y ago License: Permissive (Apache-2.0)
4601Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
c
cliby snyk
Snyk CLI scans and monitors your projects for security vulnerabilities.
TypeScript 4478Updated: 11 mo ago License: Proprietary (Proprietary)
4478Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
c
calderaby mitre
Automated Adversary Emulation Platform
Python 4399Updated: 11 mo ago License: Permissive (Apache-2.0)
4399Updated: 11 mo ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
c
cowrieby cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Python 4294Updated: 11 mo ago License: Proprietary (Proprietary)
4294Updated: 11 mo ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse