Search Results for "security tools"
Sort By:
Showing 384 open source projects for "security tools"
View related business solutions-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
1
fsociety
Modular CLI framework for managing penetration testing tools
fsociety is a modular penetration testing framework designed to provide a unified interface for running and managing a wide range of security tools. It focuses on simplifying penetration testing workflows by integrating multiple external security utilities into a single command line environment. Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. ... -
2
secator
Automated framework for running pentesting tools and workflows
...By standardizing input parameters and output formats across different tools, Secator simplifies how results are collected and processed during security testing. Secator is built to improve productivity for penetration testers, bug bounty hunters, and security researchers who frequently chain multiple tools together during assessments. -
3
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
4
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
FLARE VM
A collection of software installations scripts for Windows systems
FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. -
6
Telegram-OSINT
https://github.com/The-Osint-Toolbox/Telegram-OSINT
Telegram-OSINT is an extensive open source repository that compiles tools, techniques, and resources for conducting open source intelligence investigations on the Telegram platform. It serves as a central reference for analysts, researchers, and investigators who want to discover, analyze, and collect publicly available information from Telegram channels, groups, and bots. It organizes a wide variety of utilities that interact with Telegram’s API to gather data such as channel details,... -
7
OSINT Framework
OSINT Framework
OSINT-Framework is a web-based intelligence resource map designed to help investigators and researchers quickly locate free open-source intelligence tools and data sources. Rather than functioning as an automated scanner, it organizes hundreds of OSINT resources into a structured, navigable interface grouped by investigation type, such as usernames, email addresses, domains, and social media. The project was originally created from an information security perspective but has since expanded to support journalists, analysts, and digital investigators across many disciplines. ... -
8
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission. Here you will find... -
9
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs... -
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
10
Sippts
Set of tools to audit SIP based VoIP Systems
Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python and it allows us to check the security of a VoIP server using SIP protocol. You can freely use, modify and distribute. If modified, please put a reference to this site. Most security tools can be used for illegal purposes, but the purpose of this tool is to check the security of your own servers and not to use to do bad things. -
11
emp3r0r
Linux/Windows post-exploitation framework made by linux user
A post-exploitation framework for Linux/Windows. Initially, emp3r0r was developed as one of my weaponizing experiments. It was a learning process for me trying to implement common Linux adversary techniques and some of my original ideas. So, what makes emp3r0r different? First of all, it is the first C2 framework that targets Linux platform including the capability of using any other tools through it. Take a look at the features for more valid reasons to use it. -
12
fleet
Open-source platform for IT, security, and infrastructure teams
Fleet exposes familiar concepts from traditional MDMs like custom attributes and dynamic grouping, but in a way that lets you work directly with data and events from each native operating system. A device management platform for managing and monitoring endpoints, specifically designed for IT security and compliance teams. -
13
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. ... -
14
RedAmon
AI-powered framework for automated penetration testing and red teaming
RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. ... -
15
discover
Automation framework for reconnaissance and penetration testing tasks
...Discover also integrates with well-known security tools like Metasploit to generate malicious payloads and manage listeners for exploitation tasks. By organizing multiple security utilities and scripts into one environment, the project reduces repetitive manual steps and standardizes penetration testing workflows. The tool is commonly used in Kali Linux environments. -
16
frida
Dynamic instrumentation toolkit for developers
...Frida is and will always be free software (free as in freedom). We want to empower the next generation of developer tools, and help other free software developers achieve interoperability through reverse engineering. We are proud that NowSecure is using Frida to do fast, deep analysis of mobile apps at scale. Frida has a comprehensive test-suite and has gone through years of rigorous testing across a broad range of use-cases. -
17
Docker Scout CLI
Docker Scout CLI
Designed to identify security issues, outdated packages, and potential compliance problems within container images, Docker Scout surfaces dependency vulnerabilities so you're protected. Docker Scout enhances your development process with detailed image analysis and proactive remediation tools. It integrates seamlessly with Docker Desktop and Docker Hub to improve your security and efficiency. -
18
thc-hydra
Shows how easy it would be to gain unauthorized access to a system
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. -
19
Gpg4win
GnuPG for Windows
Gpg4win is the official Windows distribution of the GnuPG encryption ecosystem, providing an accessible graphical environment for secure email and file protection. It packages the GnuPG engine together with user-friendly tools such as certificate management utilities, Windows Explorer integration, and Outlook plugins, enabling encryption workflows without requiring command-line expertise. The suite supports both OpenPGP and S/MIME standards, allowing organizations and individuals to secure... -
20
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
21
airgeddon
This is a multi-use bash script for Linux systems
airgeddon is an alive project growing day by day. Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing. DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng). "DoS Pursuit mode" is available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks). Full support for 2.4Ghz and 5Ghz bands. Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing. Cleaning and optimizing Handshake captured... -
22
Bitwarden Secrets Manager SDK
Bitwarden Secrets Manager SDK
This repository houses the Bitwarden Secret Manager SDK. The SDK is written in Rust and provides a Rust API, CLI, and various language bindings. -
23
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. -
24
InterceptSuite
A TLS MITM proxy for Non-HTTP traffic, with support for TLS upgrades
InterceptSuite is a cross‑platform, SOCKS5‑based MITM proxy specially designed to intercept, inspect, analyze, and manipulate encrypted network traffic at the TCP/TLS layer. It goes beyond HTTP‑focused tools like Burp Suite and ZAP by providing universal TLS interception—including STARTTLS and non‑HTTP protocols—offering deep visibility and control for security testing and debugging. InterceptSuite bridges this gap by providing a universal TLS interception engine that works with any protocol, giving security researchers the tools they need to analyze, understand, and test encrypted communications effectively. ... -
25
Mobile Verification Toolkit
Helps with conducting forensics of mobile devices
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. ...
