Search Results for "security linux"
Sort By:
Showing 116 open source projects for "security linux"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission. Here you will find... -
2
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web... -
3
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo... -
4
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers
Trivy is the most popular open source security scanner, reliable, fast, and easy to use. Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more. Trivy is praised by professionals from organizations worldwide. Are you a Trivy fan as well? We’d love to hear from you! Trivy detects vulnerabilities from a wide array of operating systems and programming languages, across different versions, and vulnerability sources. Detect... -
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
5
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. Pacu is the aggregation of all of the exploitation experience... -
6
K8tools
Security- and exploitation-oriented utilities and proof-of-concepts
K8tools is a large, curated GitHub repository collecting dozens (hundreds) of security- and exploitation-oriented utilities, proof-of-concepts, and payloads aimed at penetration testing, privilege escalation, and vulnerability exploitation. The project bundles exploits for many well-known CVEs, remote get-shell scripts, local privilege-escalation helpers, credential-harvesting utilities, scanning and brute-force tools, and a variety of platform-specific binaries and archives organized into... -
7
Commando VM
Complete Mandiant Offensive VM (Commando VM)
Commando VM (by Mandiant) is a Windows-based offensive security / red-team distribution built to turn a fresh Windows installation into a fully featured penetration testing environment. It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of... -
8
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
9
Maltrail
Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic... -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
DevSec Hardening
This Ansible collection provides battle tested hardening
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and... -
11
Zuul
Gateway service providing dynamic routing, monitoring and more
Zuul is an L7 application gateway that offers many capabilities, including dynamic routing, monitoring, security, resiliency and more. It is used in the backend of the Netflix streaming service as a front door for all requests from devices and web sites. Zuul is ideal for cases like this where API traffic volume and diversity can become overwhelming and cause production issues to arise suddenly and without warning. Zuul has a broad range of filters that enable it to perform multiple... -
12
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also... -
13
One-Lin3r
Gives you one-liners that aids in penetration testing operations
One-Lin3r is a modular and lightweight penetration testing framework designed to provide security professionals with a centralized collection of one-liner commands for a wide range of offensive security tasks. It focuses on simplifying the execution of complex commands by organizing them into categorized modules, allowing users to quickly access and deploy payloads without manually searching or crafting them. The framework includes hundreds of prebuilt one-liners covering areas such as reverse shells, privilege escalation, bind shells, and payload delivery techniques. ... -
14
Exegol
Fully featured and community-driven hacking environment
Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day-to-day engagements. Exegol is the best solution to deploy powerful hacking environments securely, easily, and professionally. No more unstable, not-so-security-focused systems lacking major offensive tools. Kali Linux (and similar alternatives) are great toolboxes for learners, students, and junior pentesters. However professionals have different needs, and their context requires a whole new design. -
15
Zerocode
API automation and load testing framework
A community-developed, free, open source, microservices API automation and load testing framework built using JUnit core runners for Http REST, SOAP, Security, Database, Kafka and much more. Zerocode Open Source enables you to create, change, orchestrate and maintain your automated test cases declaratively with absolute ease. Zerocode makes it easy to create and maintain automated tests with absolute minimum overhead for REST,SOAP, Kafka Real Time Data Streams and much more. It has the best... -
16
CDK
Make security testing of K8s, Docker, and Containerd easier
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily. -
17
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
18
SANTETIN
Santetin is a website stress test and DDOS simulation tool
Santetin is a powerful desktop application built with Electron to perform website stress tests, penetration testing simulations, DDOS attacks, and traffic jingling for testing and educational purposes. ⚠️ Disclaimer: This tool is intended for educational and testing purposes only. Do not use it against any website without explicit permission from the owner. -
19
PyKCS11: a complete PKCS#11 wrapper for Python, created using the SWIG compiler. API documentation: http://pkcs11wrap.sourceforge.net/api/
-
20
DBD2
A multi-threaded, multi-database tcp-based database insertion app.
DBD2 inserts database records from TCP input. It is a companion project to Syslgod2 and an application in its own right. It ships with a backgrounding client for generic use. The client sends whatever information the user puts on the command-line to the back-end daemon via TCP. Upon successful transmission, the client exits. On failure, it backs off and retries until its life-time timer expires. The back-end daemon accepts data from Syslogd2 or its own client and inserts that data... -
21
Infection Monkey
Infection Monkey is a automated security testing tool for networks
Infection Monkey is a open source automated security testing tool for testing a network's security baseline. Monkey is a tool that infects machines and propagates and Monkey Island is the server for an administrator to control and visualize progress of Infection Monkey. -
22
BlackBuntu Linux
BlackBuntu Linux
BlackBuntu is born from the passion and spirit of 2 specialists. Let’s cut the bullshit, this distribution is a GNU/Linux distribution based on Ubuntu and designed with Pentest, Security and Development in mind for the best experience. With advanced accessibility tools and options to change language, colour scheme and text size, Blackbuntu makes computing easy – whoever and wherever you are. BlackBuntu is a fully open source project, anyone can see what is inside. -
23
What is DracOS GNU/Linux Remastered ? DracOS GNU/Linux Remastered ( https://github.com/dracos-linux ) is the Linux operating system from Indonesia , open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing).
-
24
Insider
Static Application Security Testing (SAST) engine
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on agile and easy-to-implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET. Insider is focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and... -
25
Hyenae NG
Advanced Network Packet Generator
Hyenae NG is an advanced cross-platform network packet generator and the successor of Hyenae. It features full network layer spoofing, pattern based address randomization and flood detection breaking mechanisms. *** Please check out the latest source from my GitHub repository and check the Build informations. https://github.com/r-richter/hyenae-ng/
