Security Audit
Showing 36 of 65 projects
A tool for detecting secrets like passwords, API keys, and tokens in git repositories, directories, and stdin.
A security auditing and hardening tool for UNIX-based systems, performing in-depth scans and compliance testing.
A free, open-source web application security scanner for finding vulnerabilities during development and testing.
An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.
An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.
A Perl script that analyzes MySQL, MariaDB, and Percona Server configurations to provide performance and stability recommendations.
A fast, simple, recursive content discovery tool written in Rust for forced browsing attacks.
A static analysis security vulnerability scanner for Ruby on Rails applications.
Automated security health metrics for open source projects, assessing security best practices and risks.
An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.
A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.
Monitors AWS, GCP, OpenStack, and GitHub for policy changes and insecure configurations, tracking asset changes over time.
An Nmap NSE script that transforms nmap into a vulnerability scanner using offline vulnerability databases.
An open-source Cloud Security Posture Management (CSPM) tool that scans AWS, Azure, GCP, Oracle, and GitHub for security misconfigurations.
An automated Python tool for auditing and exploiting NoSQL database vulnerabilities and web application injection attacks.
A Python tool for auditing SSH server configurations, security, and compatibility.
A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.
A semi-automatic OSINT framework and package manager for gathering intelligence and enumerating attack surfaces.
A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.
An opinionated security and code quality checklist for auditing Solidity smart contracts.
A Python tool that scans HTTP servers for publicly accessible secret files and security vulnerabilities like git repos and backup files.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
A Burp Suite extension for advanced GraphQL security testing, featuring vulnerability scanning, batch attacks, and schema analysis.
A grep-based source code auditing tool that finds potential security flaws using signature databases for multiple programming languages.
A tool for quickly evaluating IAM permissions and identifying security risks in AWS accounts through graph-based analysis.
Audits Python environments, requirements files, and dependency trees for known security vulnerabilities and can automatically fix them.
A tool to test Wi-Fi clients and access points for fragmentation and aggregation vulnerabilities affecting all protected Wi-Fi networks.
A virtual host scanner for penetration testing that performs reverse lookups, detects catch-all scenarios, and works around wildcards and aliases.
An advanced Cross-Site Request Forgery (CSRF) audit and exploitation toolkit for security testing.
An efficient Android vulnerability scanner that finds security issues and missing best practices in APK files.
A massive 82 billion entry wordlist compiled from multiple password dictionaries for security testing.
A professional-grade web security scanner for penetration testing with intelligent, context-aware scanning and proof-based vulnerability detection.
Embed dependency information into Rust binaries for vulnerability auditing in production.
A collection of AI agent skills and subagents for Sentry's internal development workflows, following the open Agent Skills format.
A cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization, built in Rust.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.