Security Tools
Showing 36 of 119 projects
An open-source intelligence (OSINT) tool for crawling and analyzing websites on the dark web and beyond.
An Nmap NSE script that transforms nmap into a vulnerability scanner using offline vulnerability databases.
A curated collection of proof-of-concept exploits for Common Vulnerabilities and Exposures (CVEs).
An open-source firmware security analyzer for embedded Linux devices, performing extraction, static/dynamic analysis, SBOM generation, and vulnerability reporting.
A curated list of open-source tools for capturing, analyzing, and processing network packet captures (PCAP files).
A Network Forensic Analysis Tool (NFAT) for deep inspection of PCAP files and live traffic, extracting credentials, building network maps, and reconstructing sessions.
An automated Python tool for auditing and exploiting NoSQL database vulnerabilities and web application injection attacks.
GUI and console sources for Detect It Easy (DiE), a program for determining file types and packers.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.
A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
A system for distributing and managing secrets, now deprecated in favor of HashiCorp Vault.
KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.
Identifies compilers, packers, obfuscators, and other characteristics in Android APK and DEX files.
A modern, asynchronous, multiplayer command and control (C2) framework for post-exploitation using Python and .NET's DLR.
A Linux Kernel Module (LKM) rootkit for hiding processes, granting root privileges, and making files invisible.
A web-based toolkit for XSS (Cross-Site Scripting) testing, encoding/decoding, and payload generation.
A Java bytecode assembler, disassembler, and decompiler designed to handle obfuscated code and support the latest JVM specifications.
A deprecated collection of PowerShell tools for offensive security operations and penetration testing.
A static analysis tool for Go that finds vulnerabilities using SSA form and source-to-sink tracing to reduce false positives.
Monitor GitHub for sensitive information leaks in near real-time and send alert notifications.
A dynamic network analysis tool that intercepts and simulates network services for malware analysis and penetration testing.
A service that provides easy-to-remember reverse shell payloads for Unix-like systems, automatically detecting available software on the target.
A reconnaissance tool that gathers information about targets using APIs without direct contact.
A Python module for parsing and working with Portable Executable (PE) files, providing access to headers, sections, and embedded data.
A CLI tool to clone or backup all repositories from a GitHub/GitLab/Bitbucket organization or user into a single directory.
An open-source memory forensic framework for extracting and analyzing digital artifacts from Windows, Linux, and OSX memory images.
A curated collection of tools, data, literature, and resources for Industrial Control System (ICS) and SCADA security.
Distributed tcpdump for cloud native environments, capturing and streaming network packets from multiple hosts to a central receiver.
A suite of network fingerprinting standards for TLS, TCP, HTTP, SSH, and other protocols to facilitate threat detection and security analysis.
A curated list of awesome guides, tools, and resources related to lockpicking, physical security, and locksport.
A Burp Suite extension for advanced GraphQL security testing, featuring vulnerability scanning, batch attacks, and schema analysis.
A curated list of threat modeling resources including books, courses, videos, tools, tutorials, and examples for learning and practicing threat modeling.
A multi-platform client-server tool for distributing Hashcat password cracking tasks across multiple computers.
A grep-based source code auditing tool that finds potential security flaws using signature databases for multiple programming languages.
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.