Skip to content
#

security-tools

Star

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

Here are 2,643 public repositories matching this topic...

Language: All
Filter by language
All 2,643 Python 908 Go 250 Shell 211 JavaScript 161 Java 119 C 94 PHP 73 C# 70 HTML 62 C++ 60
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

aquasecurity / trivy

Star 11.1k
Open

Integration with GitLab will stop working in GitLab 15.0

13
thiago-gitlab
thiago-gitlab commented Jan 18, 2022

Container scanning schemas below 14.0.0 have been deprecated.

blob/main/contrib/gitlab.tpl:3 is using a deprecated version:

"version": "2.3",

The latest version of the schema is [14.1.0](https://gitlab.com/gitlab-org/gitla

Read more
help wanted good first issue kind/feature
Find more good first issues

CISOfy / lynis

Star 9.5k

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

linux shell auditing devops unix security-audit pci-dss compliance hardening security-vulnerability security-hardening devops-tools hipaa vulnerability-detection vulnerability-scanners security-scanner vulnerability-assessment gdpr security-tools system-hardening
  • Updated Mar 17, 2022
  • Shell

zricethezav / gitleaks

Sponsor
Star 9.4k
Open

config validation

6
zricethezav
zricethezav commented Dec 3, 2021

Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.

Describe the solution you'd like
example entry in the rules tables
ex:

[[rules]]
id = "discord-client-secret"
des
Read more
enhancement help wanted good first issue
Find more good first issues

future-architect / vuls

Star 9.1k

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

go linux golang freebsd security security-audit administrator cybersecurity security-vulnerability vulnerabilities security-hardening vulnerability-detection vulnerability-management vulnerability-scanners security-scanner vulnerability-assessment vuls security-automation security-tools vulnerability-scanner
  • Updated Mar 23, 2022
  • Go

secdev / scapy

Star 7.2k
Open

Contribute to Scapy: a master list of good first issues

3
gpotter2
gpotter2 commented Dec 18, 2016

Hi & welcome to Scapy's github ! This page lists issues that you can try to fix if you want to start contributing to Scapy.

This list includes wishes and things added by the maintainers based on the issues that we get, but also issues marked with TODO or XXX that already exist in Scapy's code base (layers). If you want to contribute to the project you might just take care one of the bugs.

Read more
help wanted good first issue
RustScan

RustScan / RustScan

Star 5.8k
Open

Write CI that checks for specific outputs in the terminal

4
bee-san
bee-san commented Oct 18, 2020

RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.

Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:

  1. [!]
  2. [~]
  3. [>]
  4. | {}

If any of these characters appear in any of the tests, fail the CI. E

Read more
good first issue feature_request hacktoberfest
Find more good first issues
prowler

prowler-cloud / prowler

Star 5k

Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

aws security cis security-audit cloud aws-cli assessment forensics compliance hardening security-hardening hipaa cloudtrail hacktoberfest gdpr security-tools devsecops cis-benchmark aws-auditing well-architected
  • Updated Mar 22, 2022
  • Shell
certificates

smallstep / certificates

Star 4.1k
Open

Add `Cache-Control: private, no-store` headers where appropriate

tashian
tashian commented Jan 10, 2022

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Read more
enhancement good first issue quickfix
Find more good first issues

PyCQA / bandit

Star 4k
Open

Docs plugin listing shows title instead of check name

ericwb
ericwb commented Aug 14, 2018

Describe the bug
In the docs found here:
https://bandit.readthedocs.io/en/latest/plugins/index.html#complete-test-plugin-listing

B109 and B111 show a description instead of a plugin name. This looks inconsistent since all the other plugin names are listed. I believe this is a result of a recent change to remove these deprecated plugins.

To Reproduce

  1. Navigate to https://bandit
Read more
bug good first issue
Ladon

k8gege / Ladon

Star 3k

大型内网渗透扫描器&Cobalt Strike,Ladon9.1.4内置150个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0

security tools hack exploit scanner hacking password poc brute-force pentest portscan security-scanner exp security-tools ladon ipscanner getshell netscan
  • Updated Mar 19, 2022
  • C#
Wikipedia
Wikipedia