projectdiscovery/nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Go Star:25046

CISOfy/lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Shell Star:14721

zaproxy/zaproxy

The ZAP by Checkmarx Core project

Java Star:14206

future-architect/vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Go Star:11765

wpscanteam/wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Ruby Star:9230

PyCQA/bandit

Bandit is a tool designed to find common security issues in Python code.

Python Star:7378

jakejarvis/awesome-shodan-queries

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Star:6751

GhostTroops/scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Go Star:5883

k8gege/Ladon

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等，大量高危漏洞检测模块MS17010、Zimbra、Exchange

C# Star:5196

microsoft/ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

C# Star:4362

toolswatch/blackhat-arsenal-tools

Official Black Hat Arsenal Security Tools Repository

Star:4145

scipag/vulscan

Advanced vulnerability scanning with Nmap NSE

Lua Star:3675

webhintio/hint

💡 A hinting engine for the web

TypeScript Star:3666

evyatarmeged/Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Python Star:3242

FeeiCN/Cobra

Source Code Security Audit (源代码安全审计)

Python Star:3185

zegl/kube-score

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

Go Star:2969

ajinabraham/nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

CSS Star:2508

Bearer/bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Go Star:2422

kpcyrd/sn0int

Semi-automatic OSINT framework and package manager

Rust Star:2309

codingo/Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Python Star:2175

其他主题推荐:

sync pentest-tool xposed pypi wordpress best-practices ddd element-ui