Alternatives and similar repositories for threat-modeling:

Users that are interested in threat-modeling are comparing it to the libraries listed below

• migolovanov / modsecurity-checker
  Script to check ModSecurity rules agains some WAF
  ☆12Updated 6 years ago
• kf0jvt / deez_factors
  Looks for GitHub org users without 2FA turned on
  ☆9Updated 8 years ago
• JustinAzoff / ssh-auth-logger
  A low/zero interaction ssh authentication logging honeypot
  ☆21Updated 8 months ago
• disclose / dnssecuritytxt
  A standard allowing organizations to nominate security contact points and policies via DNS TXT records.
  ☆31Updated last month
• jedisct1 / ipgrep
  Extract, defang, resolve names and IPs from text
  ☆23Updated last year
• auditNG / go-audit-container
  go-audit is an alternative to the auditd daemon that ships with many distros
  ☆16Updated 6 years ago
• kpcyrd / tr1pd
  tamper resistant audit log
  ☆18Updated 6 years ago
• gen0cide / listening_ports
  Shell utility to list colorfully show what processes are listening on what ports.
  ☆19Updated 5 years ago
• stevespringett / owasp-risk-rating-calculator
  A Java library for programmatically calculating OWASP Risk Rating scores
  ☆18Updated 2 years ago
• wisespace-io / nettfiske
  Detect Phishing fetching Certificate Transparency Logs
  ☆20Updated 4 years ago
• ekeih / kube-shodan
  Register your Kubernetes IPs to monitor.shodan.io
  ☆18Updated 2 years ago
• mozilla-iam / federated_access_proxy
  BeyondCorp-style federated access proxy
  ☆48Updated last year
• COSSAS / Certitude
  CERTITUDE - A python package to classify malicious URLs
  ☆20Updated 2 years ago
• chainguard-dev / self-attestation
  Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.
  ☆21Updated last year
• ukncsc / stix-cvebuilder
  CVE Builder script that generates STIX formatted Exploit Target objects
  ☆18Updated 8 years ago
• fabaff / fsl-test-bench
  FSL Test bench - Ansible playbook repository to setup a save environment for security auditing and testing. It can be used for teaching s…
  ☆29Updated 4 months ago
• D4-project / d4-core
  D4 core software (server and sample sensor client)
  ☆42Updated last year
• gjyoung1974 / policy-pipeline
  Policy Pipeline : place an SDLC around your compliance documentation with a pipeline that renders policy-as-code to human friendly format…
  ☆11Updated 4 years ago
• clayball / Dissembling-Ferret
  Data exfiltration using covert channels in the TCP/IP protocol with some basic steganography.
  ☆13Updated 8 years ago
• w8mej / PoorOperationalSecurityPractices
  Deceptive tradecraft should be fun and light, not stern and stressful. It is cool to be cute.
  ☆13Updated last year
• evilsocket / wax
  Wax is a mediocre fuzzer I'm prototyping to test some ideas and get rid of others.
  ☆18Updated 6 years ago
• kushaldas / unoon
  ☆33Updated 2 years ago
• ComplianceAsCode / auditree-harvest
  The Auditree data gathering and reporting tool.
  ☆13Updated 8 months ago
• pbnj / orthrus
  🛡 Monitor, analyze, & report security misconfigurations across environments.
  ☆18Updated 7 years ago
• claudijd / rotten_apple
  A tool for testing continuous integration (CI) or continuous delivery (CD) system security
  ☆23Updated 11 years ago
• Matir / webborer
  WebBorer is a directory-enumeration tool written in Go.
  ☆44Updated 2 years ago
• zmap / zcertificate
  Command line utility for parsing certificates
  ☆63Updated 4 years ago
• kindredgroup / paf-credentials-checker
  PCC's aim is to provide a high performing offline tool to easily assess which users are vulnerable to Password Reuse Attacks (a.k.a. Pass…
  ☆18Updated 5 years ago
• makash / linux-container-security-docs
  A gitbook for doing a null Bangalore session on linux container security to discuss and teach namespaces, cgroups etc.
  ☆20Updated 7 years ago
• ThreatResponse / poor-webhook
  An example of a vulnerable slack bot that runs in AWS lambda.
  ☆19Updated 7 years ago