tcosolutions / betterscan

Related projects: ⓘ

• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆790Updated last year
• owasp-dep-scan / dep-scan
  OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …
  ☆982Updated last week
• Legit-Labs / legitify
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆759Updated last week
• psiinon / open-source-web-scanners
  A list of open source web security scanners
  ☆861Updated last week
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆533Updated last month
• TupleType / awesome-cicd-attacks
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆473Updated 3 weeks ago
• devops-kung-fu / bomber
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆494Updated last week
• DataDog / KubeHound
  Tool for building Kubernetes attack paths
  ☆746Updated this week
• cider-security-research / top-10-cicd-security-risks
  ☆394Updated last year
• semgrep / semgrep-rules
  Semgrep rules registry
  ☆773Updated this week
• mazen160 / secrets-patterns-db
  Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
  ☆1,010Updated 7 months ago
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆888Updated this week
• michelin / ChopChop
  ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
  ☆667Updated 11 months ago
• projectdiscovery / cloudlist
  Cloudlist is a tool for listing Assets from multiple Cloud Providers.
  ☆840Updated this week
• CycloneDX / cdxgen
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆546Updated this week
• Ostorlab / oxo
  OXO is a security scanning orchestrator for the modern age.
  ☆517Updated this week
• owasp-noir / noir
  Attack surface detector that identifies endpoints by static analysis
  ☆555Updated this week
• inguardians / peirates
  Peirates - Kubernetes Penetration Testing tool
  ☆1,206Updated last week
• BishopFox / cloudfox
  Automating situational awareness for cloud penetration tests.
  ☆1,896Updated last month
• dub-flow / sessionprobe
  SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…
  ☆444Updated 5 months ago
• imperva / automatic-api-attack-tool
  Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…
  ☆451Updated last year
• CERT-Polska / Artemis
  A modular vulnerability scanner with automatic report generation capabilities.
  ☆535Updated this week
• ossf / package-analysis
  Open Source Package Analysis
  ☆720Updated last week
• wireghoul / graudit
  grep rough audit - source code auditing tool
  ☆1,487Updated last month
• erev0s / VAmPI
  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  ☆892Updated last month
• secureCodeBox / secureCodeBox
  secureCodeBox (SCB) - continuous secure delivery out of the box
  ☆768Updated this week
• Threagile / threagile
  Agile Threat Modeling Toolkit
  ☆594Updated last week
• step-security / github-actions-goat
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆428Updated 3 weeks ago
• nemesida-waf / waf-bypass
  Check your WAF before an attacker does
  ☆1,244Updated last week
• stark0de / nginxpwner
  Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
  ☆1,433Updated 6 months ago