Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
Talisman is a tool that scans git changesets to ensure that potential secrets or sensitive information do not leave the developer's workstation.
It validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc.
A command line utility to display dependency tree of the installed Python packages.
pipdeptree is a command line utility for displaying the installed python packages in form of a dependency tree. It works for packages installed globally on a machine as well as in a virtualenv. Since pip freeze shows all dependencies as a flat list, finding out which are the top level packages and which packages do they depend on requires some effort. It's also tedious to resolve conflicting dependencies that could have been installed because older version of pip didn't have true dependency resolution1. pipdeptree can help here by identifying conflicting dependencies installed in the environment.
Tool for building Kubernetes attack paths.
KubeHound creates a graph of attack paths in a Kubernetes cluster, allowing you to identify direct and multi-hop routes an attacker is able to take, visually or through complex graph queries.
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query.
The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface to begin harvesting sensitive information on GitHub. GitDorker can be used with additional tools such as GitRob or Trufflehog on interesting repos or users discovered from GitDorker to produce best results.
Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start.
Automate Your Audit Reports with AuditForge.
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
Save time, increase efficiency, and maintain data confidentiality with our open-source auditing software.
grep rough audit - source code auditing tool.
graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Your Microsoft Security test automation framework!
Monitor your Microsoft 365 tenant's security configuration using Maester!
Maester is an open source PowerShell-based test automation framework designed to help you monitor and maintain the security configuration of your Microsoft 365 environment.
PostgreSQL Auditing Extension.
The PostgreSQL Audit Extension (or pgaudit) provides detailed session and/or object audit logging via the standard logging facility provided by PostgreSQL. The goal of PostgreSQL Audit to provide the tools needed to produce audit logs required to pass certain government, financial, or ISO certification audits.
Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.
Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.
BTA is an open-source Active Directory security audit framework.
A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.
AdminDroid Microsoft 365 auditing tool come up with immense reports on all the Microsoft 365 audit activities in the audit log search. Providing in-depth details on user sign-in activities is a head start for admins to analyze the users' sign-in data. With this Azure AD auditing tool, admins can monitor user logins, user activities, group activities, application activities, etc. Jazz up your Microsoft 365 Azure auditing without playing hard with PowerShell cmdlet like 'Search-UnifiedAuditLog'.
the missing audit log library. auditor's purpose is to provide an easy and standardized way to collect and persists audit logs.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Security auditing tool for Linux, macOS, and Unix-based systems.
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
A lightweight web security auditing toolkit. Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.