security
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources.
Cloud Custodian enables you to manage your cloud resources by filtering, tagging, and then applying actions to them. The YAML DSL allows defininition of rules to enable well-managed cloud infrastructure that's both secure and cost optimized.
Cloud Custodian, also known as c7n, is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.
MLOps Attack Toolkit
MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen access token) for the respective MLOps platform. The attack modules supported include reconnaissance, data extraction and model extraction. MLOKit was built in a modular approach, so that new modules can be added in the future by the information security community.
Game Of Active Directory is a free pentest active directory LAB(s) project.
The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice 🙂
SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
Related contents:
Tools to support cloud guardrails implementation and compliance checks for Microsoft Azure.
Open Source Cloud Security Tool.
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more.
Related contents:
Search Evasion Techniques.
Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of techniques, malware are able to pass under the radar and stay undetected on a system. The goal of this free database is to centralize the information about malware evasion techniques.
This project aims to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times.
📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report .
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer needed during your Offensive Security OSCP, OSWE, OSEE, OSWP, OSEP, OSED, OSWA, OSDA, OSMR exam!
Protect your business and PBX's against VoIP Fraud. Minimize the risks of attacks on your Telephony Server. Save bandwidth by using Geolocation filtering.
VoIPBL is a distributed VoIP blacklist that is aimed to protects against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's.
Automated OWASP CRS and Bad Bot Detection for Caddy, Nginx, Apache, Traefik and HaProxy.
Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Caddy, Traefik, and HAProxy WAF configurations. Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.
Honeypot servers with an integrated threat feed.
Deceptifeed is a honeypot and threat feed server. It runs multiple deceptive network services (honeypots), while the threat feed lists IP addresses that have interacted with the honeypots. Additionally, Deceptifeed provides real-time visibility into honeypot activity, allowing you to monitor logs and interactions as they occur.
Docker Proxy Filter (DPF) is a smol, forward proxy for filtering the content and responses of Docker API responses to only those you want to expose.
Unlike the OG docker-socket-proxy and its variants, DPF provides filtering of the response content from the Docker API, rather than disabling/enabling of API endpoints. It does not connect directly to the Docker socket: it designed to be used with another Docker "Socket Proxy" container. Combined with a socket-proxy container that provides granular endpoint access it's possible to expose only information about specific containers in a read-only context.
Related contents:
A Model Context Protocol server that provides read-only access to PostgreSQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.
Related contents:
🔍 LFIer is a powerful and efficient tool for detecting Local File Inclusion (LFI) vulnerabilities in web applications.
🔍 LFIer is a tool engineered to detect Local File Inclusion (LFI) vulnerabilities in web applications. It scans URLs with parameters, injects various payloads, and checks for indicators in the responses to identify potential LFI vulnerabilities. Leveraging asynchronous programming, LFIer ensures efficient and accurate scanning, even in environments protected by WAFs or cloud-based defenses.
Related contents:
Scan for secrets in dangling commits on GitHub using GH Archive data.
This tool scans for secrets in dangling (dereferenced) commits on GitHub created by force push events. A force push occurs when developers overwrite commit history, which often contains mistakes, like hard-coded credentials. This project relies on archived force push event data in the GHArchive to identify the relevant commits.
Related contents:
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Related contents:
Automated dependency updates.
Get pull requests to update your dependencies and lock files.
SFLvault is a Networked credentials store and authentication manager developed and maintained by Savoir-faire Linux.
It has a client/vault (server) architecture allowing encrypted storage and organization of a multitude passwords for different machines and services.
The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status.
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer.
ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is currently in its first drafts and will undergo further refinements and additions in future updates for sure.
Octoscan is a static vulnerability scanner for GitHub action workflows.
cyber arms for your security program - GRC can be tough: let CISO Assistant help you.
Cyber security program management can be challenging regardless of the size of your company. CISO Assistant one-stop-shop approach provides a pragmatic way to handle the complexity of GRC (Governance, Risk and Compliance) and make the tools work for you instead of the other way around.
Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.
Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.
Management tool for the information security management system.
To manage the security of their information system, organizations must set up a set of security measures and regularly check that these measures are effective and effective. These regular checks make it possible to guarantee that the security measures implemented place achieve their security objectives.
Deming is a tool for managing, planning, tracking and reporting the effectiveness of security controls.
This management of controls must allow the implementation of adequate and proportionate security. This approach is in line with the recommendations of ISO / IEC 27001:2013, chapter 9 which deals with performance evaluation.
A Burp Extension for GraphQL Security Testing. A security testing tool to facilitate GraphQL technology security auditing efforts.
Timely. Accurate. Relevant Phishing Intelligence.
Related contents:
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
age is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability.
The pattern matching swiss knife for malware researchers.
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Securing containers, one scan at a time.
Harbor Guard is a comprehensive container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.
Strengthen the security posture of your source-code management! Detect and remediate misconfigurations, security and compliance issues across all your GitHub and GitLab assets with ease.
Seamless, technology-driven remote access from anywhere, at any time. Take control of your servers and devices from any location while boosting security through our centralized SSH gateway tailored for edge and cloud computing.
Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.
The MISP threat sharing platform is a free and open source software helping information sharing of threat and cybersecurity indicators.
NGINX configuration static analyzer.
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
Multi-services Honeypot Solution with AI support and dynamic HTTP template.
Trapster Community is a low-interaction honeypot designed to be deployed on internal networks or to capture credentials. It is built to monitor and detect suspicious activities, providing a deceptive layer to network security.
Trapster Community Edition is a powerful open-source honeypot solution designed to enhance your network security. By acting as a decoy system within your infrastructure, Trapster helps detect and track potential threats, providing valuable insights into attacker behavior and network security posture.
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy.
A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.
opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provider.
Related contents:
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi
A fast and customisable vulnerability scanner powered by simple YAML-based templates.
The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.
AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info.
Open Source Identity and Access Management. Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Related contents:
Artica V4 is an appliance based on Debian 10 Operating system. Your can install it on the Hardware or Virtual Machine of your choice and get a Web Gateway appliance within minutes.
A user-friendly solution to transfer files through a physical diode using the Lidi utility, complete with data retention, file history, user accounts and admin management. Provides a scriptable API and a web interface.
Check if an in-app browser is injecting JavaScript code Some iOS and Android apps make use of a custom in-app browser (full details). This causes potential security and privacy risks to the user.
Privacy redefined, The first messenger without user IDs.
private and secure messenger without any user IDs (not even random).
Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
Share your Immich photos and albums in a safe way without exposing your Immich instance to the public.
Related contents:
This project is aimed at providing technical guides on various hacking tools. Keep in mind that these guides are maintained by non-omniscient security enthusiasts in their spare time. You will probably find things missing or mistakes.
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app.
A distributed vulnerability database for Open Source. An open, precise, and distributed approach to producing and consuming vulnerability information for open source.
Related contents:
eBPF implementation that runs on top of Windows.
eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
GLPI vulnerabilities checking tool.
glpwnme is a tool used to check for vulnerabilities on running instance of glpi.
Related contents:
Security automation content in SCAP, Bash, Ansible, and other formats.
The purpose of this project is to create security policy content for various platforms — Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server (SLES),... — as well as products — Firefox, Chromium, ... We aim to make it as easy as possible to write new and maintain existing security content in all the commonly used formats.
Malware sample exchange.
MalwareBazaar is a platform from abuse.ch and Spamhaus, dedicated to sharing malware samples with the infosec community, antivirus vendors, and threat intelligence providers. Upload malware samples and explore the database for valuable intelligence. Set alerts to track newly observed malware, use APIs to seamlessly push or pull signals, and automate bulk queries.
Related contents:
Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm that compromised 500+ packages including CrowdStrike npm packages in 2025.
Related contents:
An HTTP toolkit for security research.
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
Related contents:
A Kubernetes controller and tool for one-way encrypted Secrets.
Problem: "I can manage all my K8s config in git, except Secrets." Solution: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.
FastNetMon is a very high performance DDoS detector built on top of multiple packet capture engines: NetFlow, IPFIX, sFLOW.