awesome-security

ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.

AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.

AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.

CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).

A daily updated summary of the most frequent types of security incidents currently being reported from different sources.

Cyware’s Threat Intelligence feeds brings to you the valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. Our threat intel feeds are fully compatible with STIX 1.x and 2.0, giving you the latest information on malicious malware hashes, IPs and domains uncovered across the globe in real-time.

Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.

Store AWS credentials in the OSX Keychain or an encrypted file

Safely store secrets in a VCS repo using GPG

Store secrets using AWS KMS and SSM Parameter Store

Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM

Store secrets using AWS KMS and DynamoDB

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020)

A modular vulnerability scanner with automatic report generation capabilities.

Scan code for security risks and vulnerabilities leading to sensitive data exposures.

BunkerWeb is a full-featured open-source web server with ModeSecurity WAF, HTTPS with transparent Let's Encrypt renewal, automatic ban of strange behaviors based on HTTP codes, bot and bad IPs block, connection limits, state-of-the-art security presets, Web UI and much more.

The ultimate web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.

AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.

Amass performs DNS subdomain enumeration by scraping the largest number of disparate data sources, recursive brute forcing, crawling of web archives, permuting and altering names, reverse DNS sweeping and other techniques.

Amun Python-based low-interaction Honeypot.

The most powerful UDP-based load generator, written in Rust.

Bifrozt is a NAT device with a DHCP server that is usually deployed with one NIC connected directly to the Internet and one NIC connected to the internal network. What differentiates Bifrozt from other standard NAT devices is its ability to work as a transparent SSHv2 proxy between an attacker and your honeypot. If you deployed an SSH server on Bifrozt’s internal network it would log all the interaction to a TTY file in plain text that could be viewed later and capture a copy of any files that were downloaded. You would not have to install any additional software, compile any kernel modules or use a specific version or type of operating system on the internal SSH server for this to work. It will limit outbound traffic to a set number of ports and will start to drop outbound packets on these ports when certain limits are exceeded.

Fuzzing engine and fuzz testing framework.

AMExtractor can dump out the physical content of your Android device even without kernel source code.

A tool to extract local data storage of an Android application in one click.

A tool for reverse engineering Android apk files.

ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.

Free-of-charge standalone tool based on ReSharper's bundled decompiler.

A collection of android security related resources.

A collection of awesome tools used to counter forensics activities.

A curated list of ARM exploitation resources.

awesome-* or *-awesome lists.

A curated list of Bluetooth security resources.

Ansible role for OS hardening

A non-intrusive CVE scanner for embedding in test and CI environments that can scan package lists and individual packages for existing CVEs via locally stored CVE database. Can also be used as an offline CVE scanner for e.g. OT/ICS.

Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis.

Apache Spot is open source software for leveraging insights from flow and packet analysis.

Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch.

Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data.

Hadoop library to read packet capture (PCAP) files.