Shannon Lite is a fully autonomous AI pentester for web apps and APIs. 96.15% (100/104 exploits) on a hint-free, source-aware variant of the XBOW benchmark.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

A static analysis security vulnerability scanner for Ruby on Rails applications

Open Source Vulnerability Management Platform

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

Web Application Security Scanner Framework

Advanced vulnerability scanning with Nmap NSE

Cloud Security Posture Management (CSPM)

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Automated NoSQL database enumeration and web application exploitation tool.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Source Code Security Audit (源代码安全审计)

Find leaked secrets via github search

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

Pentest Report Generator

Patch-level verification for Bundler

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Semi-automatic OSINT framework and package manager

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

🐀 Small chrome extension to monitor (and optionally block) other extensions' network calls