An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Find secrets with Gitleaks 🔑

Infisical is the open-source platform for secrets, certificates, and privileged access management.

Find, verify, and analyze leaked credentials

Loads environment variables from .env for nodejs projects.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

🤖 The Modern Port Scanner 🤖

Daemon to ban hosts that cause multiple authentication errors

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

Scapy: the Python-based interactive packet manipulation program & library.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Adversary Emulation Framework

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.