Lynis是基于UNIX的系统的安全审计,主要目标是测试安全防御并提供进一步系统强化的提示
OWASP Zed Attack Proxy(ZAP)是世界上最受欢迎的免费安全工具之一。ZAP可以帮助我们在开发和测试应用程序过程中,自动发现 Web应用程序中的安全漏洞。另外,它也是一款提供给具备丰富经验的渗透测试人员进行人工安全测试的优秀工具。
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
翻译 - 适用于Linux,FreeBSD,容器映像,运行容器,WordPress,编程语言库,网络设备的无代理漏洞扫描程序
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
翻译 - WPScan是一款免费的,非商业用途的黑盒子WordPress安全扫描程序,专门为安全专业人员和博客维护者编写,用于测试其WordPress网站的安全性。
Bandit is a tool designed to find common security issues in Python code.
翻译 - Bandit是一种旨在查找Python代码中常见安全问题的工具。
#Awesome#🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
翻译 - interesting一系列有趣,有趣且令人沮丧的搜索查询,可插入https://shodan.io/ 👩💻
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ide...
翻译 - 一个源代码分析器,用于通过使用基于json的规则引擎的静态分析来显示感兴趣的特征和其他特征,以回答问题“其中是什么”。非常适合在使用前扫描组件或检测功能级别变化。
Official Black Hat Arsenal Security Tools Repository
💡 A hinting engine for the web
翻译 - for网络提示引擎
Advanced vulnerability scanning with Nmap NSE
A high performance offensive security tool for reconnaissance and vulnerability scanning
Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kuber...
nodejsscan is a static security code scanner for Node.js applications.
翻译 - nodejsscan是用于Node.js应用程序的静态安全代码扫描程序。
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Semi-automatic OSINT framework and package manager
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.