GitHub Security Repositories
Discover the best open source security tools, frameworks, and learning resources on GitHub
Filter by Category
Showing 46 repositories
Featured Repositories
OWASP ModSecurity Core Rule Set
OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls
ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the world's most popular free security tools and is actively maintained by a dedicated international team of volunteers
Nuclei
Fast and customizable vulnerability scanner based on simple YAML-based DSL
OWASP Amass
In-depth attack surface mapping and asset discovery
More Repositories
SQLMap
Automatic SQL injection and database takeover tool
Wireshark
The world's most popular network protocol analyzer
Suricata
Suricata is a network IDS, IPS and NSM engine developed by the OISF and the Suricata community
Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks
Zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know
Snort
Snort 3 is the next generation Snort IPS (Intrusion Prevention System)
CAPE
CAPE: Config And Payload Extraction - Malware analysis automation
YARA
The pattern matching swiss knife
Cuckoo Sandbox
Cuckoo Sandbox is an automated dynamic malware analysis system
Ghidra
Ghidra is a software reverse engineering (SRE) framework created and maintained by the NSA
Radare2
UNIX-like reverse engineering framework and command-line toolset
Metasploit Framework
Metasploit Framework is the most widely used penetration testing software worldwide
Aircrack-ng
WiFi security auditing tools suite
Nmap
Nmap - the Network Mapper. Github mirror of official SVN repository
Hydra
Hydra is a parallelized login cracker which supports numerous protocols to attack
John the Ripper
John the Ripper password cracker
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads
Sigma
Generic Signature Format for SIEM Systems
TheHive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Velociraptor
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries
Security Onion
Security Onion is a free and open platform for threat hunting, security monitoring, and log management
Prowler
Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, compliance and more
ScoutSuite
Multi-Cloud Security Auditing Tool
CloudSploit
Cloud Security Posture Management (CSPM)
TerraGoat
TerraGoat is Bridgecrew's 'Vulnerable by Design' Terraform repository
Falco
Cloud Native Runtime Security
OpenSSL
TLS/SSL and crypto library
Cryptography.io
A package designed to expose cryptographic primitives and recipes to Python developers
HashiCorp Vault
A tool for secrets management, encryption as a service, and privileged access management
Osquery
SQL powered operating system instrumentation, monitoring, and analytics
Grafana
The open and composable observability and data visualization platform
Elasticsearch
Free and Open, Distributed, RESTful Search Engine
Prometheus
The Prometheus monitoring system and time series database
ELK Stack
Your window into the Elastic Stack
Maltego
Maltego Transform Extensions Framework - Python library used to develop Maltego transforms
SpiderFoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface
Shodan
The official Python library for Shodan
Awesome Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
Security 101
How to systematically secure anything: a repository about security engineering
OWASP Top 10
Official OWASP Top 10 Document Repository
Awesome Pentest
A collection of awesome penetration testing resources, tools and other shiny things
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF