tools/security

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS K…

Tool to search issues in Kubernetes clusters

Audit tool for Kubernetes

Kubernetes runtime scanner

Kubernetes runtime scanner

Validate and remediate Kubernetes resources to ensure configuration best practices are followed

Tool for testing if Kubernetes is deployed securely

Security risk analysis tool for Kubernetes resources

Kubernetes exploitation tool

Command-Line Interface to the KDE Wallet

Stores, retrieves, generates, and synchronizes passwords securely

Tool to monitor creation, deletion and changes to LDAP objects

Tool to anonymously bruteforce usernames from Domain controllers

In-depth LDAP enumeration utility

Stateless password manager

Tool to wipe drives in a secure way

ACR38U smartcard reader driver for pcsclite

Drop-in replacement for the libc allocator which improves the odds of bumping into heap-related se…

ModSecurity v3 library component

Libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)

Offline auditing of Active Directory passwords

Tool designed to assist in detecting security deficiencies for given Linux kernel/Linux-based mach…

Scanning and validation toolkit for the Log4J vulnerability

Tool to detect the log4j vulnerability

Scanner for finding hosts which are vulnerable for log4j

Tool that scans archives to check for vulnerable log4j versions

Local log4j vulnerability scanner

Tool to check for vulnerable Log4j (CVE-2021-44228) systems

Detector for Log4Shell exploitation attempts

GNU/Linux keylogger that works

Tools for fuzzing Log4j2 jndi injection

Security auditing tool for Linux, macOS, and UNIX-based systems

Tool to collect details about an username

Tool used to hunt down API key leaks in JS files and pages

Fast scan of the Internet

Speedy, parallel, and modular, login brute-forcer

Backup and restore Ed25519 SSH keys with seed words

Tool to perform OSINT tasks

Metasploit Framework - a collection of exploits

MiFare Classic Universal toolKit

Mifare Classic Offline Cracker

Simple tool for generating self signed certificates

Simple Minio tool to generate self-signed certificates, and provides SAN certificates with DNS and…

Simple tool for signing files and verifying signatures

Minisign reimplemented in Zig

DHCPv6 network spoofing application

Tool to automagically reverse-engineer REST APIs

Vanity address generator for tor onion v3 (ed25519) hidden services

Overfeatured front-end to crypt, from the Debian whois package

Digital Random Bit Generator

Simple tool to make temporary file handling in shells scripts safe and simple

Open source, cross-platform web application firewall (WAF)

The OWASP ModSecurity Core Rule Set is a set of generic attack detection rules for use with ModSec…

Utility to manipulate machines owner keys

MongoDB auditing and pentesting tool

Leverage the OpenPGP web of trust for SSH and TLS authentication

Fast HTTP enumerator

Stateless password management solution

MSFvenom Payload Creator

LDAP enumeration tool

An authentication service for creating and validating credentials

Tool to work with DNS MX records

Fast SYN/CONNECT port scanner

Recover the passphrase of your PGP or GPG-key

NetBIOS scanner written in Rust

Tools for offensive security of NetBackup infrastructures

Network authentication tool

Network service exploitation tool (maintained fork of CrackMapExec)

Open Source Network Forensic Analysis Tool (NFAT)

Provides extra functionality for the Nitrokey Pro and Storage

This application allows to manage Nitrokey 3 devices

Tool that allows you to convert nmap output

Find secrets and sensitive information in textual data

NoSql Injection tool for finding vulnerable websites using MongoDB

Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filter…

Information enumerator for NTLM authentication enabled web endpoints

Tool for configurable targeted scanning

Components for building one-time password authentication systems

Components for building one-time password authentication systems

User-friendly OAuth2 CLI

Advanced Github OSINT framework

Collection of offensive tools targeting Microsoft Azure

Fast SNMP Scanner

GTK application to display Tor circuits and streams

Middleware that lets you use OnlyKey as a hardware SSH/GPG device

OnlyKey client and command-line tool

Client side implementation of the eCard-API-Framework (BSI TR-03112) and related international sta…

PKCS#11 implementation for Linux

Tool that generates an AI-based risk score

Set of libraries and utilities to access smart cards

Force programs to exclusively use tor network

OSP server implementation to allow GVM to remotely control an OpenVAS Scanner

Open source host-based instrusion detection system

Open source host-based instrusion detection system

Auditing tool for detecting vulnerabilities

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Google Authenticator migration decoder

Share end-to-end encrypted secrets with others via a one-time URL

Passive network reconnaissance and fingerprinting tool