OSS Security Applications

About this list

We know we can never be complete with an overview of OSS security and privacy applications. The overview in this chapter is created end of 2019-Q1 and is just a guidance to give you:

  • Insights on what type of products are available in the OSS domain.

  • A collection of OSS solution building blocks for your security architecture or design you can consider to evaluate for your specific use case.

  • Some ideas of solutions you are perhaps not familiar with.

An up-to-date list is always online.

There are now a million different open source software projects published somewhere on the internet. Our holy grail is to keep track of the top 50 security and privacy open source projects for every security and privacy service needed within a business architecture. This way when you need a secure logging service you can evaluate the top 50 projects first before searching further or creating (aka forking) your own. In this first release of this OSS Security and Privacy reference architecture we yet are far away from this goal.

Criteria used for products mentioned in this chapter are:

  • The products must have a valid OSS license;

  • The project must be active and must meet a certain quality level;

  • The product must be in use somewhere (*)

(*) Unfortunately we can and never will expose information where products are in use, however many mature products have solid references on their website, along with active user groups.

AIDE

AIDE is a tool for monitoring file system changes.

It can be used to detect unauthorized monitored files and directories. AIDE was written to be a simple and free alternative to Tripwire.

Features:

  • File attributes monitored: permissions, inode, user, group file size, mtime, atime, ctime, links and growing size.

  • Checksums and hashes supported: SHA1, MD5, RMD160, and TIGER. CRC32, HAVAL and GOST if Mhash support is compiled in.

  • Plain text configuration files and database for simplicity.

  • Rules, variables and macros that can be customized to local site or system policies.

  • Powerful regular expression support to selectively include or exclude files and directories to be monitored.

  • gzip database compression if zlib support is compiled in.

  • Stand alone static binary for easy client/server monitoring configurations.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://aide.github.io/

Source Location

https://github.com/aide/aide

Tag(s)

IDS, Security

AIL framework

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information (e.g. data leak prevention).

Many features are provided within this framework. E.g.:

  • Modular architecture to handle streams of unstructured or structured information.

  • Default support for external ZMQ feeds, such as provided by CIRCL or other providers.

  • Multiple feed support: Each module can process and reprocess the information already processed by AIL.

  • Detecting and extracting URLs including their geographical location (e.g. IP address location).

  • Extracting and validating potential leak of credit cards numbers, credentials, …

  • Extracting and validating email addresses leaked including DNS MX validation.

  • Module for extracting Tor .onion addresses (to be further processed for analysis).

  • Keep tracks of duplicates (and diffing between each duplicate found) Extracting and validating potential hostnames (e.g. to feed Passive DNS systems).

  • A full-text indexer module to index unstructured information Statistics on modules and web.


SBB License

GNU Affero General Public License Version 3

Core Technology

Python

Project URL

https://github.com/CIRCL/AIL-framework

Source Location

https://github.com/CIRCL/AIL-framework

Tag(s)

Python, Security

American fuzzy lop

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code.

These tool can be very productive in determining security flaws: The famous SSL Heartbleed bug was found in record time using this software. See https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

http://lcamtuf.coredump.cx/afl/

Source Location

http://lcamtuf.coredump.cx/afl/releases/

Tag(s)

Security, Test Tool

Bandit

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later transferred to PyCQA.


SBB License

Apache License 2.0

Core Technology

Python

Project URL

https://github.com/PyCQA/bandit

Source Location

https://github.com/PyCQA/bandit

Tag(s)

Security, Vulnerability scanning

Bosun

Bosun is an open-source, MIT licensed, monitoring and alerting system by Stack Exchange. It has an expressive domain specific language for evaluating alerts and creating detailed notifications. It also lets you test your alerts against history for a faster development experience.

Collecting metrics about our systems is fun but what makes a monitoring system useful is alerting when anomalies arise. This is the real strength of Bosun.

Bosun encourages a particular workflow that makes it easy to design, test, and deploy an alert. If you look at the top of the Bosun display, the tabs include Items, Graph, Expression, Rule, and Test config in left-to-right order; that reflects the phases you go through as you create an alert. In general, first you’ll select an item (metric) that is the basis of the alert.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

GO

Project URL

http://bosun.org/

Source Location

https://github.com/bosun-monitor/bosun

Tag(s)

Security, SIEM

Cameradar

Cameradar hacks its way into RTSP videosurveillance cameras.

Cameradar allows you to

  • Detect open RTSP hosts on any accessible target host

  • Detect which device model is streaming

  • Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)

  • Launch automated dictionary attacks to get the username and password of the cameras

  • Retrieve a complete and user-friendly report of the results


SBB License

GNU General Public License (GPL) 2.0

Core Technology

GOlang

Project URL

https://github.com/Ullaakut/cameradar

Source Location

https://github.com/Ullaakut/cameradar

Tag(s)

Security, Test Tool, Vulnerability scanning

CAPE v2

CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence.


SBB License

MIT License

Core Technology

Python

Project URL

https://cape.contextis.com/analysis/

Source Location

https://github.com/kevoreilly/CAPEv2

Tag(s)

Malware analysis, Security

CLIP OS

The CLIP OS project is an open source project maintained by the ANSSI (National Cybersecurity Agency of France) that aims to build a secure, multi-level operating system, based on the Linux kernel and a lot of free and open source software.

Documentation can be found on: https://docs.clip-os.org/index.html


SBB License

GNU Lesser General Public License (LGPL) 3.0

Core Technology

C

Project URL

https://clip-os.org/en/

Source Location

https://github.com/CLIPOS/

Tag(s)

Operating System, Security

ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software.

It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz.

ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project’s development process:

  • Highly scalable. Google’s internal instance runs on over 25,000 machines.

  • Accurate deduplication of crashes.

  • Fully automatic bug filing and closing for issue trackers (Monorail only for now).

  • Testcase minimization.

  • Regression finding through bisection.

  • Statistics for analyzing fuzzer performance, and crash rates.

  • Easy to use web interface for management and viewing crashes.

  • Support for coverage guided fuzzing (e.g. libFuzzer and AFL) and blackbox fuzzing.

ClusterFuzz is written in Python and Go


SBB License

Apache License 2.0

Core Technology

Python, GO

Project URL

https://github.com/google/clusterfuzz

Source Location

https://github.com/google/clusterfuzz

Tag(s)

Python, Security

Cowrie

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system.


SBB License

MIT License

Core Technology

Python

Project URL

https://www.cowrie.org/

Source Location

https://github.com/cowrie/cowrie

Tag(s)

Audit, Honeypot, Python, Security

Data Seal

Data Seal is a lightweight, UELMA-compliant data authentication service.

Data Seal is a project of U.S. Open Data to provide a system where open data released by governments can be authenticated by end users—whether or not the data was most recently downloaded from the official source.

Government data releases need to abide by local laws (for example, the District of Columbia Official Code) and should also abide by the Uniform Electronic Legal Material Act (UELMA). Part of the UELMA provisions state that “legal material be…authenticated, by providing a method to determine that it is unaltered”.

Data Seal provides agencies with a web-based interface to provide this functionality.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Django/Python

Project URL

https://github.com/unitedstates/data-seal/wiki

Source Location

https://github.com/unitedstates/data-seal

Tag(s)

data authentication, Security

Datastream

An open-source framework for real-time anomaly detection using Python, ElasticSearch and Kiban. Also uses scikit-learn.


SBB License

Apache License 2.0

Core Technology

Python

Project URL

https://github.com/MentatInnovations/datastream.io

Source Location

https://github.com/MentatInnovations/datastream.io

Tag(s)

ML, Monitoring, Security

Deeptracy

Deeptracy scans your project dependencies to spot vulnerabilities. Is a meta tool to analyze the security issues in third party libraries used in your project.


SBB License

Apache License 2.0

Core Technology

Python

Project URL

https://deeptracy.readthedocs.io/en/latest/

Source Location

https://github.com/BBVA/deeptracy

Tag(s)

Python, Security

Diffoscope

Diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human readable form to compare them. It can compare two tarballs, ISO images, or PDF just as easily.
It can be scripted through error codes, and a report can be produced with the detected differences. The report can be text or HTML. When no type of report has been selected, diffoscope defaults to write a text report on the standard output.
Diffoscope was initially started by the “reproducible builds” Debian project and now being developed as part of the (wider) “Reproducible Builds” initiative. It is meant
to be able to quickly understand why two builds of the same package produce different outputs. diffoscope was previously named debbindiff.

SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python, CPP

Project URL

https://diffoscope.org/

Source Location

https://salsa.debian.org/reproduc ible-builds/diffoscope

Tag(s)

Security

Duplicity

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

http://duplicity.nongnu.org/

Source Location

https://code.launchpad.net/duplicity

Tag(s)

backup, Security

Evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.

This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

GO

Project URL

https://github.com/kgretzky/evilginx2

Source Location

https://github.com/kgretzky/evilginx2

Tag(s)

Security, Vulnerability scanning

Fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://www.fail2ban.org/wiki/index.php/Main_Page

Source Location

https://github.com/fail2ban

Tag(s)

Network, network diagnostic, Python, Security

FIDO (Fully Integrated Defense Operation)

FIDO (Fully Integrated Defense Operation – apologies to the FIDO Alliance for acronym collision) is developed by NetFlix and is now OSS. This system is for automatically analyzing security events and responding to security incidents.

The premise of FIDO is simple… each year companies are receiving an ever increasing amount of security related alerts. Instead of hiring more analyst to comb through the endless stream of alerts we automate the analysis to combat the barrage of information. Simply put, we integrate and then automate the manual human processes by codifying the logic and process used by threat analysts to provide consistent and reliable results.

The typical process for investigating security-related alerts is labor intensive and largely manual. To make the situation more difficult, as attacks increase in number and diversity, there is an increasing array of detection systems deployed and generating even more alerts for security teams to investigate.

FIDO is a NetFlix OSS project, see: http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html


SBB License

Apache License 2.0

Core Technology

C#

Project URL

https://github.com/Netflix/Fido/wiki

Source Location

https://github.com/Netflix/Fido

Tag(s)

Security, SIEM

FourOneOne

411 is An Alert Management Web Application. If offers:

  • A Search scheduler.Configure Searches to periodically run against a variety of data sources. You can define a custom pipeline of Filters to manipulate any generated Alerts and forward them to multiple Targets.

  • An alert management interface.Review and manage Alerts through the web interface. You can apply renderers to alerts to enrich them with additional metadata.

Typical Use cases for 411:

  • You want to detect when certain log lines show up in ES.

  • You want to detect when a Graphite metric changes.

  • You want to detect when a server stops responding

  • You want to manage alerts through a simple workflow. And much more!

A working demo is available at https://demo.fouroneone.io/


SBB License

MIT License

Core Technology

PHP

Project URL

Source Location

https://github.com/etsy/411

Tag(s)

Alerting, Loganalyze, Security

Ghidra

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.


SBB License

Apache License 2.0

Core Technology

Java

Project URL

https://ghidra-sre.org/

Source Location

https://github.com/NationalSecurityAgency/ghidra

Tag(s)

Security, Test Tool

GNUnet

GNUnet is a mesh routing layer for end-to-end encrypted networking and a framework for distributed applications designed to replace the old insecure Internet protocol stack.

In other words, GNUnet provides a strong foundation of free software for a global, distributed network that provides security and privacy. Along with an application for secure publication of files, it has grown to include all kinds of basic applications for the foundation of a GNU internet.

GNUnet is an official GNU package.

The foremost goal of the GNUnet project is to become a widely used, reliable, open, non-discriminating, egalitarian, unfettered and censorship-resistant system of free information exchange. We value free speech above state secrets, law-enforcement or intellectual property. GNUnet is supposed to be an anarchistic network, where the only limitation for peers is that they must contribute enough back to the network such that their resource consumption does not have a significant impact on other users. GNUnet should be more than just another file-sharing network. The plan is to offer many other services and in particular to serve as a development platform for the next generation of decentralized Internet protocols.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://gnunet.org/

Source Location

https://gnunet.org/svn/

Tag(s)

Privacy, Security

Gophish

Gophish is a powerful, open-source phishing framework that makes it easy to test your organization’s exposure to phishing.


SBB License

MIT License

Core Technology

GO

Project URL

https://getgophish.com/

Source Location

https://github.com/gophish/gophish

Tag(s)

Security

GRR

GRR Rapid Response is an incident response framework focused on remote live forensics.


SBB License

Apache License 2.0

Core Technology

Python

Project URL

https://grr-doc.readthedocs.io/en/latest/

Source Location

https://github.com/google/grr

Tag(s)

Incident response, Security

Gryffin

Gryffin is a large scale web security scanning platform. Created by Yahoo, and since September 2015 available as open source.

It is not yet another scanner. It was written to solve two specific problems with existing scanners: coverage and scale. Better coverage translates to fewer false negatives. Inherent scalability translates to capability of scanning, and supporting a large elastic application infrastructure. Simply put, the ability to scan 1000 applications today to 100,000 applications tomorrow by straightforward horizontal scaling.


SBB License

MIT License

Core Technology

Go

Project URL

https://github.com/yahoo/gryffin

Source Location

https://github.com/yahoo/gryffin

Tag(s)

IDS, Security, Vulnerability scanning

Hammertime

Hammertime: a software suite for testing, profiling and simulating the rowhammer DRAM defect.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python / C

Project URL

https://github.com/vusec/hammertime

Source Location

https://github.com/vusec/hammertime

Tag(s)

Security, Test Tool

Hashcat

Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.


SBB License

MIT License

Core Technology

C

Project URL

https://hashcat.net/hashcat/

Source Location

https://github.com/hashcat/hashcat

Tag(s)

Password, Security

htrace.sh

htrace.sh is a shell script for http/https troubleshooting and profiling. It’s also a simple wrapper around several open source security tools.

For a more detailed understanding of htrace.sh, its parameters, functions and how it all works, see the Wiki.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Shellscript

Project URL

https://github.com/trimstray/htrace.sh

Source Location

https://github.com/trimstray/htrace.sh

Tag(s)

Security, Test Tool

Httpswatch

Test tool and site to verify if HTTPS is used as should be for website.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://httpswatch.com

Source Location

https://github.com/benjaminp/httpswatch

Tag(s)

Security, Test Tool

Infection Monkey

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

The Infection Monkey is comprised of two parts:

  • Monkey – A tool which infects other machines and propagates to them

  • Monkey Island – A dedicated server to control and visualize the Infection Monkey’s progress inside the data center

To read more about the Monkey, visit http://infectionmonkey.com


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://www.guardicore.com/infectionmonkey/

Source Location

https://github.com/guardicore/monkey

Tag(s)

Security, Test Tool

Infer

Infer is a static analysis tool for Java, C++, Objective-C, and C. Infer is written in OCaml.

Infer.AI is a collection of program analyses which range from simple checks to sophisticated inter-procedural analysis.
Infer.AI is so named because it is based on Abstract Interpretation.

Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s.

Used by many large companies and FOSS projects already. Created by Facebook.


SBB License

MIT License

Core Technology

OCaml

Project URL

https://fbinfer.com/

Source Location

https://github.com/facebook/infer

Tag(s)

Security, Test Tool

Is-website-vulnerable

Strange name for a software packages, but anyway: Nice functionality!

This node package finds publicly known security vulnerabilities in a website’s frontend JavaScript libraries.


SBB License

Apache License 2.0

Core Technology

NodeJS

Project URL

https://github.com/lirantal/is-website-vulnerable

Source Location

https://github.com/lirantal/is-website-vulnerable

Tag(s)

Pentest, Security

Kali

Kali is the most complete ‘Penetration Testing Linux Distribution’ around. Everything you need for penetration testing is collected, tested and made available on this linux distribution. Of course all tools are OSS.

The complete list of tools can be found here:http://tools.kali.org/tools-listing


SBB License

GNU General Public License (GPL) 2.0

Core Technology

N.A. (OSS Tool collection)

Project URL

https://www.kali.org/

Source Location

http://git.kali.org/gitweb/

Tag(s)

Security, Sniffer, Vulnerability scanning

Keycloak

Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.

Users authenticate with Keycloak rather than individual applications. This means that your applications don’t have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users don’t have to login again to access a different application.


SBB License

Apache License 2.0

Core Technology

Java

Project URL

https://www.keycloak.org/

Source Location

https://github.com/keycloak/keycloak

Tag(s)

Security

King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Feature Overview:

  • Run multiple phishing campaigns simultaneously

  • Send email with embedded images for a more legitimate appearance

  • Optional Two-Factor authentication

  • Credential harvesting from landing pages

  • SMS alerts regarding campaign status

  • Web page cloning capabilities

  • Integrated Sender Policy Framework (SPF) checks

  • Geo location of phishing visitors

  • Send email with calendar invitations


SBB License

BSD License 2.0 (3-clause, New or Revised) License

Core Technology

Python

Project URL

https://github.com/securestate/king-phisher

Source Location

https://github.com/securestate/king-phisher

Tag(s)

Pentest, Security, Test Tool

Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non beaconing networks via data traffic. The great feature of Kismet is that this tool works working passively, so detection by IDS is prevented when scanning WLAN’s.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C++

Project URL

http://www.kismetwireless.net/

Source Location

https://www.kismetwireless.net/code/

Tag(s)

IDS, Security, Sniffer

Lascar

Ledger’s Advanced Side Channel Analysis Repository

A fast, versatile, and open source python3 library designed to facilitate Side-Channel Analysis. Lascar provides primitives for all the required steps in Side Channel Analysis. It allows the implementaton of end-to-end Side Channel Attacks.

lascar is intended to be used by seasoned side-channel attackers as well as laymen who would like to get a feel of side-channel analysis.

From side-channel acquisitions to results management, passing by signal synchronisation, custom attacks, lascar provides classes/functions to solve most of the obstacles an attacker would face, when needed to perform sound, state-of-the-art side-channel analysis.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://github.com/Ledger-Donjon/lascar

Source Location

https://github.com/Ledger-Donjon/lascar

Tag(s)

Security

Libreswan

Libreswan is an IPsec implementation for Linux. Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on (“IPsec”) and the Internet Key Exchange (“IKE”).


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Project URL

https://libreswan.org/

Source Location

https://github.com/libreswan/libreswan

Tag(s)

communication, Cryptography, Security

Lightbulb

LightBulb is an open source python framework for auditing web applications firewalls.

Project created and started in 2016.


SBB License

MIT License

Core Technology

Python

Project URL

Source Location

https://github.com/lightbulb-fram ework/lightbulb-framework

Tag(s)

Audit, Security, Waf

Lynis

Lynis is a suite of tools (shell scripts) for security auditing, compliance and hardening for Linux, Mac OS, and Unix based systems. Of course many (better) audit tools are available, but this one is simple and straightforward. So easy to extend and to improve. Especially if you like shell-scripting.

Michael Boelen from the Netherlands (owner of  company cisofy.com ) created this software.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

unix-shell scripts

Project URL

https://cisofy.com

Source Location

https://github.com/CISOfy/lynis/

Tag(s)

Audit, Security

Magic Wormhole

Get things from one computer to another, safely.

This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical “wormhole codes”: in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.


SBB License

MIT License

Core Technology

Python

Project URL

https://magic-wormhole.readthedocs.io/en/latest/

Source Location

https://github.com/warner/magic-wormhole

Tag(s)

Security

Malspider

Malspider is a web spidering framework that detects characteristics of web compromises.

Based on Scrapy framework.

Malspider is a web spidering framework that inspects websites for characteristics of compromise. Malspider has three purposes:

  • Website Integrity Monitoring: monitor your organization’s website (or your personal website) for potentially malicious changes.

  • Generate Threat Intelligence: keep an eye on previously compromised sites, currently compromised sites, or sites that may be targeted by various threat actors.

  • Validate Web Compromises: Is this website still compromised?

Malspider has built-in detection for characteristics of compromise like hidden iframes, reconnaisance frameworks, vbscript injection, email address disclosure, etc.


SBB License

BSD License 2.0 (3-clause, New or Revised) License

Core Technology

Python

Project URL

https://github.com/ciscocsirt/malspider

Source Location

https://github.com/ciscocsirt/malspider

Tag(s)

Security, Vulnerability scanning

Maltrail

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).


SBB License

MIT License

Core Technology

Python

Project URL

https://github.com/stamparm/maltrail

Source Location

https://github.com/stamparm/maltrail

Tag(s)

IDS, Security

Mantra

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

javascript

Project URL

http://www.getmantra.com

Source Location

https://code.google.com/p/getmantra/

Tag(s)

Security, Test Tool

MinTOTP

MinTOTP is a minimal TOTP generator written in Python.

TOTP stands for Time-Based One-Time Password. Many websites and services require two-factor authentication (2FA) or multi-factor authentication (MFA) where the user is required to present two or more pieces of evidence:

  • Something only the user knows, e.g., password, passphrase, etc.

  • Something only the user has, e.g., hardware token, mobile phone, etc.

  • Something only the user is, e.g., biometrics.

MinTOTP is a Python tool that can be used to generate TOTP values from a secret key. Additionally, it exposes its functionality as module-level functions for Python developers. It can be used on any system with Python 3.4 or later installed on it.


SBB License

MIT License

Core Technology

Python

Project URL

https://github.com/susam/mintotp

Source Location

https://github.com/susam/mintotp

Tag(s)

Python, Security

MISP

MISP – Malware Information Sharing Platform and Threat Sharing.

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS but also log analysis tools, SIEMs.

MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:

  • An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.

  • Automatic correlation finding relationships between attributes and indicators from malware, attack campaigns or analysis. The correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can also be enabled or event disabled per attribute.

  • A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.

  • Built-in sharing functionality to ease data sharing using different model of distributions. MISP can automatically synchronize events and attributes among different MISP instances. Advanced filtering functionalities can be used to meet each organization’s sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.

  • An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations. An event graph functionality to create and view relationships between objects and attributes. Advanced filtering functionalities and warning lists to help the analysts to contribute events and attributes and limit the risk of false-positives.

  • storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.

  • export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), Cache format (used for forensic tools), STIX (XML and JSON) 1 and 2, NIDS export (Suricata, Snort and Bro/Zeek) or RPZ zone. Many other formats can be easily added via the misp-modules.

  • import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, MISP standard format or STIX 1.1/2.0. Many other formats easily added via the misp-modules.

  • Flexible free text import tool to ease the integration of unstructured reports into MISP.

  • A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.

  • data-sharing: automatically exchange and synchronize with other parties and trust-groups using MISP.

  • delegating of sharing: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.

  • Flexible API to integrate MISP with your own solutions. MISP is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes. An exhaustive restSearch API to easily search for indicators in MISP and exports those in all the format supported by MISP.

  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your MISP but also shareable among MISP instances.

  • Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events and attributes in MISP.

  • Expansion modules in Python to expand MISP with your own services or activate already available misp-modules.

  • Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via MISP user-interface, API as MISP document or STIX sighting documents.

  • STIX support: import and export data in the STIX version 1 and version 2 format.

  • Integrated encryption and signing of the notifications via GnuPG and/or S/MIME depending on the user’s preferences.

  • Real-time publish-subscribe channel within MISP to automatically get all changes (e.g. new events, indicators, sightings or tagging) in ZMQ (e.g. misp-dashboard) or Kafka publishing.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

PHP, Python

Project URL

https://www.misp-project.org/

Source Location

https://github.com/MISP/MISP

Tag(s)

Security, Threat Intelligence

MITMEngine

The goal of this project is to allow for accurate detection of HTTPS interception and robust TLS fingerprinting. This project is based off of The Security Impact of HTTPS Interception, and started as a port to Go of their processing scripts and fingerprints.

In a basic HTTPS connection, a browser (client) establishes a TLS connection directly to an origin server to send requests and download content. However, many connections on the Internet are not directly from a browser to the server serving the website, but instead traverse through some type of proxy or middlebox (a “monster-in-the-middle” or MITM). There are many reasons for this behavior, both malicious and benign.


SBB License

BSD License 2.0 (3-clause, New or Revised) License

Core Technology

GO

Project URL

https://blog.cloudflare.com/monst ers-in-the-middleboxes/

Source Location

https://github.com/cloudflare/mit mengine

Tag(s)

Security, Test Tool

Mitmproxy

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers. Console program that allows traffic flows to be intercepted, inspected, modified and replayed.

Part of mitmproxy is mitmdump is the command-line companion to mitmproxy. It provides tcpdump-like functionality to let you view, record, and programmatically transform HTTP traffic. See the --help flag output for complete documentation.


SBB License

MIT License

Core Technology

Python

Project URL

https://mitmproxy.org

Source Location

https://github.com/mitmproxy/mitmproxy

Tag(s)

HTTP Proxy, Privacy, Security, Sniffer

Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

Date of git statics quick-scan report: 2019/12/28

Date of git statics quick-scan report: 2019/12/28
Number of files in the git repository: 349
Total Lines of Code (of all files): 596917 total
Most recent commit in this repository: Sat Dec 28 11:51:33 2019 +0530
First commit info:
– commit 928fcab9293bedc315c1fae26d529a24d51be58f
– Author: Ajin Abraham
– Date: Sat Jan 31 10:06:01 2015 +0530

Number of authors:41


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://opensecurity.in/

Source Location

https://github.com/MobSF/Mobile-S ecurity-Framework-MobSF

Tag(s)

Python, Security

ModSecurity

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analyse.


SBB License

Apache License 2.0

Core Technology

C

Project URL

http://www.modsecurity.org/

Source Location

https://github.com/SpiderLabs/ModSecurity

Tag(s)

Security, Waf

MONARC

MONARC – Method for an Optimised aNAlysis of Risks by CASES

The advantage of MONARC lies in the capitalisation of risk analysis already performed in similar business contexts: the same vulnerabilities regularly appear in many businesses, as they face the same threats and generate similar risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi antennas, etc. therefore the vulnerabilities and threats are the same. It is therefore sufficient to generalise risk scenarios for these assets (also called objects) by context and/or business.


SBB License

GNU Affero General Public License Version 3

Core Technology

Javascript

Project URL

https://www.monarc.lu/

Source Location

https://github.com/monarc-project/MonarcAppFO

Tag(s)

risk-assessment, Security

MOSP

A platform to create, edit and share JSON Security objects.

The goal of this platform is to gather security related JSON schemas and objects. You can use any available schemas in order to create shareable JSON objects. It also possible to keep an object private even if our goal is to promote the sharing of information. JSON schemas are always public.

All content is licensed under CC-BY-SA.

Integration with third-party applications is possible thanks to an API:


SBB License

GNU Affero General Public License Version 3

Core Technology

JSON

Project URL

http://objects.monarc.lu/

Source Location

https://github.com/CASES-LU/MOSP

Tag(s)

JSON, Security

Mozilla HTTP Observatory (MozDef)

The Mozilla HTTP Observatory is a set of tools to analyze your website and inform you if you are utilizing the many available methods to secure it.

The Mozilla Defense Platform (MozDef) as a set of micro-services you can use as an open source Security Information and Event Management (SIEM) overlay on top of Elasticsearch.

MozDef has been in production at Mozilla since 2014 where it is used to process over 300 million events per day.

It has great documentation, check https://mozdef.readthedocs.io/en/latest/index.html


SBB License

Mozilla Public License (MPL) 1.1

Core Technology

Python

Project URL

https://observatory.mozilla.org/

Source Location

https://github.com/mozilla/http-observatory

Tag(s)

Python, Security, SIEM, Vulnerability scanning

Mythril

Mythril is a security analysis tool for Ethereum smart contracts. It uses the LASER-ethereum symbolic virtual machine to detect various types of issues. Use it to analyze source code or as a nmap-style black-box blockchain scanner (an “ethermap” if you will).


SBB License

MIT License

Core Technology

Python

Project URL

https://github.com/ConsenSys/mythril

Source Location

https://github.com/ConsenSys/mythril

Tag(s)

BlockChain, Security

OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

The core of this SSL-secured service-oriented architecture is the OpenVAS Scanner. The scanner very efficiently executes the actual Network Vulnerability Tests (NVTs) which are served with daily updates via the OpenVAS NVT Feed or via a commercial feed service.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

http://www.openvas.org

Source Location

https://scm.wald.intevation.org/ svn/openvas/trunk

Tag(s)

Security, Vulnerability scanning

ORY Hydra

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app.


SBB License

Apache License 2.0

Core Technology

GOlang

Project URL

https://www.ory.sh/

Source Location

https://github.com/ory/hydra

Tag(s)

Security

osquery

SQL powered operating system instrumentation, monitoring, and analytics. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Developed by Facebook.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://osquery.io/

Source Location

https://github.com/facebook/osquery

Tag(s)

Loganalyze, Monitoring, Security

OSSEC

OSSEC is a full platform to monitor and control your systems.

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

Full documentation on: https://www.ossec.net/docs/


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://www.ossec.net/

Source Location

https://github.com/ossec/ossec-hids

Tag(s)

IDS, Security

OWASP ZCR Shellcoder

OWASP ZCR Shellcoder is an open source software in python language which lets you generate customized shellcodes for various operation systems. Shellcodesare small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://www.owasp.org/index.php/O WASP_ZSC_Tool_Project

Source Location

https://github.com/Ali-Razmjoo/OW ASP-ZSC/

Tag(s)

Security, Test Tool

OWASP Zed Attack Proxy (ZAP)

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.


SBB License

Apache License 2.0

Core Technology

Java

Project URL

https://www.owasp.org/index.php/O WASP_Zed_Attack_Proxy_Project#tab =Main

Source Location

https://github.com/zaproxy/zaprox y

Tag(s)

Security

Phpseclib (PHP Secure Communications Library)

Phpseclib is designed to be ultra-compatible. It works on PHP4+ (PHP4, assuming the use of PHP_Compat) and doesn’t require any extensions. For purposes of speed, mcrypt is used if it’s available as is gmp or bcmath (in that order), but they are not required. Phpseclib is designed to be fully interoperable with OpenSSL and other standardized cryptography programs and protocols.

Phpseclib is a pure-PHP implementations of:

  • BigIntegers

  • RSA

  • SSH2

  • SFTP

  • X.509

  • Symmetric key encryption

    • AES

    • Rijndael

    • Twofish

    • Blowfish

    • DES

    • 3DES

    • RC4

    • RC2


SBB License

MIT License

Core Technology

PHP

Project URL

http://phpseclib.sourceforge.net/

Source Location

https://github.com/phpseclib/phpseclib

Tag(s)

Cryptography, Security

privacyIDEA

privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications.

privacyIDEA does not bind you to any decision of the authentication protocol or it does not dictate you where your user information should be stored. This is achieved by its totally modular architecture. privacyIDEA is not only open as far as its modular architecture is concerned. But privacyIDEA is completely licensed under the AGPLv3.

It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices like Yubikey and Plug-Up, smartphone Apps like Google Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.

privacyIDEA is based on Flask and SQLAlchemy as the python backend. The web UI is based on angularJS and bootstrap. A MachineToken design lets you assign tokens to machines. Thus you can use your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.


SBB License

GNU Affero General Public License Version 3

Core Technology

Python

Project URL

https://www.privacyidea.org/

Source Location

https://github.com/privacyidea/privacyidea

Tag(s)

Security

PySyft

A library for encrypted, privacy preserving deep learning. PySyft is a Python library for secure, private Deep Learning. PySyft decouples private data from model training, using Multi-Party Computation (MPC) within PyTorch. View the paper on Arxiv.

SBB License

Apache License 2.0

Core Technology

Python

Project URL

https://github.com/OpenMined/PySyft

Source Location

https://github.com/OpenMined/PySyft

Tag(s)

ML, Python, Security

Radare

Unix-like reverse engineering framework and commandline tools.

Radare is a portable reversing framework that can:

  • Disassemble (and assemble for) many different architectures

  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)

  • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku

  • Perform forensics on filesystems and data carving

  • Be scripted in Python, Javascript, Go and more

  • Support collaborative analysis using the embedded webserver

  • Visualize data structures of several file types

  • Patch programs to uncover new features or fix vulnerabilities

  • Use powerful analysis capabilities to speed up reversing

  • Aid in software exploitation


SBB License

GNU General Public License (GPL) 3.0

Core Technology

C

Project URL

http://rada.re/r/index.html

Source Location

https://github.com/radare/radare2

Tag(s)

Debugger, Security, Software development, Vulnerability scanning

Requests: HTTP for Humans

Requests is the only Non-GMO HTTP library for Python, safe for human consumption.

Requests allows you to send organic, grass-fed HTTP/1.1 requests, without the need for manual labor. There’s no need to manually add query strings to your URLs, or to form-encode your POST data. Keep-alive and HTTP connection pooling are 100% automatic, powered by urllib3, which is embedded within Requests.


SBB License

Apache License 2.0

Core Technology

Python

Project URL

Source Location

https://github.com/kennethreitz/requests

Tag(s)

Security, Software development, Test Tool

RIPS (code analyser)

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

RIPS was released during the Month of PHP Security (www.php-security.org).

Features

  • detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more

  • 5 verbosity levels for debugging your scan results

  • mark vulnerable lines in source code viewer

  • highlight variables in the code viewer

  • user-defined function code by mouse-over on detected call

  • active jumping between function declaration and calls

  • list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer

  • graph visualization for files and includes as well as functions and calls

  • create CURL exploits for detected vulnerabilities with few clicks

  • visualization, description, example, PoC, patch and securing function list for every vulnerability

  • 7 different syntax highlighting colour schemata

  • display scan result in form of a top-down flow or bottom-up trace

  • only minimal requirement is a local web server with PHP and a browser (tested with Firefox)

  • regex search function


SBB License

GNU General Public License (GPL) 3.0

Core Technology

PHP

Project URL

http://rips-scanner.sourceforge.net/

Source Location

http://sourceforge.net/projects/rips-scanner/

Tag(s)

Code Analyzer, Security

RouterSploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aids penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities

  • creds – modules designed to test credentials against network services

  • scanners – modules that check if target is vulnerable to any exploit


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://github.com/reverse-shell/routersploit

Source Location

https://github.com/reverse-shell/routersploit

Tag(s)

Security, Vulnerability scanning

Scapy

Scapy is a powerful Python-based interactive packet manipulation program and library.

It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, …), etc.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://scapy.net/

Source Location

https://github.com/secdev/scapy

Tag(s)

Pentest, Python, Security, Test Tool

SecLists

SecLists is the security tester’s companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

This is an OWASP project (incubator) .


SBB License

MIT License

Core Technology

n.a.

Project URL

https://www.owasp.org/index.php/O WASP_SecLists_Project

Source Location

https://github.com/danielmiessler /SecLists

Tag(s)

Security, Test Tool

Security Monkey

Security Monkey monitors policy changes and alerts on insecure configurations in an AWS account. While Security Monkey’s main purpose is security, it also proves a useful tool for tracking down potential problems as it is essentially a change tracking system.

More information: http://techblog.netflix.com/2014/06/announcing-security-monkey-aws-security.html


SBB License

Apache License 2.0

Core Technology

Python

Project URL

http://securitymonkey.readthedocs.org/en/latest/

Source Location

https://github.com/Netflix/security_monkey

Tag(s)

Security, SIEM

SigPloit

SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture


SBB License

MIT License

Core Technology

Python

Project URL

https://github.com/SigPloiter/SigPloit

Source Location

https://github.com/SigPloiter/SigPloit

Tag(s)

Pentest, Security

SIMP (The System Integrity Management Platform)

SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. Fundamentally, SIMP is a framework that is designed to be secure from a practical point of view out of the box. As a framework, SIMP is designed to be flexed to meet the needs of the end user.

The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.

Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers. This project is released to the public by the US National Security Agency.


SBB License

MIT License

Core Technology

Project URL

https://github.com/NationalSecurityAgency/SIMP

Source Location

https://github.com/simp

Tag(s)

Audit, Security

Simplify

Simplify uses a virtual machine to understand what an app does. Then, it applies optimizations to create code that behaves identically, but is easier for a human to understand. Specifically, it takes Smali files as input and outputs a Dex file with (hopefully) identical semantics but less complicated structure.

For example, if an app’s strings are encrypted, Simplify will interpret the app in its own virtual machine to determine semantics. Then, it uses the apps own code to decrypt the strings and replaces the encrypted strings and the decryption method calls with the decrypted versions. It’s a generic deobfuscator because Simplify doesn’t need to know how the decryption works ahead of time. This technique also works well for eliminating different types of white noise, such as no-ops and useless arithmetic.


SBB License

MIT License

Core Technology

Project URL

Source Location

https://github.com/CalebFenton/simplify

Tag(s)

Code Analyzer, Security

Sonarqube

OWASP project. SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.

SonarQube® software (previously called Sonar) is an open source quality management platform, dedicated to continuously analyze and measure technical quality, from project portfolio to method. If you wish to extend the SonarQube platform with open source plugins, have a look at our plugin library.


SBB License

GNU Lesser General Public License (LGPL) 3.0

Core Technology

Java

Project URL

https://www.sonarqube.org/

Source Location

https://github.com/SonarSource/sonarqube

Tag(s)

Security, Vulnerability scanning

SpiderFoot

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname or network subnet.

SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://www.spiderfoot.net/

Source Location

https://github.com/smicallef/spid erfoot

Tag(s)

Pentest, Python, Security, Test Tool, Vulnerability scanning

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

http://sqlmap.org/

Source Location

https://github.com/sqlmapproject/sqlmap

Tag(s)

Pentest, Security

Streisand

Streisand is software for setting up secure connections with your friends. A bit like TOR.

Streisand  is open source software that sets up a communication server that can run:

  • WireGuard

  • OpenConnect

  • OpenSSH

  • OpenVPN

  • Shadowsocks

  • SSHLH

  • Stunnel,  or a

  • Tor bridge.

After configuration Streisand generates custom instructions to use the communication service chosen. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.  Setting up Streisand requires still some good Unix knowledge for installation and configuration. So it is a bit of a hassle. (status 2018)

Using Streisand reduces the barrier of entry to running a VPN/censorship-bypass server for friends and family and makes secure communication available to more people.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://github.com/jlund/streisand

Source Location

https://github.com/jlund/streisand

Tag(s)

communication, Privacy, Security

Stunnel

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.

Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library. It can benefit from the FIPS 140-2 validation of the OpenSSL FIPS Object Module, as long as the building process meets its Security Policy.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://www.stunnel.org/index.html

Source Location

http://www.usenix.org.uk/mirrors/stunnel/

Tag(s)

Cryptography, Security

Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

http://suricata-ids.org

Source Location

https://github.com/inliniac/suricata

Tag(s)

IDS, Security

Susanoo

Susanoo is a REST API security testing framework. Features:

  • Configurable inputs/outputs formats

  • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.

  • Smoke Scan: Custom output checks for known pocs can be configured to run daily.


SBB License

MIT License

Core Technology

Python

Project URL

https://github.com/ant4g0nist/Susanoo

Source Location

https://github.com/ant4g0nist/Susanoo

Tag(s)

Security, Test Tool

SWAMP (Software Assurance Marketplace)

This security application is a SAAS solution. However it is built of OSS building blocks and available to be use under an friendly OSS license for everyone.

  • Capabilities of the SWAMP

  • Static analysis

  • Operates on the original source code

  • Tracks problems down to the location in the original code

  • Relatively quick and easy to use

  • Provides complete code coverage

  • Compare results from multiple tools

  • Find and visualize overlaps

  • Correlate results

Languages supported: C/C++,Java source, Java bytecode, Python, Ruby. PHP and Javascript are on the roadmap for end 2015 to be supported.


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Project URL

https://www.mir-swamp.org

Source Location

Tag(s)

Code Analyzer, Security

Tamper Chrome

Tamper Chrome is a Chrome extension that allows you to modify HTTP requests on the fly and aid on web security testing. Tamper Chrome works across all operating systems (including Chrome OS).


SBB License

Apache License 2.0

Core Technology

Javascript

Project URL

https://github.com/google/tamperchrome

Source Location

https://github.com/google/tamperchrome

Tag(s)

Audit, Security, Test Tool

Threat Dragon

Threat Dragon is a free, open-source threat modelling tool from OWASP.

Threat Dragon is an online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations. The focus will be on great UX a powerful rule engine and alignment with other development lifecycle tools.

ThreatDragon is a Single Page Application (SPA) using Angular on the client and node.js on the server.

Thread Dragon is currently in alfa stage.


SBB License

MIT License

Core Technology

Javascript / NodeJS

Project URL

https://www.owasp.org/index.php/OWASP_Threat_Dragon

Source Location

https://github.com/mike-goodwin/owasp-threat-dragon

Tag(s)

Modelling, Security

Tink

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc.


SBB License

Apache License 2.0

Core Technology

Java

Project URL

https://github.com/google/tink

Source Location

https://github.com/google/tink

Tag(s)

Cryptography, Security

Tlsfuzzer

TLS test suite and fuzze. Fuzzer and test suite for TLS (v1.0, v1.1, v1.2) implementations.

tlsfuzzer verifies only TLS level behaviour, it does not perform any checks on the certificate (like hostname validation, CA signatures or key usage). It does however verify if the signatures made on TLS message by the server (like in Server Key Exchange message) match the certificate sent by the server.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://github.com/tomato42/tlsfuzzer

Source Location

https://github.com/tomato42/tlsfuzzer

Tag(s)

Audit, Security, Test Tool

Tor

Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Creating your own Tor network is easy with this software, or use existing Tor nodes.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Using Tor protects you against a common form of Internet surveillance known as “traffic analysis.” Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests.

Tor is by far the most secure way to enter the internet without giving away your privacy. Thank you Roger Dingledine!


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Project URL

https://www.torproject.org

Source Location

https://www.torproject.org/dist/

Tag(s)

Cryptography, Privacy, Security

Unfurl

An Entropy-Based Link Vulnerability Analysis Tool.

unfurl is a screening tool for automating URL entropy analysis. The big idea is to find tokens in a large list of URLs that have low entropy. These might be susceptible to brute force attacks.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://jlospinoso.github.io/pyth on/unfurl/abrade/hacking/2018/02/ 08/unfurl-url-analysis.html

Source Location

https://github.com/JLospinoso/unf url

Tag(s)

Security

Universal Radio Hacker (URH)

The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include

  • hardware interfaces for common Software Defined Radios

  • easy demodulation of signals

  • assigning participants to keep overview of your data

  • customizable decodings to crack even sophisticated encodings like CC1101 data whitening

  • assign labels to reveal the logic of the protocol

  • automatic reverse engineering of protocol fields

  • fuzzing component to find security leaks

  • modulation support to inject the data back into the system

  • simulation environment to perform stateful attacks


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://github.com/jopohl/urh

Source Location

https://github.com/jopohl/urh

Tag(s)

network diagnostic, Security

URL Abuse

URL Abuse is a versatile free software for URL review, analysis and black-list reporting. URL Abuse is composed of a web interface where requests are submitted asynchronously and a back-end system to process the URLs into features modules.

Features:

Please note that some of the API services will require an API key. The API keys should be located in the root of the URL Abuse directory. There is also an online version to use: https://www.circl.lu/urlabuse/


SBB License

GNU Affero General Public License Version 3

Core Technology

Python

Project URL

http://www.circl.lu/services/urlabuse/

Source Location

https://github.com/CIRCL/url-abuse

Tag(s)

Python, Security

Vault

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

A modern system requires access to a multitude of secrets: database credentials, API keys for external services, credentials for service-oriented architecture communication, etc. Understanding who is accessing what secrets is already very difficult and platform-specific. Adding on key rolling, secure storage, and detailed audit logs is almost impossible without a custom solution. This is where Vault steps in.


SBB License

Mozilla Public License (MPL) 1.1

Core Technology

GO

Project URL

https://vaultproject.io

Source Location

https://github.com/hashicorp/vault

Tag(s)

Security

VERIS

VERIS The Vocabulary for Event Recording and Incident Sharing.

The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS is a response to one of the most critical and persistent challenges in the security industry – a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident-related information and to share that information – anonymously and responsibly – with others.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

http://veriscommunity.net/index.html

Source Location

https://github.com/vz-risk/veris

Tag(s)

Security

VSAQ: Vendor Security Assessment Questionnaire

VSAQ is an interactive questionnaire application. Its initial purpose was to support security reviews by facilitating not only the collection of information, but also the redisplay of collected data in templated form.

At Google, questionnaires like the ones in this repository are used to assess the security programs of third parties. But the templates provided can be used for a variety of purposes, including doing a self-assessment of your own security program, or simply becoming familiar with issues affecting the security of web applications.


SBB License

Apache License 2.0

Core Technology

Javascript

Project URL

https://vsaq-demo.withgoogle.com/

Source Location

https://github.com/google/vsaq

Tag(s)

Audit, Questionnaire, Security

w3af (Web Application Attack and Audit Framework)

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

The w3af framework is divided into three main sections:

  1. The core, which coordinates the whole process and provides libraries for using in plugins.

  2. The user interfaces, which allow the user to configure and start scans

  3. The plugins, which find links and vulnerabilities


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Phython

Project URL

http://w3af.org/

Source Location

https://github.com/andresriancho/w3af/

Tag(s)

Audit, Security, Test Tool

Wapiti

Wapiti allows you to audit the security of your websites or web applications.

It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

http://wapiti.sourceforge.net/

Source Location

http://wapiti.sourceforge.net/

Tag(s)

Security, Vulnerability scanning

Wifite 2

A complete re-write of wifite, a Python script for auditing wireless networks.

Wifite is an automated wireless attack tool. Wifite was designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

Python

Project URL

https://github.com/derv82/wifite2

Source Location

https://github.com/derv82/wifite2

Tag(s)

Audit, Pentest, Security

WireGuard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://www.wireguard.com/

Source Location

https://git.zx2c4.com/WireGuard/

Tag(s)

Privacy, Security, VPN

XSStrike

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.

Main Features:

  • Reflected and DOM XSS scanning

  • Multi-threaded crawling

  • Context analysis

  • Configurable core

  • WAF detection & evasion

  • Outdated JS lib scanning

  • Intelligent payload generator

  • Handmade HTML & JavaScript parser

  • Powerful fuzzing engine

  • Blind XSS support

  • Highly researched work-flow

  • Complete HTTP support

  • Bruteforce payloads from a file


SBB License

GNU General Public License (GPL) 3.0

Core Technology

Python

Project URL

https://github.com/s0md3v/XSStrike

Source Location

https://github.com/s0md3v/XSStrike

Tag(s)

IDS, Python, Security

YARA

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns.


SBB License

MIT License

Core Technology

C

Project URL

https://virustotal.github.io/yara/

Source Location

https://github.com/virustotal/yara

Tag(s)

Malware analysis, Security

Zeek

Zeek is a powerful framework for network analysis and security monitoring.

(Zeek is the new name for the long-established Bro system. Note that parts of the system retain the “Bro” name, and it also often appears in the documentation and distributions.)


SBB License

GNU General Public License (GPL) 2.0

Core Technology

C

Project URL

https://www.zeek.org/

Source Location

https://github.com/zeek/zeek

Tag(s)

IDS, Security