The Mall Cop

MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://sap.github.io/vulnerability-assessment-tool/

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Modular file scanning/analysis framework

A curated list of awesome YARA rules, tools, and people.

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Web Application Security Scanner Framework

The currently released SimpleRisk source code.

GRR Rapid Response: remote live forensics for incident response

Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.

zBang is a risk assessment tool that detects potential privileged account threats

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities a…

A dashboard for a real-time overview of threat intelligence from MISP instances

Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulnerabilities early in the lifecycle"

Open Security Controls Assessment Language (OSCAL)

AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional checks. Official CIS for AWS guide: https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf

Open source RASP solution

Clone this repo to build Frida

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Automated Security Testing For REST API's

The OWASP ZAP core project

Collaborative Penetration Test and Vulnerability Management Platform

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

⚖Open Source Toolkit for Quantitative Risk Assessment

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

ARX is a comprehensive open source data anonymization tool aiming to provide scalability and usability. It supports various anonymization techniques, methods for analyzing data quality and re-identification risks and it supports well-known privacy models, such as k-anonymity, l-diversity, t-closeness and differential privacy.