zizmor
DevSecOps & Pipeline SecurityA static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.
Latest Updates
The most recently updated tools in our directory.
Velociraptor
Incident Response & ForensicsA powerful tool for endpoint visibility and incident response, leveraging the Velociraptor Query Language (VQL) for customizable data collection.
Trivy
Vulnerability ManagementA security scanning solution for cloud and containerized environments.
Timesketch
Incident Response & ForensicsCollaborative forensic timeline analysis
Tracee
Incident Response & ForensicsA runtime security and forensics tool for Linux environments leveraging eBPF technology.
TerraGoat
DevSecOps & Pipeline SecurityTerraGoat is a Terraform repository designed to demonstrate common configuration errors in cloud environments.
Teller
Secrets ManagementCloud native secrets management for developers - never leave your command line for secrets.
Syft
Supply Chain SecurityA CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems.
Stratus Red Team
Threat Detection & ResponseGranular, Actionable Adversary Emulation for the Cloud
Snyk CLI
Vulnerability ManagementSnyk CLI scans and monitors your projects for security vulnerabilities.
SOPS
Secrets ManagementSimple and flexible tool for managing secrets
Scout Suite
Security Assessment & AuditMulti-Cloud Security Auditing Tool
S3Scanner
Penetration Testing ToolsScan for misconfigured S3 buckets across S3-compatible APIs!
Pacu
Penetration Testing ToolsThe AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Nettacker
Penetration Testing ToolsAutomated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
ModSecurity
Security Monitoring & LoggingWeb application firewall (WAF) engine for Apache, IIS and Nginx.
MicroBurst
Penetration Testing ToolsA toolkit for enumerating and exploiting vulnerabilities in Azure cloud environments.
Kubescape
Container & Kubernetes SecurityA security platform for Kubernetes that identifies and remediates misconfigurations, vulnerabilities, and compliance issues.
Kubernetes Goat
Container & Kubernetes SecurityKubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground
KubeArmor
Container & Kubernetes SecurityRuntime Security Enforcement System for Kubernetes environments, leveraging Linux Security Modules for workload hardening and policy enforcement.