Free and Open Source, Distributed, RESTful Search Engine

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many mo…

The Prometheus monitoring system and time series database.

Modern HTTP benchmarking tool

A lightweight JavaScript library for creating particles

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The ZAP by Checkmarx Core project

Cockpit is a web-based graphical interface for servers.

PowerSploit - A PowerShell Post-Exploitation Framework

Incredibly fast crawler designed for OSINT.

Damn Vulnerable Web Application (DVWA)

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Six Degrees of Domain Admin

WebGoat is a deliberately insecure application

Multi-Cloud Security Auditing Tool

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Multi-vendor library to simplify Paramiko SSH connections to network devices

A high performance offensive security tool for reconnaissance and vulnerability scanning

Real-time HTTP Intrusion Detection

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg…

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Docker Swarm instrumentation with Prometheus, Grafana, cAdvisor, Node Exporter and Alert Manager

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names