Search Results for "rough auditing tool for security"
Sort By:
Showing 55 open source projects for "rough auditing tool for security"
View related business solutions-
Monitor production, track downtime and improve OEE.Evocon is a visual and user-friendly OEE software that helps manufacturing companies improve productivity and remove waste as they become better.
-
Captain Compliance - Data Privacy and Compliance SoftwareCaptain Compliance handles your data privacy requirements so you can be privacy compliant. No more compliance stress, stop stressing over regulatory risks – just privacy protection managed by experts. Our user-friendly platform backed by privacy professionals simplifies the process of navigating regulations, giving your customers transparent choices, and building essential trust for your organization.
-
1
lynis
Security auditing tool for Linux, macOS, and UNIX-based system
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007. Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. -
2
WPScan
WPScan WordPress security scanner
...It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators. -
3
Scout Suite
Multi-cloud security auditing tool
Scout Suite is an open-source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. -
4
Claw Hunter
MDM-ready scripts for detecting and monitoring OpenClaw
...Claw-Hunter addresses this emerging threat landscape by providing visibility into these agents, helping organizations identify instances running within their environments. It focuses on uncovering “shadow AI,” which refers to unauthorized or unmanaged AI agents that operate outside traditional security controls. The tool performs risk assessment by auditing agent permissions, capabilities, and access levels, allowing security teams to evaluate potential attack surfaces. It also helps ensure that these agents do not unintentionally expose sensitive data or create unauthorized access paths across systems. -
Planfix: Manage Projects, Team's Tasks and Business ProcessesPlanfix is like a souped-up business process management system for folks who really know their stuff. It's built to help you dive deeper and gives you more options than your run-of-the-mill project and task management systems. Best part? Even small businesses and non-profits can get in on the action.
-
5
Bracket
Selfhosted tournament system
Bracket is an open-source tool that tracks and manages data access across your PostgreSQL database. It provides visibility into which parts of your codebase are accessing which tables and columns, enabling data governance, security auditing, and architectural insights. Bracket is particularly helpful for growing teams needing better observability in complex applications. -
6
Gate22
Open-source MCP gateway and control plane for teams
...It provides a centralized layer where organizations can configure permission boundaries, role-based access, and operational constraints that govern agent behavior and tool invocation across agentic IDEs or custom agent stacks. By integrating with MCP-aware systems, Gate22 helps maintain security and compliance while enabling teams to scale agent-enabled workflows without losing observability into what actions are taken and why. It can be used to enforce fine-grained policies that restrict dangerous or unauthorized operations, track which agents are calling which tools, and record metadata for auditing and debugging. -
7
Prowler
An open source security tool to perform AWS security assessment
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. ... -
8
InQL Scanner
A Burp Extension for GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Since version 1.0.0 of the tool, InQL was extended to operate within Burp Suite. In this mode, the tool will retain all the stand-alone script capabilities and add a handy user interface for manipulating queries. -
9
Tailsnitch
A security auditor for Tailscale configurations
tailsnitch is a security auditing tool for Tailscale networks (tailnets) that scans configurations and device setups to detect risky or overly permissive settings, helping administrators maintain a secure mesh network. Written in Go and designed to be run either as a CLI or integrated into automated pipelines, tailsnitch performs dozens of checks against common access control policies, authentication key practices, network exposure issues, and device security settings. ... -
Network Discovery Software | JDisc DiscoveryJDisc Discovery is a comprehensive network inventory and IT asset management solution designed to help organizations gain clear, up-to-date visibility into their IT environment. It automatically scans and maps devices across the network, including servers, workstations, virtual machines, and network hardware, to create a detailed inventory of all connected assets. This includes critical information such as hardware configurations, software installations, patch levels, and relationshipots between devices.
-
10
Cr3dOv3r
Know the dangers of credential reuse attacks
Cr3dOv3r is a penetration testing and security auditing tool designed to demonstrate and analyze the risks associated with credential reuse across multiple online services. It allows users to input an email address and automatically checks for data breaches and leaked credentials using public databases. The tool then attempts to verify whether those credentials are reused across various popular platforms, highlighting potential vulnerabilities. -
11
Vulnhuntr
AI tool for detecting complex vulnerabilities in Python codebases
...Vulnhuntr can generate detailed findings, including vulnerability explanations and potential exploit paths, helping developers and security teams understand risks faster. It supports multiple LLM providers such as OpenAI, Anthropic, and Ollama, and can be run via CLI, Docker, or pipx. Vulnhuntr is particularly useful for early-stage security reviews, bug bounty hunting, and auditing dependencies for hidden risks across open source projects. -
12
CloudQuery
The open-source cloud asset inventory powered by SQL
...Use standard SQL to find any asset based on any configuration or relation to other assets. Connect CloudQuery standard PostgreSQL database to your favorite BI/Visualization tool such as Grafana, QuickSight, etc. Codify your security & compliance rules with SQL as the query engine. Integrate CloudQuery with your current visualization, monitoring, and alerting such as Grafana. CloudQuery supports the TimescaleDB PostgreSQL extension, giving you full historical snapshots of your cloud asset inventory. Data analysis, security, auditing, and compliance. ... -
13
Capslock
Tool to remap Caps Lock key behavior on Windows systems
Capslock is a command-line tool for analyzing the capabilities of Go packages to reveal what privileged operations their code and dependencies can perform. Rather than detecting vulnerabilities, Capslock focuses on identifying capabilities — permissions implied by calls to sensitive or privileged standard library functions, such as file system access, networking, or process control. By following transitive call graphs, it classifies which security-sensitive operations each package can reach,... -
14
react2shell-scanner
High Fidelity Detection Mechanism for RSC/Next.js RCE
react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. ... -
15
Network Enumeration Tool
Network Enumeration Tool for Host Exploration and Recon
N-ETHER (Network Enumeration Tool for Host Exploration and Reconnaissance) is a robust and highly automated Python script designed to streamline the critical initial phases of network security auditing and penetration testing. It’s core purpose is to perform fast, comprehensive, and consistent host and port discovery across single targets or large lists of IP addresses. -
16
CookieGuardAudit
A beginner-friendly Python CLI tool that audits website cookies.
CookieGuardAudit is a simple Python command-line security tool that checks a website's cookies for common security flag issues. It helps users quickly spot weak cookie settings such as missing Secure, missing HttpOnly, missing SameSite, and SameSite=None without Secure. This project is designed for beginners, defenders, students, and anyone learning basic web security auditing. -
17
Windows EtherApe Clone
A real-time network visualizer for Windows-based on the Linux version
...This packet sniffer alternative to Wireshark provides visual network analysis perfect for troubleshooting network issues, monitoring bandwidth usage, and network security auditing. Requires administrator privileges and Npcap driver. Built with C#/.NET 8.0 using SharpPcap. -
18
Selefra
The open-source policy-as-code software that provides analysis
Selefra is an open-source policy-as-code and infrastructure analysis tool that helps engineering and security teams gain visibility into complex multi-cloud and SaaS environments by treating infrastructure data as queryable information. The core idea behind Selefra is “select * from infrastructure,” meaning you can write flexible SQL-style queries against cloud configuration and inventory data assembled from dozens of services such as AWS, Azure, GCP, Kubernetes, GitHub, Slack, and more, bringing auditing, security, compliance, cost optimization, and architecture insights into one place. ... -
19
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organization. It performs numerous in-depth checks on a range of services and open ports well across more than one platform such as self-hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc., to identify any misconfigurations which make organizations an easy target for attackers. In addition, it helps... -
20
mongoaudit
A powerful MongoDB auditing and pentesting tool
mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse. mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! ... -
21
GraphicsFuzz
A testing framework for automatically finding and simplifying bugs
GraphicsFuzz is a framework developed by Google for testing and fuzzing graphics drivers using automatically generated GLSL shaders. It helps identify security vulnerabilities, driver crashes, and rendering inconsistencies in OpenGL and Vulkan drivers by feeding them randomized but valid shader programs. Originally developed through academic research, GraphicsFuzz automates the process of minimizing and analyzing problematic shaders, helping hardware vendors and driver developers improve the... -
22
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It has been tested on Linux (Gentoo, Red Hat and derivatives, Debian, Ubuntu and derivatives, etc.) and Solaris (SunOS 2.x).
-
23
USB Rubber Ducky
A human interface device programmable
The USB Rubber Ducky is a Human Interface Device programmable with a simple scripting language allowing penetration testers to quickly and easily craft and deploy security auditing payloads that mimic human keyboard input. The source is written in C and requires the AVR Studio 5 IDE from atmel.com/avrstudio. Hardware is commercially available. Imagine plugging in a seemingly innocent USB drive into a computer and installing backdoors, exfiltrating documents, or capturing credentials. With a few well crafted keystrokes anything is possible. ... -
24
JBrute
Open Source Security tool to audit hashed passwords.
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 INFORMIX-1170 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. ... -
25
Lynis
System/security auditing tool for hardening and securing Linux/Unix
=== Note: this project has been moved to GitHub === Lynis is a system and security auditing tool for Unix/Linux. It is used by security consultants, auditors and system administrators. This tool performs a security audit of the system and determines how well it is hardened. Any detected security issues will be provided in the form of a suggestion or warning at the end of the audit. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. ...
