Search Results for "rough auditing tool for security"
Sort By:
Showing 50 open source projects for "rough auditing tool for security"
View related business solutions-
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
Outgrown Windows Task Scheduler?Windows Task Scheduler wasn't built for complex, cross-platform automation. Get a free diagnostic that shows exactly where things are failing and provides remediation recommendations. Interactive HTML report delivered in minutes.
-
1
lynis
Security auditing tool for Linux, macOS, and UNIX-based system
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007. Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. -
2
Scout Suite
Multi-cloud security auditing tool
Scout Suite is an open-source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. -
3
WPScan
WPScan WordPress security scanner
...It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators. -
4
Prowler
An open source security tool to perform AWS security assessment
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
Gate22
Open-source MCP gateway and control plane for teams
...It provides a centralized layer where organizations can configure permission boundaries, role-based access, and operational constraints that govern agent behavior and tool invocation across agentic IDEs or custom agent stacks. By integrating with MCP-aware systems, Gate22 helps maintain security and compliance while enabling teams to scale agent-enabled workflows without losing observability into what actions are taken and why. It can be used to enforce fine-grained policies that restrict dangerous or unauthorized operations, track which agents are calling which tools, and record metadata for auditing and debugging. -
6
Bracket
Selfhosted tournament system
Bracket is an open-source tool that tracks and manages data access across your PostgreSQL database. It provides visibility into which parts of your codebase are accessing which tables and columns, enabling data governance, security auditing, and architectural insights. Bracket is particularly helpful for growing teams needing better observability in complex applications. -
7
InQL Scanner
A Burp Extension for GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Since version 1.0.0 of the tool, InQL was extended to operate within Burp Suite. In this mode, the tool will retain all the stand-alone script capabilities and add a handy user interface for manipulating queries. -
8
CloudQuery
The open-source cloud asset inventory powered by SQL
...Use standard SQL to find any asset based on any configuration or relation to other assets. Connect CloudQuery standard PostgreSQL database to your favorite BI/Visualization tool such as Grafana, QuickSight, etc. Codify your security & compliance rules with SQL as the query engine. Integrate CloudQuery with your current visualization, monitoring, and alerting such as Grafana. CloudQuery supports the TimescaleDB PostgreSQL extension, giving you full historical snapshots of your cloud asset inventory. Data analysis, security, auditing, and compliance. ... -
9
Tailsnitch
A security auditor for Tailscale configurations
tailsnitch is a security auditing tool for Tailscale networks (tailnets) that scans configurations and device setups to detect risky or overly permissive settings, helping administrators maintain a secure mesh network. Written in Go and designed to be run either as a CLI or integrated into automated pipelines, tailsnitch performs dozens of checks against common access control policies, authentication key practices, network exposure issues, and device security settings. ... -
Free and Open Source HR SoftwareGive your HR team the tools they need to streamline administrative tasks, support employees, and make informed decisions with the OrangeHRM free and open source HR software.
-
10
Capslock
Tool to remap Caps Lock key behavior on Windows systems
Capslock is a command-line tool for analyzing the capabilities of Go packages to reveal what privileged operations their code and dependencies can perform. Rather than detecting vulnerabilities, Capslock focuses on identifying capabilities — permissions implied by calls to sensitive or privileged standard library functions, such as file system access, networking, or process control. By following transitive call graphs, it classifies which security-sensitive operations each package can reach,... -
11
react2shell-scanner
High Fidelity Detection Mechanism for RSC/Next.js RCE
react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. ... -
12
Network Enumeration Tool
Network Enumeration Tool for Host Exploration and Recon
N-ETHER (Network Enumeration Tool for Host Exploration and Reconnaissance) is a robust and highly automated Python script designed to streamline the critical initial phases of network security auditing and penetration testing. It’s core purpose is to perform fast, comprehensive, and consistent host and port discovery across single targets or large lists of IP addresses. -
13
Windows EtherApe Clone
A real-time network visualizer for Windows-based on the Linux version
...This packet sniffer alternative to Wireshark provides visual network analysis perfect for troubleshooting network issues, monitoring bandwidth usage, and network security auditing. Requires administrator privileges and Npcap driver. Built with C#/.NET 8.0 using SharpPcap. -
14
Selefra
The open-source policy-as-code software that provides analysis
Selefra is an open-source policy-as-code and infrastructure analysis tool that helps engineering and security teams gain visibility into complex multi-cloud and SaaS environments by treating infrastructure data as queryable information. The core idea behind Selefra is “select * from infrastructure,” meaning you can write flexible SQL-style queries against cloud configuration and inventory data assembled from dozens of services such as AWS, Azure, GCP, Kubernetes, GitHub, Slack, and more, bringing auditing, security, compliance, cost optimization, and architecture insights into one place. ... -
15
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organization. It performs numerous in-depth checks on a range of services and open ports well across more than one platform such as self-hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc., to identify any misconfigurations which make organizations an easy target for attackers. In addition, it helps... -
16
mongoaudit
A powerful MongoDB auditing and pentesting tool
mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse. mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! ... -
17
GraphicsFuzz
A testing framework for automatically finding and simplifying bugs
GraphicsFuzz is a framework developed by Google for testing and fuzzing graphics drivers using automatically generated GLSL shaders. It helps identify security vulnerabilities, driver crashes, and rendering inconsistencies in OpenGL and Vulkan drivers by feeding them randomized but valid shader programs. Originally developed through academic research, GraphicsFuzz automates the process of minimizing and analyzing problematic shaders, helping hardware vendors and driver developers improve the... -
18
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It has been tested on Linux (Gentoo, Red Hat and derivatives, Debian, Ubuntu and derivatives, etc.) and Solaris (SunOS 2.x).
-
19
USB Rubber Ducky
A human interface device programmable
The USB Rubber Ducky is a Human Interface Device programmable with a simple scripting language allowing penetration testers to quickly and easily craft and deploy security auditing payloads that mimic human keyboard input. The source is written in C and requires the AVR Studio 5 IDE from atmel.com/avrstudio. Hardware is commercially available. Imagine plugging in a seemingly innocent USB drive into a computer and installing backdoors, exfiltrating documents, or capturing credentials. With a few well crafted keystrokes anything is possible. ... -
20
JBrute
Open Source Security tool to audit hashed passwords.
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 INFORMIX-1170 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. ... -
21
Lynis
System/security auditing tool for hardening and securing Linux/Unix
=== Note: this project has been moved to GitHub === Lynis is a system and security auditing tool for Unix/Linux. It is used by security consultants, auditors and system administrators. This tool performs a security audit of the system and determines how well it is hardened. Any detected security issues will be provided in the form of a suggestion or warning at the end of the audit. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. ... -
22
Asgard
Web-based cloud management tool for Amazon Web Services
Asgard is a web-based interface developed by Netflix to simplify and automate the deployment and management of applications in Amazon Web Services (AWS). It integrates with tools like Auto Scaling, Elastic Load Balancing, and EC2 to streamline continuous delivery and infrastructure management. Although now deprecated in favor of Spinnaker, Asgard laid the foundation for modern deployment pipelines used at scale. -
23
Heartbleed
A checker (site and tool) for CVE-2014-0160
Heartbleed contains a compact, purpose-built implementation for detecting the infamous Heartbleed vulnerability in OpenSSL’s TLS heartbeat extension (CVE-2014-0160). It focuses on demonstrating and testing the flaw rather than being a general-purpose security toolkit, which makes the code approachable for learning and auditing. The project illustrates how a malformed heartbeat request could coax vulnerable servers into leaking memory contents, including potentially sensitive data. Because... -
24
Bastille Linux
This tool locks down Linux and UNIX systems.
Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling. It currently functions on most major Linux distributions and HP-UX. In the past, it has hardened Mac OSX as well. We are working on a code update to modern Linux distributions. -
25
LogSeCA
SIEM based tool supporting audit and security assessment
LogSECA is a tool that lies on the top of SIEM concept and on XDAS OpenGroup standard. It provides the following main capabilities: » secure and reliable retention of audit records for reliability and accountability, even in case of the source of event/log fails or the logs on it are accidentally or intentionally cancelled; » correlation of audit records in order to identify violation of security policies in the different data centres of the cloud infrastructure, which it would be impossible to do if each data centre processed events separately; » alerting and notification to the interested parties (e.g. security manager of the storage infrastructure); » control on the status of the corrective actions; » reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing). ...
