SecTools

List of tools for SecDevOps, vulnerability analysis, network scanning

Python

This repository is a collection of hacker tools, resources, and links for vulnerability analysis. Most tools are UNIX-compliant, free, and open source.

🔭 OSINT:

Open-source intelligence (OSINT) is intelligence collected from publicly available sources.

Localized search engines by country.

Search for all kind of files.

🔨 SecAnalysisTools:

Vulnerability Assessment and Management Systems

Software	Category	Update Last 6 mouth
Archerysec	Vulnerability Assessment and Management	✔️
DefectDojo	Vulnerability Assessment and Management	✔️
faraday	Vulnerability Assessment and Management	✔️
rengine	Vulnerability Assessment and Management, Scanner	✔️

Vulnerability Analysis Software.

Software	Category	Update Last 6 mouth
hydra	Password-cracker	✔️
Vuls	Vulnerability Assessment and Management	✔️
Metasploit	Exploit Framework	✔️
MobSF	Exploit Framework (for Mobile)	✔️
git-secret	Cryptography	✔️
truffleHog	Secret finding	❌
GitLeaks	Secret finding	✔️
RedTeamScripts	C# scripts	✔️
knock	Subdomain Enumeration	❌
SubDomainsBrute	Subdomain Enumeration	✔️
SubDomain3	Subdomain Enumeration	✔️
domained	Subdomain Enumeration	✔️
routerslpoit	Exploit Framework	❌
BeFF	Exploit Framework	✔️

SAST:

Software	Analyze Code	Update Last 6 mouth
Insider	Java, Kotlin, Swift, .NET, C#, Javascript	✔️
Bearer	JavaScript/TypeScript, Ruby, PHP, Java (Beta), Go (Beta), Python (Alpha)	✔️
Infer#	C#	✔️
SpotBugs	Java	✔️
PVS-Studio	Multilanguage	✔️
PMD	Multilanguage	✔️
PHPvulnhunter	PHP	❌
FindSecBug	Java web, Andriod, Scala, Kotlin, Groovy	✔️
codechecker	C/C++	✔️
cppcheck	C/C++	✔️
cobra	PHP,Java	❌
brakeman	Ruby on Rails	✔️
SecCodeScan	C#, VB.NET	✔️
Cascade	C#	❌
Bandit	Python	✔️
LLVM Clang	C, Objective-C, C++ and Objective-C++	✔️
Codemodder	Java, Python, fixes non-trivial security issues and other code quality problems	✔️

DAST, IAST:

Software	Description	Update Last 6 mouth
Snyk	Scanner Source Code	✔️
Contrast	Application Scanner Framework	✔️
CloudSploit	Analyze Cloud Infrastructure	✔️
SonaQube	Application Scanner Framework	✔️
WhiteSourceSoft	Application Scanner Framework	✔️
PT Application Inspector	Application Scanner Framework	✔️

SCA, IAC

SBOM

Scanners:

Software	Category	Update Last 6 mouth
Tsunami	Scanner	✔️
WATOBO	Web Scanner	✔️
Osmedeus	Scanner	✔️
OneForAll	Scanner	✔️
osprey	Web Scanner	❌
Xray	Web Scanner	✔️
AZScanner	Scanner	❌
GroundScan	Scanner	❌
BBScan	Scanner	❌
AnyScan	Scanner	❌
WAScan	Web Scanner	✔️
YukiChan	Scanner	❌
Poscan	Scanner	❌
w3af	Web Scanner	❌
sn1per	Scanner	✔️
Scanless	Scanner	✔️
NoSQLMap	NoSQL Scanner	✔️
Nmap	Scanner	✔️
NetSparker	Scanner	✔️
Wapiti	Web Scanner	✔️
Golismero	Scanner	✔️
Nexpose	Scanner	✔️
Raccoon	Scanner	❌
WhatWeb	Web Scanner	✔️
Puma Scan	Scanner Analysis	✔️
Arachni	Web Scanner	❌
Legion	Scanner	✔️
Nessus	Scanner	✔️
OpenVAS	Scanner	✔️
Acuentrix	Scanner	✔️
Nikto	Web Scanner	✔️
Sqlmap	SQL Scanner	✔️
Striker	Scanner	❌
Zaproxy	Web Scanner	✔️
AutoRecon	Scanner	✔️
ScanOval	Application Vulnerabilities in XML files	✔️

📂 Vulnerability Database:

Data	Description
CVE	Common Vulnerabilities and Exposures system provides a reference-method for publicly known information-security vulnerabilities and exposures
Exploitdb	The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more
0day	0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals
NVD NIST	NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP)
Vuldb	Vulnerability database documenting and explaining security vulnerabilities and exploits
Synk	Vulnerability database detailed information and remediation guidance for known vulnerabilities