7 Repos
Comprehensive suites and frameworks for penetration testing and security research.
Explore 7 awesome GitHub repositories matching part of an awesome list · Security Frameworks. Refine with filters or upvote what's useful.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Industry-standard framework for penetration testing and exploit development.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Core project for automated web application security testing.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Automated pentest framework for offensive security operations.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Automated offensive security framework for reconnaissance and vulnerability scanning.
Axiom is a cloud infrastructure orchestrator and distributed security scanning framework. It serves as a manager for deploying, snapshotting, and destroying disposable virtual machine fleets across multiple cloud providers and regions. The project distinguishes itself by automating the provisioning of vulnerability toolsets and security auditing software across these remote servers. It features a mechanism for distributing security scans by sharding target lists across a fleet of instances and aggregating the resulting data into unified files and HTML reports. The system covers a broad range
Dynamic infrastructure management for red teaming and bug bounty hunting.
The Swiss Army knife for automated Web Application Testing
Automated framework for web application security testing.
Cross-platform toolkit for OSINT, forensics, and security research.