30 open-source projects similar to netflix/security_monkey, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Security Monkey alternative.
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
Komiser is a multi-cloud infrastructure inspector and asset inventory manager. It provides a centralized system for auditing, cataloging, and analyzing deployed services and assets across AWS, GCP, and Azure environments. The project transforms disparate resource schemas from different cloud vendors into a unified structural representation through a provider-based plugin architecture. It uses agentless API inspection and polling-based resource discovery to retrieve metadata and configuration states without requiring agents on target resources. The platform covers financial management via cos
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses. The system distinguishes itself by transforming complex, nested cloud API responses into flat relational tables, enabling the use of standard SQL for asset querying and analysis. It employs a modular plugin system for data ex
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Cloudsploit is a cloud security posture management tool and multi-cloud security auditor. It audits cloud infrastructure for misconfigurations and compliance risks across multiple providers, specifically AWS and Azure, by evaluating resource configurations against a set of security plugins. The project functions as a cloud compliance scanner that maps infrastructure scan results to regulatory frameworks and security policy standards. It also serves as an automated cloud remediation tool, executing corrective actions to fix detected misconfigurations via SDK calls. The system covers resource
This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base
Awless is a command-line interface and infrastructure orchestrator for managing, deploying, and inspecting AWS cloud resources. It functions as a resource inspector, identity manager, and secure connection utility, providing a hierarchical set of commands to control cloud environments. The tool distinguishes itself by syncing remote cloud state to local graphs, enabling offline infrastructure analysis, auditing, and resource relationship querying without active API calls. It further streamlines operations by mapping human-readable aliases to system identifiers and facilitating secure shell co
DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests
Firecracker is a virtual machine monitor that leverages hardware-assisted virtualization to create and manage isolated execution environments. It functions as a lightweight runtime designed to launch virtual machines with minimal memory overhead and near-instantaneous startup times, providing the security of traditional hardware virtualization with the efficiency of containerized workloads. The project distinguishes itself through a security-focused architecture that enforces strict process boundaries using system-level barriers and restricted user privileges. It minimizes the attack surface
Streisand is an orchestration system for deploying multi-protocol tunneling services and traffic obfuscation tools designed to circumvent regional network restrictions. It functions as a deployment utility and manager for various VPN and proxy services on remote cloud servers. The system distinguishes itself through a network obfuscation toolkit that wraps traffic in layers to evade deep packet inspection and bandwidth throttling. It automates the setup of multiple protocols, including WireGuard, OpenVPN, Shadowsocks, OpenConnect, OpenSSH, and Tor bridges. The project also includes utilities
Pi-hole is a self-hosted network utility that functions as a DNS sinkhole server to provide network-wide ad blocking. By acting as a dedicated network gateway, it intercepts and discards requests for known advertising, tracking, and malicious domains across an entire local network, preventing unwanted content from loading on any connected device. The software operates through a lightweight background daemon that handles high volumes of concurrent DNS queries with minimal resource overhead. It utilizes a host-file injection mechanism to redirect traffic toward its local filtering engine and ap
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Terrascan is an infrastructure as code security scanner and cloud configuration auditor designed to detect security violations and compliance risks in cloud templates and Dockerfiles before provisioning. It utilizes the Open Policy Agent to evaluate infrastructure templates against both standard security policies and custom organizational rules. The project functions as a security guardrail within build pipelines, blocking risky deployments by integrating scanning logic directly into CI/CD workflows. It also includes a container registry vulnerability scanner that collects vulnerability data
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
This project is a PHP environment manager and testing utility designed to back up and revert the global application state. It functions as a snapshotter that captures the current state of global variables and settings to prevent side effects between different execution contexts. The tool focuses on automating testing environment control and ensuring test isolation within PHPUnit suites. It accomplishes this by snapshotting and reverting global state changes during execution to create predictable and reproducible conditions for software tests. The system implements a backup-and-restore cycle
CloudPentestCheatsheets is a knowledge base and curated set of technical instructions for executing penetration tests on cloud-native architecture. It serves as a security audit guide and cheat sheet for auditing security and identifying misconfigurations across major cloud environments. The project provides structured materials for performing cloud penetration testing, security auditing, and asset enumeration. These resources are organized to support multi-cloud security assessments through the evaluation of offensive security postures across various cloud service providers. The technical g
Cloud Custodian is a multi-cloud governance engine and policy enforcement tool designed to automate security, compliance, and cost optimization across various cloud providers. It functions as a rules engine that uses a declarative domain specific language to query cloud resources and execute corrective actions based on predefined filters. The system operates as a serverless policy orchestrator, deploying provider-specific functions to trigger real-time enforcement in response to cloud resource changes. It provides a provider-agnostic resource abstraction to maintain consistent operational pol
Terraformer is a reverse engineering tool and infrastructure-to-code generator that transforms existing live cloud resources into declarative configuration files and state manifests. It functions as a cloud infrastructure exporter, allowing users to extract resource metadata from cloud providers to create reproducible infrastructure deployments. The tool specializes in reverse engineering by querying cloud provider APIs to map active resource configurations and translate them into Terraform resource blocks. It supports infrastructure state recovery by reconstructing state files from live envi
ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
MobX State Tree is a structured, tree-based state management library for JavaScript applications that combines typed model definitions with reactive snapshots and patch-based change tracking. It provides a reactive state container with runtime and compile-time type safety, where application state is defined as a tree of typed models with collocated actions, computed views, and lifecycle hooks for predictable state mutations. The library is built around an action-centric mutation model that encapsulates all state changes within named functions that directly modify the tree, supported by genera
Rails Admin is a web-based management dashboard and Active Record model manager for Ruby on Rails applications. It provides a graphical user interface for creating, reading, updating, and deleting database records, serving as a secure back office for database content management and administrative data auditing. The project distinguishes itself through a reflection-based schema mapping system that automatically generates CRUD interfaces from database metadata. It includes specialized tools for data versioning and change auditing to track administrative activity, as well as utilities for import
Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor
GrowthBook is a feature flagging and experimentation platform that utilizes a warehouse-native approach to data analysis. It serves as a system for managing feature rollouts and conducting A/B tests by executing SQL queries directly against existing data warehouses to calculate experiment results. The platform is distinguished by its integration of a Model Context Protocol server, which allows AI coding assistants and IDEs to manage flags and query analytics using natural language. It also provides specialized capabilities for AI model optimization, enabling the testing of prompts and models
Otto is a hybrid cloud orchestration platform designed to provision infrastructure and deploy application workloads across diverse cloud environments using infrastructure as code. It functions as an infrastructure as code provisioner that automates the deployment of consistent resources through policy-driven workflows. The project includes a hybrid cloud service mesh for managing service discovery and secure communication between applications, as well as an identity-based access controller for managing secrets and enforcing granular access controls. It also features an infrastructure knowledg
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Kill Bill is a subscription billing platform and usage-based billing engine designed to manage recurring invoicing and automated payment collection. It functions as a multi-tenant billing infrastructure, providing isolated environments for different organizational entities through a dedicated API. The system is distinguished by a plugin-based extension framework that allows for the integration of third-party payment gateways and custom business logic. It includes a payment gateway orchestrator to handle transactions and refunds, as well as a revenue recognition system to allocate contract rev