30 open-source projects similar to openbas-platform/openbas, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Openbas alternative.
Katoolin is a Debian software repository manager and security toolset automator. It functions as a script to automate the addition of repositories and the installation of security tools from Kali Linux onto other Debian-based systems. The project focuses on automating the deployment of penetration testing and forensics software. It provides a method for managing third-party software sources and provisioning security labs with tools for network and system testing without requiring a full operating system installation. The tool includes an interactive command line interface for navigating tool
Pikachu is a web security training platform and vulnerable web application sandbox. It provides a containerized lab environment designed for practicing penetration testing and identifying common security flaws. The project serves as an OWASP Top 10 practice lab, offering a simulation suite for critical risks. It includes specific scenarios for practicing the exploitation of SQL injection, cross-site scripting, remote code execution, and broken access control. The environment covers a broad range of security testing simulations, including directory traversal, server-side request forgery, unsa
Tracee is a cloud-native runtime security and forensics tool that uses eBPF to capture system calls and kernel events in real time. It operates as a standalone binary or a Helm-deployable agent for Kubernetes, normalizing system calls, network events, and container activities into a unified event pipeline for consistent analysis. The tool distinguishes itself through policy-driven event filtering using YAML-based rules, allowing users to target specific workloads and reduce noise during monitoring. It includes built-in threat detection signatures that flag suspicious behavioral patterns witho
DetectIQ is an AI-powered security rule management platform that helps create, analyze, and optimize detection rules across multiple security platforms. It can be used with the provided UI, or just with Python scripts using the self contained detectiq/core module. See examples in the examples…
DFIR LABS is a compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.
OpenWEC is a free and open source (GPLv3) implementation of a Windows Event Collector server running on GNU/Linux and written in Rust.
Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom
.. SPDX-FileCopyrightText: 2014 Upi Tamminen .. SPDX-FileCopyrightText: 2014-2025 Michel Oosterhof .. .. SPDX-License-Identifier: BSD-3-Clause
Cuckoo is an open-source automated malware analysis system that executes suspicious files inside isolated virtual machines and produces structured behavioral reports. The platform captures system calls, file operations, and network activity during execution, compiling them into comprehensive analysis documents for programmatic consumption. The system operates through a modular analysis pipeline that processes behavioral data, applying YARA signature patterns against captured artifacts to identify known malware families. Each analysis run starts from a clean virtual machine snapshot to ensure
GoCheck a blazingly fast™ alternative to Matterpreter's DefenderCheck which identifies the exact bytes that Windows Defender AV by feeding byte slices to MpCmdRun.exe
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Harden-Windows-Security is a security hardening tool and framework designed to reduce the attack surface of the Windows operating system through policy enforcement. It provides a collection of security presets and templates to implement official hardening standards across multiple devices. The project distinguishes itself through a comprehensive execution control system, featuring a manager for Windows Application Control and a kernel protection suite. It implements strict trust models, including kernel-mode driver whitelisting, signed policy implementation on the EFI partition, and code inte
JonMon is a research project I started to help me learn how to code and understand telemetry mechanisms. It is a collection of open-source telemetry sensors designed to provide users with visibility into the operations and activity of their Windows systems. JonMon has a kernel-level driver…
Malware Configuration And Payload Extraction
)](https://github.com/kunai-project/kunai/releases) -->
This application detects active instances of Responder by taking advantage of the fact that Responder will respond to any DNS query. Respotter uses LLMNR, mDNS, and NBNS protocols to search for a bogus hostname that does not exist (default: Loremipsumdolorsitamet). If any of the requests get a…
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Flare-VM is a Windows malware analysis environment consisting of installation scripts that automate the provisioning of a virtual machine. It provides a comprehensive suite of reverse engineering tools, including decompilers and debuggers, along with the necessary system configurations and environment variables for security research. The project functions as a virtual machine image orchestrator, allowing for the automated creation, management, and export of specialized analysis appliances. It features configuration-driven tool selection and the ability to extend installation logic through cus
Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your…
MISP is an open-source threat intelligence sharing platform designed for collecting, storing, and distributing structured threat indicators and intelligence. At its core, it provides a distributed synchronization protocol for transferring events between instances, an attribute-based correlation engine that links matching indicators across events, and a REST API with an OpenAPI specification for programmatic access to threat data. The platform uses formal data formats for JSON, taxonomy, galaxy, and object templates to enable compatibility across tools and communities. The platform distinguish
BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse entities and configurable, traversable attack paths.
OpenCTI is a cyber threat intelligence platform and knowledge base used to store, manage, and analyze technical security data. It functions as a threat intelligence visualization tool and an enterprise security data orchestrator that maps relationships between threat actors, malware, and vulnerabilities. The platform utilizes the STIX and TAXII standards for data representation and exchange, allowing for the sharing and receiving of standardized intelligence bundles. It distinguishes itself by converting complex security information into visual relationship diagrams and geographic maps to ide
GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors. The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including