7 个仓库
Comprehensive suites and frameworks for penetration testing and security research.
Explore 7 awesome GitHub repositories matching part of an awesome list · Security Frameworks. Refine with filters or upvote what's useful.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Industry-standard framework for penetration testing and exploit development.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Core project for automated web application security testing.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Automated pentest framework for offensive security operations.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Automated offensive security framework for reconnaissance and vulnerability scanning.
Axiom 是一个云基础设施编排器和分布式安全扫描框架。它作为一个管理器,用于跨多个云提供商和区域部署、快照和销毁一次性虚拟机集群。 该项目通过自动化在这些远程服务器上配置漏洞工具集和安全审计软件而脱颖而出。它具有一种通过在实例集群中分片目标列表并将结果数据聚合到统一文件和 HTML 报告中来分发安全扫描的机制。 该系统涵盖了广泛的操作能力,包括远程命令执行、并行文件传输以及针对高并发工作负载的内核级网络调优。它还提供用于图像快照管理、用于网络流量的 SSH 隧道以及部署预定义基础设施配置文件的工具。
Dynamic infrastructure management for red teaming and bug bounty hunting.
The Swiss Army knife for automated Web Application Testing
Automated framework for web application security testing.
Cross-platform toolkit for OSINT, forensics, and security research.