A collection of custom security tools for quick needs.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

ssh rdp vnc telnet sftp bastion/jump web putty xshell terminal jumpserver audit realtime monitor rz/sz 堡垒机 云桌面 linux devops sftp websocket file management rz/sz otp 自动化运维 审计 录像 文件管理 sftp上传 实时监控 录像回放 网页版rz/sz上传下载/动态口令 django

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +60 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

Yet another Django audit log app, hopefully the simplest one.

SIP-Based Audit and Attack Tool

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.

Simple command line tool to check for compliance against CIS Benchmarks

LDAP Watchdog: A real-time linux-compatible LDAP monitoring tool for detecting directory changes, providing visibility into additions, modifications, and deletions for administrators and security researchers.

Arch Linux Security Tracker

Python version of Junos Snapshot Administrator

A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation

Toolkit for Auditing and Mitigating Bias and Fairness of Machine Learning Systems 🔎🤖🧰

A pass extension for auditing your password repository.

A robust, cross-platform inventory utility that generates a QR code containing system hardware specs.

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

A recursive dependency scanner for Python projects

drydock provides a flexible way of assessing the security of your Docker daemon configuration and containers using editable audit templates

A "SIP Torture" (RFC 4475) testing framework.