From a77de581131bc53a775a4026e34f01da23469ebd Mon Sep 17 00:00:00 2001 From: Tyler Bird Date: Thu, 18 Aug 2016 11:49:24 -0600 Subject: [PATCH 01/33] Add snw tools --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 92552d9..5918e84 100644 --- a/README.md +++ b/README.md @@ -116,10 +116,10 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Fast Packet Processing -- [DPDK](http://dpdk.org/) - DPDK is a set of libraries and drivers for fast packet processing. +- [DPDK](http://dpdk.org/) - DPDK is a set of libraries and drivers for fast packet processing. - [PFQ](https://github.com/pfq/PFQ) - PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission (10G and beyond), in-kernel functional processing and packets steering across sockets/end-points. - [PF_RING](http://www.ntop.org/products/packet-capture/pf_ring/) - PF_RING is a new type of network socket that dramatically improves the packet capture speed. -- [PF_RING ZC (Zero Copy)](http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/) - PF_RING ZC (Zero Copy) is a flexible packet processing framework that allows you to achieve 1/10 Gbit line rate packet processing (both RX and TX) at any packet size. It implements zero copy operations including patterns for inter-process and inter-VM (KVM) communications. +- [PF_RING ZC (Zero Copy)](http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/) - PF_RING ZC (Zero Copy) is a flexible packet processing framework that allows you to achieve 1/10 Gbit line rate packet processing (both RX and TX) at any packet size. It implements zero copy operations including patterns for inter-process and inter-VM (KVM) communications. - [PACKET_MMAP/TPACKET/AF_PACKET](http://lxr.free-electrons.com/source/Documentation/networking/packet_mmap.txt) - It's fine to use PACKET_MMAP to improve the performance of the capture and transmission process in Linux. - [netmap](http://info.iet.unipi.it/~luigi/netmap/) - netmap is a framework for high speed packet I/O. Together with its companion VALE software switch, it is implemented as a single kernel module and available for FreeBSD, Linux and now also Windows. @@ -218,6 +218,11 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [OpenSOC](https://github.com/OpenSOC/opensoc) - OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. - [binarypig](https://github.com/endgameinc/binarypig) - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch. +## Datastores + +- [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. +- [Safe](https://github.com/starkandwayne/safe) - A Vault CLI that makes reading from and writing to the Vault easier to do. + ## Other Awesome Lists ### Other Security Awesome Lists From 82ba6ca5f0a7d61963fe58418ded86bc12bb5caf Mon Sep 17 00:00:00 2001 From: Daxda Date: Mon, 29 Aug 2016 13:18:57 +0200 Subject: [PATCH 02/33] HoneyPy `404` -> `200` Fixed link of `HoneyPy`, previously it pointed to a 404 page because the username changed from `foospidy.com` to `foospidy`. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5918e84..114456c 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Honey Pot / Honey Net -- [HoneyPy](https://github.com/foospidy.com/HoneyPy) - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. +- [HoneyPy](https://github.com/foospidy/HoneyPy) - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. - [Dionaea](http://dionaea.carnivore.it/) - Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls. - [Conpot](http://conpot.org/) - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants. - [Amun](https://github.com/zeroq/amun) - Amun Python-based low-interaction Honeypot. From a5ac21112697831f01520243c21e8538b9c8c1f1 Mon Sep 17 00:00:00 2001 From: "Julien Vehent [:ulfr]" Date: Sun, 18 Sep 2016 10:56:57 -0400 Subject: [PATCH 03/33] Add various security projets & books --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 114456c..7680dfd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Threat Intelligence](#threat-intelligence) - [Web](#web) - [Big Data](#big-data) + - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) - [Other Security Awesome Lists](#other-security-awesome-lists) - [Other Common Awesome Lists](#other-common-awesome-lists) @@ -170,6 +171,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Forensics - [grr](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics. +- [mig](http://mig.mozilla.org/) - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. ## Threat Intelligence @@ -218,10 +220,15 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [OpenSOC](https://github.com/OpenSOC/opensoc) - OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. - [binarypig](https://github.com/endgameinc/binarypig) - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch. +## DevOps + +- [Securing DevOps](https://manning.com/books/securing-devops?a_aid=securingdevops&a_bid=1353bcd8) - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure. + ## Datastores - [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. - [Safe](https://github.com/starkandwayne/safe) - A Vault CLI that makes reading from and writing to the Vault easier to do. +- [Sops](https://github.com/mozilla/sops - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP. ## Other Awesome Lists From 2e02f09a531e9ba099a7ee4230a6886ed9c82b9c Mon Sep 17 00:00:00 2001 From: Nimit Shah Date: Fri, 21 Oct 2016 14:04:32 -0400 Subject: [PATCH 04/33] Adding a link to live http header chrome extension --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 114456c..d643c9d 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [wireshark](https://www.wireshark.org) - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. - [netsniff-ng](http://netsniff-ng.org/) - netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa. +- [Live HTTP headers](https://chrome.google.com/webstore/detail/live-http-headers/iaiioopjkcekapmldfgbebdclcnpgnlo?utm_source=chrome-ntp-icon) - Live HTTP headers is a free chrome extension to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations. ### Security Information & Event Management From fe2fd3921af35340b4303e82af49eea48f4e3166 Mon Sep 17 00:00:00 2001 From: sigmaapex Date: Sun, 30 Oct 2016 09:25:59 -0400 Subject: [PATCH 05/33] Added two links --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d643c9d..955d287 100644 --- a/README.md +++ b/README.md @@ -171,6 +171,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Forensics - [grr](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics. +- [Volatility](https://github.com/volatilityfoundation/volatility) - Python based memory extraction and analysis framework. ## Threat Intelligence @@ -190,6 +191,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [virustotal](https://www.virustotal.com/) - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners. - [IntelMQ](https://github.com/certtools/intelmq/) - IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. [ENSIA Homepage](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation). - [CIFv2](https://github.com/csirtgadgets/massive-octo-spice) - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). +- [CriticalStack](https://intel.criticalstack.com/) - Free aggregated threat intel for the Bro network security monitoring platform. ## Web From 9485553108908eb55547900ddd60b5b7ce592f24 Mon Sep 17 00:00:00 2001 From: filinpavel Date: Mon, 14 Nov 2016 14:07:58 +0700 Subject: [PATCH 06/33] added scapy and changed docker link added scapy to Network \ Scaning/Pentesting section and changed docker-metasploit link cause https://hub.docker.com/r/pandrew/metasploit/ shows 404 page --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d643c9d..b31ff81 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Metasploit Framework](https://github.com/rapid7/metasploit-framework) - A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. - [Kali](https://www.kali.org/) - Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). - [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool. +- [scapy](https://github.com/secdev/scapy) - Scapy: the python-based interactive packet manipulation program & library. - [Pompem](https://github.com/rfunix/Pompem) - Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security... - [Nmap](https://nmap.org) - Nmap is a free and open source utility for network discovery and security auditing. @@ -136,7 +137,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) - `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) -- `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.com/r/pandrew/metasploit/) +- `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) - `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) From dff4b176d486e5de7c0ea213ae5c505e4d937b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20K=C3=BChnel?= Date: Mon, 21 Nov 2016 12:40:34 +0100 Subject: [PATCH 07/33] Fix link to docker section from TOC --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 88f1201..febeccd 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Fast Packet Processing](#fast-packet-processing) - [Firewall](#firewall) - [Anti-Spam](#anti-spam) - - [Docker](#docker) + - [Docker](#docker-images-for-penetration-testing--security) - [Endpoint](#endpoint) - [Anti-Virus / Anti-Malware](#anti-virus--anti-malware) - [Threat Intelligence](#threat-intelligence) From caf27c9111f19574879736fe8021b2321511c777 Mon Sep 17 00:00:00 2001 From: Paul Date: Thu, 24 Nov 2016 16:03:50 +0100 Subject: [PATCH 08/33] Updated structure & Added Rasp category --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 88f1201..028dfe1 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,16 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Docker](#docker) - [Endpoint](#endpoint) - [Anti-Virus / Anti-Malware](#anti-virus--anti-malware) + - [Configuration Management](#configuration-management) + - [Authentication](#authentication) + - [Mobile / Android / iOS](#mobile--android--ios) + - [Forensics](#forensics) - [Threat Intelligence](#threat-intelligence) - [Web](#web) + - [Organization](#organization) + - [Web Application Firewall](#web-application-firewall) + - [Scanning / Pentesting](#scanning--pentesting-1) + - [Runtime Application Self-Protection](#runtime-application-self-protection) - [Big Data](#big-data) - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) @@ -165,7 +173,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [google-authenticator](https://github.com/google/google-authenticator) - The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. [Tutorials: How to set up two-factor authentication for SSH login on Linux](http://xmodulo.com/two-factor-authentication-ssh-login-linux.html) -### Mobile / Android /iOS +### Mobile / Android / iOS - [android-security-awesome](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps. - [SecMobi Wiki](http://wiki.secmobi.com/) - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. * @@ -214,6 +222,10 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework. - [PTF](https://github.com/trustedsec/ptf) - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools. +### Runtime Application Self-Protection + +- [Sqreen](https://www.sqreen.io/) - Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection. + ## Big Data - [data_hacking](https://github.com/ClickSecurity/data_hacking) - Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data. From b0b9d156f6373da7b32aa6a35cfa2d2b7c345f8c Mon Sep 17 00:00:00 2001 From: Kim Carter Date: Thu, 22 Dec 2016 16:05:50 +1300 Subject: [PATCH 09/33] Added OSSEC and Stealth --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 18e56f9..914a918 100644 --- a/README.md +++ b/README.md @@ -78,9 +78,11 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Snort](https://www.snort.org/) - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time". - [Bro](https://www.bro.org/) - Bro is a powerful network analysis framework that is much different from the typical IDS you may know. +- [OSECC](https://github.com/ossec/ossec-hids) - Comprehensive HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Plenty of reasonable documentaion. Sweet spot is medium to large deployments. - [Suricata](http://suricata-ids.org/) - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors. - [Security Onion](http://blog.securityonion.net/) - Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! - [sshwatch](https://github.com/marshyski/sshwatch) - IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log. +- [Stealth](https://fbb-git.github.io/stealth/) - File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments. - [AIEngine](https://bitbucket.org/camp0/aiengine) - AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others. - [Denyhosts](http://denyhosts.sourceforge.net/) - Thwart SSH dictionary based attacks and brute force attacks. - [Fail2Ban](http://www.fail2ban.org/wiki/index.php/Main_Page) - Scans log files and takes action on IPs that show malicious behavior. From aaa639c811290f61328d26571a97eaabc4b2b61d Mon Sep 17 00:00:00 2001 From: Kim Carter Date: Thu, 22 Dec 2016 16:29:01 +1300 Subject: [PATCH 10/33] Moved OSSEC, Added NSP --- README.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 914a918..7869a3c 100644 --- a/README.md +++ b/README.md @@ -57,20 +57,13 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Monitoring / Logging -- [snyk.io](https://snyk.io/) - Snyk is a opensource tool to scan for vulnerabilities. Find, fix and monitor for known vulnerabilities in Node.js npm package fixtures used for testing the patches of vulndb. - +- [snyk.io](https://snyk.io/) - Snyk is a paid-for opensource tool to scan for vulnerabilities. Find, fix and monitor for known vulnerabilities in Node.js npm package fixtures used for testing the patches of vulndb. - [justniffer](http://justniffer.sourceforge.net/) - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. - - [httpry](http://dumpsterventures.com/jason/httpry/) - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. - - [ngrep](http://ngrep.sourceforge.net/) - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. - - [passivedns](https://github.com/gamelinux/passivedns) - A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer. - - [sagan](http://sagan.quadrantsec.com/) - Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc). - -- [OSSEC](http://www.ossec.net/) - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. - +- [Node Security Platform](https://nodesecurity.io/) - Similar feature set to Snyk, but free in most cases, and very cheap for others. - [ntopng](http://www.ntop.org/products/traffic-analysis/ntop/) - Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. - [Fibratus](https://github.com/rabbitstack/fibratus) - Fibratus is a tool for exploration and tracing of the Windows kernel. It is able to capture the most of the Windows kernel activity - process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments. @@ -78,7 +71,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Snort](https://www.snort.org/) - Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time". - [Bro](https://www.bro.org/) - Bro is a powerful network analysis framework that is much different from the typical IDS you may know. -- [OSECC](https://github.com/ossec/ossec-hids) - Comprehensive HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Plenty of reasonable documentaion. Sweet spot is medium to large deployments. +- [OSSEC](https://ossec.github.io/) - Comprehensive Open Source HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Plenty of reasonable documentation. Sweet spot is medium to large deployments. - [Suricata](http://suricata-ids.org/) - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors. - [Security Onion](http://blog.securityonion.net/) - Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! - [sshwatch](https://github.com/marshyski/sshwatch) - IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log. From 5daf2f1bf659d72343e6979f250d8240363c053b Mon Sep 17 00:00:00 2001 From: Kim Carter Date: Thu, 22 Dec 2016 16:34:03 +1300 Subject: [PATCH 11/33] Added awesome-honeypots --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 18e56f9..bbc9e7e 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Honey Pot / Honey Net +- [awesome-honeypots](https://github.com/paralax/awesome-honeypots) - The canonical awesome honeypot list. - [HoneyPy](https://github.com/foospidy/HoneyPy) - HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. - [Dionaea](http://dionaea.carnivore.it/) - Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls. - [Conpot](http://conpot.org/) - ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants. From e0edb8bbc6e9ebe07b0e8c677ed8bcb04338490d Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 4 Jan 2017 22:35:35 +0100 Subject: [PATCH 12/33] Add Awesome Cyber Skills --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3bf1ada..ef43fbe 100644 --- a/README.md +++ b/README.md @@ -249,6 +249,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Android Security Awesome](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources. - [Awesome CTF](https://github.com/apsdehal/awesome-ctf) - A curated list of CTF frameworks, libraries, resources and software. +- [Awesome Cyber Skills](https://github.com/joe-shenouda/awesome-cyber-skills) - A curated list of hacking environments where you can train your cyber skills legally and safely. - [Awesome Hacking](https://github.com/carpedm20/awesome-hacking) - A curated list of awesome Hacking tutorials, tools and resources. - [Awesome Honeypots](https://github.com/paralax/awesome-honeypots) - An awesome list of honeypot resources. - [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - A curated list of awesome malware analysis tools and resources. From ae3ed10797fce49c4ca85fa979384e17e66fecd3 Mon Sep 17 00:00:00 2001 From: Jon Zeolla Date: Mon, 9 Jan 2017 21:06:23 -0500 Subject: [PATCH 13/33] Add Apache Spot and Metron (both incubating) under Big Data --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ef43fbe..3eaf2d4 100644 --- a/README.md +++ b/README.md @@ -231,6 +231,8 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [hadoop-pcap](https://github.com/RIPE-NCC/hadoop-pcap) - Hadoop library to read packet capture (PCAP) files. - [Workbench](http://workbench.readthedocs.org/) - A scalable python framework for security research and development teams. - [OpenSOC](https://github.com/OpenSOC/opensoc) - OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. +- [Apache Metron (incubating)](github.com/apache/incubator-metron) - Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. +- [Apache Spot (incubating)](github.com/apache/incubator-spot) - Apache Spot is open source software for leveraging insights from flow and packet analysis. - [binarypig](https://github.com/endgameinc/binarypig) - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch. ## DevOps From 0525a5028fb8d1b2bad6ffb1f97a175437948429 Mon Sep 17 00:00:00 2001 From: Stephen DiCato Date: Tue, 10 Jan 2017 09:50:28 -0500 Subject: [PATCH 14/33] Add 'Awesome Threat Intelligence' to other lists section. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ef43fbe..3f22906 100644 --- a/README.md +++ b/README.md @@ -258,6 +258,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Awesome Linux Containers](https://github.com/Friz-zy/awesome-linux-containers) - A curated list of awesome Linux Containers frameworks, libraries and software. - [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response) - A curated list of resources for incident response. - [Awesome Web Hacking](https://github.com/infoslack/awesome-web-hacking) - This list is for anyone wishing to learn about web application security but do not have a starting point. +- [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of threat intelligence resources. ### Other Common Awesome Lists From 2c1184cdd595ad0abb4cb61285cf789d74734db0 Mon Sep 17 00:00:00 2001 From: Stephen DiCato Date: Tue, 10 Jan 2017 09:53:57 -0500 Subject: [PATCH 15/33] Fix Sops link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef43fbe..de1dc2f 100644 --- a/README.md +++ b/README.md @@ -241,7 +241,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. - [Safe](https://github.com/starkandwayne/safe) - A Vault CLI that makes reading from and writing to the Vault easier to do. -- [Sops](https://github.com/mozilla/sops - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP. +- [Sops](https://github.com/mozilla/sops) - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP. ## Other Awesome Lists From f4957c2907e16769f9ff144b3c49d5dce7c7821b Mon Sep 17 00:00:00 2001 From: Kim Carter Date: Sat, 14 Jan 2017 18:12:57 +1300 Subject: [PATCH 16/33] Added NodeGoat docker image. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c3aa9f6..25a9c8b 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/) - `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https://hub.docker.com/r/danmx/docker-owasp-webgoat/) +- `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) From 248d656a1f85eea01eaef09c5520cdfb4d061182 Mon Sep 17 00:00:00 2001 From: Dan Bergh Johnsson Date: Thu, 19 Jan 2017 22:52:16 +0100 Subject: [PATCH 17/33] Book "Secure by Design" under Web/Development --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index c3aa9f6..d4cb235 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Web Application Firewall](#web-application-firewall) - [Scanning / Pentesting](#scanning--pentesting-1) - [Runtime Application Self-Protection](#runtime-application-self-protection) + - [Runtime Application Self-Protection](#runtime-application-self-protection) - [Big Data](#big-data) - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) @@ -225,6 +226,11 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Sqreen](https://www.sqreen.io/) - Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection. +### Development + +- [Secure by Design](https://www.manning.com/books/secure-by-design?a_aid=danbjson&a_bid=0b3fac80) - Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017) + + ## Big Data - [data_hacking](https://github.com/ClickSecurity/data_hacking) - Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data. From f2ab0b100703ffca9da2f650500fc12210d1f054 Mon Sep 17 00:00:00 2001 From: Dan Bergh Johnsson Date: Thu, 19 Jan 2017 22:53:48 +0100 Subject: [PATCH 18/33] Unintended duplicated row is removed --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d4cb235..daac491 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,6 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Web Application Firewall](#web-application-firewall) - [Scanning / Pentesting](#scanning--pentesting-1) - [Runtime Application Self-Protection](#runtime-application-self-protection) - - [Runtime Application Self-Protection](#runtime-application-self-protection) - [Big Data](#big-data) - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) From 8ca4cb73535d9feaa74e3f58bda091ea5c528df0 Mon Sep 17 00:00:00 2001 From: Dan Bergh Johnsson Date: Thu, 26 Jan 2017 10:39:08 +0100 Subject: [PATCH 19/33] Added section "Web>Development" to ToC --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index daac491..a3be8b5 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Web Application Firewall](#web-application-firewall) - [Scanning / Pentesting](#scanning--pentesting-1) - [Runtime Application Self-Protection](#runtime-application-self-protection) + - [Development](#development) - [Big Data](#big-data) - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) From c712a220b6923c98791f98cda327d6034d3dbb63 Mon Sep 17 00:00:00 2001 From: baahrens Date: Mon, 6 Feb 2017 20:55:54 +0100 Subject: [PATCH 20/33] Fixed broken link chrome extension seems to be gone, firefox link instead --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a3be8b5..6852936 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [wireshark](https://www.wireshark.org) - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. - [netsniff-ng](http://netsniff-ng.org/) - netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa. -- [Live HTTP headers](https://chrome.google.com/webstore/detail/live-http-headers/iaiioopjkcekapmldfgbebdclcnpgnlo?utm_source=chrome-ntp-icon) - Live HTTP headers is a free chrome extension to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations. +- [Live HTTP headers](https://addons.mozilla.org/de/firefox/addon/live-http-headers/) - Live HTTP headers is a free chrome extension to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations. ### Security Information & Event Management From edcc2301c15b981b899d261499403fefd919bd42 Mon Sep 17 00:00:00 2001 From: baahrens Date: Mon, 6 Feb 2017 20:57:38 +0100 Subject: [PATCH 21/33] Edit description of Live HTTP headers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6852936..de1b7f3 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [wireshark](https://www.wireshark.org) - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. - [netsniff-ng](http://netsniff-ng.org/) - netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa. -- [Live HTTP headers](https://addons.mozilla.org/de/firefox/addon/live-http-headers/) - Live HTTP headers is a free chrome extension to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations. +- [Live HTTP headers](https://addons.mozilla.org/de/firefox/addon/live-http-headers/) - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations. ### Security Information & Event Management From ce9474f4c311324dbd3788fa33823ae4839504a1 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI Date: Wed, 15 Feb 2017 21:07:07 +0100 Subject: [PATCH 22/33] add operating systems --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 6aaf869..632419f 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,8 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Development](#development) - [Big Data](#big-data) - [DevOps](#devops) + - [Operating Systems](#operating-systems) + - [Online ressources](#online-ressources) - [Other Awesome Lists](#other-awesome-lists) - [Other Security Awesome Lists](#other-security-awesome-lists) - [Other Common Awesome Lists](#other-common-awesome-lists) @@ -246,6 +248,13 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Securing DevOps](https://manning.com/books/securing-devops?a_aid=securingdevops&a_bid=1353bcd8) - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure. +## Operating Systems + +### Online ressources + +- [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems +- [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions + ## Datastores - [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. From 086a96861e8820a64310ef147c682a303bb576e5 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI Date: Wed, 15 Feb 2017 21:23:25 +0100 Subject: [PATCH 23/33] add distrowatch --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 632419f..064dd03 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems - [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions +- [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems ## Datastores From 0868934016b8db7cbb6fb1a1bd118e22cf5318e1 Mon Sep 17 00:00:00 2001 From: coreb1t Date: Fri, 17 Feb 2017 11:37:48 +0100 Subject: [PATCH 24/33] Added Awesome Pentest Cheat Sheets --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 064dd03..1636b25 100644 --- a/README.md +++ b/README.md @@ -278,6 +278,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response) - A curated list of resources for incident response. - [Awesome Web Hacking](https://github.com/infoslack/awesome-web-hacking) - This list is for anyone wishing to learn about web application security but do not have a starting point. - [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of threat intelligence resources. +- [Awesome Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Collection of the cheat sheets useful for pentesting ### Other Common Awesome Lists From 312e05cc333013f5b13a55ed0ae263544452531c Mon Sep 17 00:00:00 2001 From: RoshSoft Technologies Date: Sun, 26 Feb 2017 12:07:51 -0700 Subject: [PATCH 25/33] Update README Added awesome-industrial-control-system-security list to the "Other Security Awesome Lists" section. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1636b25..3312b0b 100644 --- a/README.md +++ b/README.md @@ -279,6 +279,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Awesome Web Hacking](https://github.com/infoslack/awesome-web-hacking) - This list is for anyone wishing to learn about web application security but do not have a starting point. - [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of threat intelligence resources. - [Awesome Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Collection of the cheat sheets useful for pentesting +- [Awesome Industrial Control System Security](https://github.com/mpesen/awesome-industrial-control-system-security) - A curated list of resources related to Industrial Control System (ICS) security. ### Other Common Awesome Lists From 7215b0da1fbf48b11476ba7e7ea15192f5da8e03 Mon Sep 17 00:00:00 2001 From: sbilly Date: Mon, 6 Mar 2017 08:44:28 +0800 Subject: [PATCH 26/33] Remove snyk.io Remove snyk.io. It's not open source project. pull requests #59 and @jayfk --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 3312b0b..f18d82b 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Monitoring / Logging -- [snyk.io](https://snyk.io/) - Snyk is a paid-for opensource tool to scan for vulnerabilities. Find, fix and monitor for known vulnerabilities in Node.js npm package fixtures used for testing the patches of vulndb. - [justniffer](http://justniffer.sourceforge.net/) - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. - [httpry](http://dumpsterventures.com/jason/httpry/) - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. - [ngrep](http://ngrep.sourceforge.net/) - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. From a1842be40233f31255b90c52b7fad91546988006 Mon Sep 17 00:00:00 2001 From: Nikolaos Kamarinakis Date: Thu, 16 Mar 2017 21:35:49 +0200 Subject: [PATCH 27/33] Add Movies For Hackers ### **Movies For Hackers** > A curated list of movies every hacker & cyberpunk must watch. **GitHub Repo: [here](https://github.com/k4m4/movies-for-hackers)** --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f18d82b..60eeb18 100644 --- a/README.md +++ b/README.md @@ -286,6 +286,7 @@ Other amazingly awesome lists: - [awesome-awesomeness](https://github.com/bayandin/awesome-awesomeness) - awesome-* or *-awesome lists. - [lists](https://github.com/jnv/lists) - The definitive list of (awesome) lists curated on GitHub. +- [Movies For Hacker](https://github.com/k4m4/movies-for-hackers) - A curated list of movies every hacker & cyberpunk must watch. ## [Contributing](contributing.md) From 33f5b65fe81148b37a743e4d64b44d2150a60a81 Mon Sep 17 00:00:00 2001 From: limbic Date: Sat, 18 Mar 2017 21:07:14 +0100 Subject: [PATCH 28/33] Updated READ.ME misspelling Online Resources was misspelled Online Ressources --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f18d82b..32b6039 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Big Data](#big-data) - [DevOps](#devops) - [Operating Systems](#operating-systems) - - [Online ressources](#online-ressources) + - [Online resources](#online-resources) - [Other Awesome Lists](#other-awesome-lists) - [Other Security Awesome Lists](#other-security-awesome-lists) - [Other Common Awesome Lists](#other-common-awesome-lists) @@ -249,7 +249,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ## Operating Systems -### Online ressources +### Online resources - [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems - [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions From 1ea59ba88e63b0d308cd347295c0e456df7805db Mon Sep 17 00:00:00 2001 From: Mohammed Almusaddar Date: Wed, 29 Mar 2017 23:11:35 +0300 Subject: [PATCH 29/33] Add OPNsense --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 69813c3..58480aa 100644 --- a/README.md +++ b/README.md @@ -134,6 +134,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Firewall - [pfSense](https://www.pfsense.org/) - Firewall and Router FreeBSD distribution. +- [OPNsense](https://opnsense.org/) - is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. - [fwknop](https://www.cipherdyne.org/fwknop/) - Protects ports via Single Packet Authorization in your firewall. ### Anti-Spam From a07650e6307b099f618104eda062e225be0062fb Mon Sep 17 00:00:00 2001 From: Diogo Fernandes Date: Thu, 30 Mar 2017 16:29:09 +0200 Subject: [PATCH 30/33] Added ir-rescue --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 69813c3..97f1c23 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [grr](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics. - [Volatility](https://github.com/volatilityfoundation/volatility) - Python based memory extraction and analysis framework. - [mig](http://mig.mozilla.org/) - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. +- [ir-rescue](https://github.com/diogo-fernan/ir-rescue) - *ir-rescue* is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response. ## Threat Intelligence From 2a5a48a9d00d379da1516cb0122850426928e2bb Mon Sep 17 00:00:00 2001 From: Joel Handwell Date: Tue, 23 May 2017 15:31:41 -0400 Subject: [PATCH 31/33] Add OWASP Mobile Security Testing Guide --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bf9b8b1..65117e4 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [android-security-awesome](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps. - [SecMobi Wiki](http://wiki.secmobi.com/) - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. * +- [OWASP Mobile Security Testing Guide](https://github.com/OWASP/owasp-mstg) - A comprehensive manual for mobile app security testing and reverse engineering. ### Forensics From e6270bfabc4ad7331184492e06488c4d30f45535 Mon Sep 17 00:00:00 2001 From: Moshe-Immerman Date: Tue, 6 Jun 2017 15:44:00 +0200 Subject: [PATCH 32/33] add lynis --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 65117e4..4dc2991 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Denyhosts](http://denyhosts.sourceforge.net/) - Thwart SSH dictionary based attacks and brute force attacks. - [Fail2Ban](http://www.fail2ban.org/wiki/index.php/Main_Page) - Scans log files and takes action on IPs that show malicious behavior. - [SSHGuard](http://www.sshguard.net/) - A software to protect services in addition to SSH, written in C +- [Lynis](https://cisofy.com/lynis/) - an open source security auditing tool for Linux/Unix. ### Honey Pot / Honey Net From 2e7880a7f9797b96f155941ae97d760d9cefe283 Mon Sep 17 00:00:00 2001 From: Moshe-Immerman Date: Tue, 6 Jun 2017 15:47:27 +0200 Subject: [PATCH 33/33] add passbolt --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 65117e4..3f4c275 100644 --- a/README.md +++ b/README.md @@ -258,11 +258,13 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions - [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems + ## Datastores -- [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. - [Safe](https://github.com/starkandwayne/safe) - A Vault CLI that makes reading from and writing to the Vault easier to do. - [Sops](https://github.com/mozilla/sops) - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP. +- [passbolt](https://www.passbolt.com/) - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP. +- [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. ## Other Awesome Lists