Top #audit Tools & Software

shannon

github

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

lighthouse

github

Automated auditing, performance metrics, and best practices for the web.

teleport

github

The easiest, and most secure way to access and protect all of your infrastructure.

vuls

github

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

the-practical-linux-hardening-guide

github

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

Yearning

github

🐳 A most popular sql audit platform for mysql

DependencyCheck

github

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

brakeman

github

A static analysis security vulnerability scanner for Ruby on Rails applications

aircrack-ng

github

WiFi security auditing tools suite

rundeck

github

Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts

DeepAudit

github

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

black-hat-rust

github

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Harden-Windows-Security

github

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Store✨

ciso-assistant-community

github

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 130+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

xunfeng

github

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

pentest-tools

github

A collection of custom security tools for quick needs.

dockle

github

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

inspec

github

InSpec: Auditing and Testing Framework

GScan

github

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

pwndoc

github

Pentest Report Generator

bundler-audit

github

Patch-level verification for Bundler

windows_hardening

github

HardeningKitty and Windows Hardening Settings

find-sec-bugs

github

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

masvs

github

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.