Compilation of open-source security tools & platforms for your Startup

This compilation of open-source tools aim to provide resources you can use for some of the step of the secure development life cycle of your organization, ie:

1. Security Training
2. Security Architecture Review
3. Security Requirements
4. Threat Modeling
5. Static Analysis
6. OpenSource Analysis
7. Dynamic Analysis
8. Penetration Testing

If you think I should add a new tool to the list you can open a github issue or send a PR directly.

Resources

User management

• Keycloak

Authorization service

• Permify
• Teleport

Secret management

• HashiCorp Vault (Key Management Service)
• Passbolt (Password manager)

IDS, IPS, Firewalls and Host/Network monitoring

• Snort
• Suricata
• Zeek
• WireShark
• OSSEC
• Prometheus
• Pfsense

Data visualization

• Grafana

Web Application Firewall

• ModSecurity
• NAXSI
• Shadow Daemon

Object Storage

• MinIO

VPN

• OpenVPN
• Wireguard

Security training platforms

• OWASP Juice Shop
• DVWA

Static analysis tools

• Snyk
• Dockerscan
• Clair scanner
• Bandit (Code analyzer for python)
• Brakeman (Code analyzer for Ruby on rails applications)
• Semgrep (Static analysis at ludicrous speed)

Dynamic analysis tools

• Hetty (Proxy similar to BurpSuite)
• OpenVAS Scanner (Web scanner)
• Nikto2 (Web scanner)
• OWASP ZAP
• Nuclei
• testssl.sh (Dynamic analysis for TLS configuration)

Misc

• Pi-Hole
• Podman
• Homer (Build beautiful dashboards)