Compilation of open-source security tools & platforms for your Startup

This compilation of open-source tools aim to provide resources you can use for some of the step of the secure development life cycle of your organization, ie:

1. Security Training
2. Security Architecture Review
3. Security Requirements
4. Threat Modeling
5. Static Analysis
6. OpenSource Analysis
7. Dynamic Analysis
8. Penetration Testing

If you think I should add a new tool to the list you can open a Github issue or send a PR directly.

User management

• Keycloak

Secret management

• HashiCorp Vault

IDS, IPS, Firewalls and Host/Network monitoring

• Snort
• Suricata
• Zeek
• WireShark
• OSSEC
• Prometheus
• Pfsense

Data visualization

• Grafana

Web Application Firewall

• ModSecurity
• NAXSI
• Shadow Daemon

Object Storage

• MinIO

VPN

• OpenVPN
• Wireguard

Security training platforms

• OWASP Juice Shop
• DVWA

Static analysis tools

• Snyk
• Dockerscan
• Clair scanner
• Bandit (code analyzer for python)
• Brakeman (code analyzer for Ruby on rails applications)
• Semgrep (Static analysis at ludicrous speed)

Dynamic analysis tools

• Hetty (Proxy similar to BurpSuite)
• OpenVAS Scanner (Web scanner)
• Nikto2 (Web scanner)
• OWASP ZAP
• Nuclei

Misc

• Pi-Hole
• Podman