The best place to search for security-related open source software is obviously GitHub. You can use the search feature on the site to find these useful tools, but there is a place where you can find the most popular items in the security area, the GitHub display area, and probably not many people know about it.
From 2014 onwards, the GITHUB showcase will showcase these most popular items by category. In the display area, items are ranked by the number of stars they get, and this list keeps updating the most popular items currently. The "Security" category included in the showcase contains 24 items, and here we list the top ten security items on GitHub.
1. Osquery-from Facebook
Osquery represents the operating system as a high-performance relational database. This allows you to get operating system data through SQL-based queries. By Osquery, the running processes, loaded kernel modules, open network connections, browser plug-ins, hardware events, or file hashes are abstracted into SQL data tables.
2. Metasploit Framework-from Rapid7
The Metasploit Framework is a tool for developing and enforcing exploit code for remote target hosts.
3. Infer-from Facebook
Facebook Infer is a static analysis tool. Use it to analyze objective-c, Java, or C code to list the potential pitfalls. Before the code is uploaded to the device, you can use infer to find those fatal flaws that can prevent crashes or performance degradation.
4. brakeman-From Presidentbeef
Brakeman is an open source static analysis tool that examines the security vulnerabilities of Ruby on Rails applications.
5. Radare2-From the Radare project
Radare is a forensic tool that is a programmable command-line hex editor that can open disk files. It also supports binary parsing, disassembling code, debugging programs, connecting to a remote GDB server, and more.
6. OS X Auditor-from Jean-philippe teissier
OS x Auditor is a free Mac OS X computer Forensics tool that can parse various types of files and get suspicious content in them.
7. BeEF-From the BeEF project
BeEF is simply a browser that leverages the framework browser the exploitation framework. It is a vulnerability testing tool for browsers.
8. Cuckoo-From the Cuckoo Sandbox Project
The Cuckoo Sandbox is an automated malware dynamic analysis system. Simply put, you can throw any suspicious file to it in a matter of seconds, and cuckoo can give you an approximate result in an isolated environment.
9. Scumblr-From Netflix
SCUMBLR is a WEB application that can periodically check and take different disposal methods based on the results of the inspection.
Moloch-From AOL
Moloch is an open-source, large-scale system that grabs, indexes, and stores data into a database. It provides a simple Web interface that can be used to view, retrieve, and export captured packets. It supports APIs that can directly download PCAP data and JSON-formatted session data. Instead of replacing IDS, Moloch is used to store and index all of the network data in a standard PCAP format, which can be accessed quickly. The Moloch can be deployed across systems and can handle up to ten Gb of traffic per second.
Top ten open source security projects