AdminDroid Microsoft 365 auditing tool come up with immense reports on all the Microsoft 365 audit activities in the audit log search. Providing in-depth details on user sign-in activities is a head start for admins to analyze the users' sign-in data. With this Azure AD auditing tool, admins can monitor user logins, user activities, group activities, application activities, etc. Jazz up your Microsoft 365 Azure auditing without playing hard with PowerShell cmdlet like 'Search-UnifiedAuditLog'.
the missing audit log library. auditor's purpose is to provide an easy and standardized way to collect and persists audit logs.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Security auditing tool for Linux, macOS, and Unix-based systems.
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007.
A lightweight web security auditing toolkit. Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.
Yet Another Testing & Auditing Solution
A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues with plugins integration.
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered.
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.
LightBulb is an open source python framework for auditing web applications firewalls.
NIST Certified SCAP 1.2 toolkit. The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.
The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines. We maintain great flexibility and interoperability, reducing costs of performing security audits.
WebSploit Is An Open Source Project For Scan And Analysis Remote Syste