Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh.
The Bastion provides mechanisms for authentication, authorization, traceability and auditability for the whole infrastructure.

Security engineering is the discipline of building secure systems.

Its lessons are not just applicable to computer security. In fact this repo aims to document a process for securing anything, whether it's a medieval castle, an art museum, or a computer network.

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.

Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications.

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (OSINT) about IP addresses, domain names, e-mail addresses, usernames, names, subnets and ASNs from many sources such as AlienVault, HaveIBeenPwned, SecurityTrails, SHODAN and more.

Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your site in real time you react faster and more efficiently, allowing you to rectify issues without your users ever having to tell you.

CryptPad is the Zero Knowledge realtime collaborative editor.

Encryption carried out in your web browser protects the data from the server, the cloud and the NSA. It relies on the ChainPad realtime engine.

A proposed standard which allows websites to define security policies.

Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing.

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines. We maintain great flexibility and interoperability, reducing the costs of performing security audits.

Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities.

Harbor solves common challenges by delivering trust, compliance, performance, and interoperability. It fills a gap for organizations and applications that cannot use a public or cloud-based registry, or want a consistent experience across clouds.

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task.

Radare is a portable reversing framework that can...

Disassemble (and assemble for) many different architectures
Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
Perform forensics on filesystems and data carving
Be scripted in Python, Javascript, Go and more
Support collaborative analysis using the embedded webserver
Visualize data structures of several file types
Patch programs to uncover new features or fix vulnerabilities
Use powerful analysis capabilities to speed up reversing
Aid in software exploitation

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).

webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.