| No. | DevSecOps Aspect | No. | Directory Name |
|---|---|---|---|
| 1 | Web Application Security | 09 | Active Directory Security |
| 2 | API Security | 10 | Infrastructure Security |
| 3 | Mobile Application Security | 11 | Threat Modeling |
| 4 | Thick Client Application Security | 12 | IoT Security |
| 5 | Source Code Review | 13 | OSINT (Open Source Intelligence) |
| 6 | Network Security | 14 | Blockchain Security |
| 7 | Wi-Fi Security | 15 | CI/CD Pipeline Security |
| 8 | Cloud Security | 16 | Docker Container Security |
| 9 | DevSecOps |
| No. | DevSecOps Aspect | Description |
|---|---|---|
| 1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
| 2 | API Security | Test and enhance the security of APIs and microservices. |
| 3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
| 4 | Thick Client Application Security | Assess thick client applications for security issues. |
| 5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
| 6 | Network Security | Secure networks by identifying and addressing weaknesses. |
| 7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
| 8 | Cloud Security | Assess the security of cloud-based systems and services. |
| 9 | Active Directory Security | Evaluate the security of Active Directory environments. |
| 10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
| 11 | Threat Modeling | Model and assess threats to enhance system security. |
| 12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
| 13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
| 14 | Blockchain Security | Assess blockchain systems for security and compliance. |
| 15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
| 16 | Docker Container Security | Secure Docker containers and containerized applications. |
| 17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
| Category | Tools |
|---|---|
| Web Application Pentesting | Burp Suite Pro 🌐, Acunetix 🌐, HCL-AppScan 🌐, Invicti Netsparker 🌐, Fortify WebInspect 🌐, WPScan 🌐, Nikto 🌐, Nuclei 🌐, SQLMap 🌐, OWASP ZAP 🌐, Nmap 🌐, Dirb 🌐, FFUF 🌐, WhatWeb 🌐 |
| Android Security | MobSF 📱, Frida 📱, APKTool 📱, JADX-gui 📱, Android Studio/Genymotion 📱, Drozer 📱, Magisk Root 📱, APKX 📱, mitmproxy 📱, Objection 📱, adb 📱, AndroBugs 📱, Quark Engine 📱, AppMon 📱, ApkScan 📱 |
| iOS Security | MobSF 📲, Frida 📲, Objection 📲, Cycript 📲, iOS Hook 📲, Needle 📲, Class-dump 📲, SSL Kill Switch 2 📲, iMazing 📲, Passionfruit 📲, ios-decrypt 📲 |
| API Pentesting | Postman 📡, Burp Suite Pro 📡, Swagger UI 📡, Kite Runner 📡, Insomnia 📡, GraphQL Voyager 📡, GraphQL Raider 📡 |
| Secure Code Review | SonarQube 🔐, Snyk 🔐, Semgrep 🔐, Fortify-Workbench Audit 🔐, Checkmarx 🔐, Veracode 🔐, CodeQL 🔐, Bandit 🔐, FindSecBugs 🔐, Gitleaks 🔐 |
| Thick Client Pentesting | Fiddler 💻, Sysinternals Suite 💻, dnSpy 💻, de4dot 💻, IDA Pro 💻, Process Explorer 💻, CFF Explorer 💻, OllyDbg 💻, x64dbg 💻, Ghidra 💻, Burp Suite Pro 💻, Wireshark 💻 |
| Network Pentesting | Nmap 🌐, Wireshark 🌐, Metasploit Framework 🌐, Nessus 🌐, OpenVAS 🌐, Responder 🌐, CrackMapExec 🌐, Netcat 🌐, Bettercap 🌐 |
| Active Directory Pentesting | BloodHound 🏢, Mimikatz 🔑, CrackMapExec 🏢, Impacket 📂, Kerbrute 🎭, Rubeus 🔓, LDAPDomainDump 📜, SharpHound 🕵️, PowerView 👀, ADRecon 📊 |
| Cloud Security | Prowler ☁️, ScoutSuite ☁️, CloudSploit ☁️, Pacu ☁️, Steampipe ☁️, CloudMapper ☁️, NCC Group Scout ☁️, kube-bench ☁️ |
| Container Security | Trivy 🐳, Aqua Microscanner 🐳, Clair 🐳, Anchore 🐳, Docker Bench 🐳, kube-hunter 🐳, Falco 🐳, Sysdig 🐳, Snyk 🐳 |
| Firewall Pentesting | hping3 🔥, NPing 🔥, Scapy 🔥, Zmap 🔥, firewalk 🔥, FTester 🔥, Nmap (Firewall Bypass) 🔥, Packet Sender 🔥, T50 🔥, ETTERCAP 🔥, TCPReplay 🔥 |
| WiFi Pentesting | Aircrack-ng 📶, Kismet 📶, Bettercap 📶, Reaver 📶, Fluxion 📶, Wireshark 📶, hcxtools 📶, Fern WiFi Cracker 📶, Evil Twin Attack Tools 📶, Wifiphisher 📶, Hashcat (WPA2 Cracking) 📶 |
| DevSecOps | GitHub Advanced Security 🔧, Trivy 🔧, Snyk 🔧, Anchore 🔧, OWASP Dependency-Check 🔧, jenkins🔧,Bandit 🔧, Checkmarx 🔧, Veracode 🔧, SonarQube 🔧, Dagda 🔧, Sysdig Secure 🔧, Cloud Custodian 🔧 |
| OSINT (Open-Source Intelligence) | theHarvester 🕵️, Maltego 🕵️, SpiderFoot 🕵️, Recon-ng 🕵️, Shodan 🕵️, FOCA 🕵️, Google Dorking 🕵️, OSINT Framework 🕵️, Metagoofil 🕵️, Amass 🕵️, GHunt 🕵️, Sherlock 🕵️, Social-Engineer Toolkit (SET) 🕵️, Sublist3r 🕵️, PhoneInfoga 🕵️, Creepy 🕵️ |
I appreciate your interest in contributing! please read Contribution Guidelines.
A heartfelt thank you to these amazing individuals for their contributions to this project. You can view emoji key to see the various ways you can contribute!
 Marko Živanović 🔧 |
 Madhurendra kumar 💻 |
 0xanon 💻 |
 InfoBugs 💻 |
 Ratnesh kumar 💻 |
 Chandrabhushan Kumar 💻 |
