Browse & filter

Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.

John the Ripper

Also strong

Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.

pentestpasswordscrackingaudit

Security & Privacy

Lynis

Honorable mention

Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.

hardeningauditlinuxcompliance

Security & Privacy

OpenSCAP

Also strong

SCAP toolkit for compliance scanning: Oval, XCCDF, tailoring files, and remediation snippets (e.g. DISA STIG workflows).

compliancestighardeningauditlinux

Security & Privacy

ScoutSuite

Honorable mention

Multi-cloud security auditing: AWS, Azure, GCP, Alibaba—HTML reports highlighting misconfigurations and risky resources.

cloudauditawsazuregcp

Security & Privacy

kubeaudit

Honorable mention

CLI to audit Kubernetes manifests and clusters for security misconfigurations (capabilities, read-only root, privileged, etc.).

kubernetesmanifestsdevsecopsaudit

Archiving & digital preservation

Fixity

Honorable mention

Artefactual command-line tool to schedule and report checksum audits against storage locations—pairs with Archivematica storage.

fixitychecksumauditstoragepreservation