Open-source · Free to use

Automate the
evidence trail.

Scripts, queries, and guides that help auditors programmatically gather evidence from real environments — databases, Linux systems, cloud platforms, and more.

Browse the tools See tutorials
# Pull user access report from a PostgreSQL database
$ python3 databases/postgres/user_access.py
✓ Connected to audit_db
✓ Exported 142 rows → output/user_access_2025-01.csv
──────────────────────────────────
# Sample 25 items using random seed for reproducibility
$ python3 sampling/random_sample.py --n 25 --seed 42
✓ Sample written → output/sample_25.csv

Two repos.
Pick what you need.

View all on GitHub →
Tools

audit-labs/audit-tools

Ready-to-run scripts for common audit procedures: pseudo-random sampling, GITC extraction, database user access, Linux OS reports, and more. Use as-is or adapt to your environment.

Python Shell SQL
Tutorials

audit-labs/tutorials

Step-by-step guides on building your own audit automation using Python, the CLI, and APIs. Good starting point if you're new to scripting or want to extend existing tools.

Jupyter Python Markdown

What's in the toolbox

Coverage across the systems auditors most commonly deal with, with more being added.

[ DB ]

Databases

User access, privilege levels, password rotation checks — for PostgreSQL, MySQL, and others.

[ OS ]

Linux / OS

Shell scripts to generate system reports: users, groups, sudoers, login history, and more.

[ ~ ]

Sampling

Reproducible pseudo-random sampling with a fixed seed — a core procedure for most audits.

[ PM ]

Project Management

Tracking and visualization utilities for audit project data and findings.

[ APP ]

Applications

Scripts targeting specific application-layer controls across common enterprise software.

[ + ]

Contributions welcome

Fork, add a script for your stack, and open a PR. All audit-relevant tools considered.

Used in assessments for
SOX SOC 1 / 2 ISO 27001 NIST CSF ITGC