O-Saft: OWASP SSL advanced forensic tool
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
Category: Open Source Tool
coraza: OWASP Coraza Web Application Firewall
OWASP Coraza Web Application Firewall Welcome to OWASP Coraza WAF, Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset. Coraza...
SecretScanner: Find secrets and passwords in container images and file systems
SecretScanner Deepfence SecretScanner can find unprotected secrets in container images or file systems. SecretScanner is a standalone tool that retrieves and searches container and host filesystems, matching the contents against a database of approximately...
kdigger: context discovery tool for Kubernetes penetration testing
kdigger kdigger, short for “Kubernetes digger”, is a context discovery tool for Kubernetes penetration testing. This tool is a compilation of various plugins called buckets to facilitate pentesting Kubernetes from inside a pod. Please...
TrickDump: Dump lsass without generating a Minidump file
TrickDump TrickDump dumps the lsass process without creating a Minidump file, generating instead 3 JSON and 1 ZIP file with the memory region dumps. In three steps: Lock: Get OS information using RtlGetVersion. Shock:...
API Firewall: Fast and light-weight API proxy firewall
Open Source API Firewall API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is designed to protect REST API endpoints in cloud-native environments. It provides API...
attack flow: helps defenders move from tracking adversary behaviors
Attack Flow The Attack Flow project helps defenders move from tracking adversary behaviors individually to the sequence of techniques adversaries use to achieve their goals. Understanding the context within those sequences, as well as...
batfish: network configuration analysis tool
What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device...
SCCM HTTP Looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares
SCCM HTTP Looter Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s) How it works SCCM distribution points (DPs) are the servers used by Microsoft SCCM to host all the...
OWASP WrongSecrets: Secrets Management-focused vulnerable app
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
nightingale: enterprise-level cloud-native monitoring system
Nightingale Nightingale is an enterprise-level cloud-native monitoring system, which can be used as a drop-in replacement for Prometheus for alerting and management. Nightingale is a cloud-native monitoring system by All-In-On design, that supports enterprise-class...
gitxray: leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more
Gitxray Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that...
