Category: Vulnerability Assessment
GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets,...
betterscan-ce It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech...
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
Mageni Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs. Real-life problems that Mageni solves for you Assets Discovery Services Discovery...
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email...
sshamble SSHamble is a research tool for SSH implementations that includes: Interesting attacks against authentication Post-session authentication attacks Pre-authentication state transitions Authentication timing analysis Post-session enumeration SSHamble simulates potential attack scenarios, including unauthorized remote access...
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through...
Octoscan Octoscan is a static vulnerability scanner for GitHub action workflows. Usage download remote workflows Octoscan can be run against a local git repository or you can download all the workflows with the dl action: analyze...
OSV-Scanner Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since...
mitmproxy mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy. pathoc and pathod are...
kube-bench kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Tests are configured with YAML files, making this tool easy to update...
PatrOwl PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlEngines is the engine framework and the supported list of engines performing the operations (scans, searches, API calls, …) in due time. The...
vuls For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a...
Faraday – Open Source Vulnerability Manager Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security...
Dependency Check Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform...
Shuffle Shuffle is an automation platform to unify your security services (SOAR). It has thousands of premade integrations and is based on open frameworks like OpenAPI and Mitre Att&ck. The workflow editor is based on...