fingerprintx fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified...
Grepmarx – source code static analysis platform for security auditors Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features...
lynis Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test...
Prowler: AWS Security Tool Prowler is a command-line tool for AWS Security Best Practices Assessment, Auditing, Hardening, and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks)...
CloudSploit CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI),...
checksec Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source). It was originally written by Tobias Klein. The checksec tool can be used...
BOAST The BOAST Outpost for AppSec Testing BOAST is a server built to receive and report Out-of-Band Application Security Testing reactions. Some application security tests will only cause out-of-band reactions from the tested...
S3Scanner A tool to find open S3 buckets in AWS or other cloud providers: AWS DigitalOcean DreamHost GCP Linode Custom The tool takes in a list of bucket names to check. Found S3 buckets...
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
Clair Clair is an open-source project for the static analysis of vulnerabilities in application containers (currently including appc and docker). In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the...
MACOBOX The all-in-one hacking toolbox for hardware penetration testing. MACOBOX is designed to simplify and enhance hardware penetration testing by providing a comprehensive toolset for analyzing and extracting firmware from various hardware interfaces. With...
OneGadget When playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve(‘/bin/sh’, NULL, NULL). This gem provides such gadgets finder, no need to use objdump or IDA-pro...
Matildapp In our modern, interconnected world, the concept of Web3, also known as the decentralized web, represents the next significant shift in Internet technology. Web3, underpinned by blockchain technology and smart contracts, offers unprecedented...
sechub It enables the operation and integration of various security tools with one central API in a development environment. SecHub server orchestrates different security tools by one API layer. Users call SecHub Server but...
TrailShark The TrailShark Capture Utility seamlessly integrates with Wireshark, facilitating the capture of AWS CloudTrail logs directly into Wireshark for near-real-time analysis. This tool can be used for debugging AWS API calls and played...
Popeye – A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not...
