lunar: UNIX security auditing tool
The lunar script generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in...
Category: Vulnerability Assessment
OXO: A security scanning framework built for modularity, scalability and simplicity
OXO Scan Orchestration Engine OXO is a security scanning framework built for modularity, scalability, and simplicity. OXO Engine combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting,...
Blinks: Streamline Security Testing, Automate Burp Suite Pro Scans
Blinks Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue...
safety: checks your installed dependencies for known security vulnerabilities
Safety Safety is a command-line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues. If you are using something insecure,...
grype: vulnerability scanner for container images and filesystems
grype A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major...
Ghostwriter: The SpecterOps project management and reporting engine
Ghostwriter Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application. It does not replace some of the more common or traditional project management tools,...
O-Saft: OWASP SSL advanced forensic tool
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
kdigger: context discovery tool for Kubernetes penetration testing
kdigger kdigger, short for “Kubernetes digger”, is a context discovery tool for Kubernetes penetration testing. This tool is a compilation of various plugins called buckets to facilitate pentesting Kubernetes from inside a pod. Please...
ggshield: Detect secret in source code, scan your repo for leaks
GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets,...
betterscan: code analysis & automation platform
betterscan-ce It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech...
Bearer: finds risks and vulnerabilities in your code
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
mageni: open source vulnerability management platform
Mageni Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs. Real-life problems that Mageni solves for you Assets Discovery Services Discovery...
Artemis: modular web reconnaissance tool and vulnerability scanner
Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. Features Artemis includes: subdomain scan using crt.sh, Shodan integration, brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email...
sshamble: A research tool for SSH implementations
sshamble SSHamble is a research tool for SSH implementations that includes: Interesting attacks against authentication Post-session authentication attacks Pre-authentication state transitions Authentication timing analysis Post-session enumeration SSHamble simulates potential attack scenarios, including unauthorized remote access...
noir: attack surface detector from source code
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through...
octoscan: A static vulnerability scanner for GitHub action workflows
Octoscan Octoscan is a static vulnerability scanner for GitHub action workflows. Usage download remote workflows Octoscan can be run against a local git repository or you can download all the workflows with the dl action: analyze...
