47 matches found
Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...
Admin-Panel_Finder - A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification : Web Application Security Testing 02-Configuration and Deployment Management Testing OTG v4 : OWASP OTG-CONFIG-005 WSTG : WSTG-CONF-05 Why should I use this extension?...
Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners
crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. Th...
Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security
CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabli...
Sx - Fast, Modern, Easy-To-Use Network Scanner
sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with clean and simple code. Features 30x times faster than nmap ARP scan : Scan your local networks to detect live devices ICMP scan : Use advanced ICMP...
Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure
The Nethive Project provides a Security Information and Event Management SIEM insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome's XSS Auditor Post-exploitation Detection powered by Auditbea...
Zap-Hud - The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with a Heads Up Display Video: The OWASP ZAP HUD - Usable Security Tooling Wiki: Inside the HUD Using the HUD Downloading You can try out ZAP enabled with the HUD via any of: Downloa...
Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence
Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. To learn more about Tsunami, visit our documentations. Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All...
Quick Start Guide: ZTD via the LTE Interface (Citrix SD-WAN 110-LTE-SE)
This document depicts a Quick Start Guide for Citrix SD-WAN 110-LTE-SE appliances when performing ZTD Zero Touch Deployment via the LTE Interface...
WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
About WindowsFirewallRuleset Windows firewall rulles organized into individual powershell scripts according to: 1. Rule group 2. Traffic direction 3. IP version IPv4 / IPv6 4. Further sorted according to programs and services such as for example: 2. ICMP traffic 3. Browser rules 4. rules for...
BeEF - The Browser Exploitation Framework Project
What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...
Qualys Cloud Platform (VM, PC) 8.16 New Features
This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...
Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems
One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the qualit...
Electron WebPreferences - Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested...
Action required for IBM MQ on AWS Quick Start for security vulnerabilities in Ubuntu.
Abstract Ubuntu is shipped as a component of IBM MQ in AWS Quick Start. Information about a security vulnerability affecting Ubuntu has been published in a security bulletin. Content Please consult Ubuntu's security bulletin Information Leak via speculative execution side channel attacks...
SCADAS "BAS920 & ISC2000" Credentials Exposed(CVE-2017-17974)
Exploit; SCADAS "BAS920 & ISC2000"; Credentials Exposed BA System “Improper Access Control Authorization” Exploit Title: "SCADAS "BAS920 & ISC2000"; Credentials Exposed” CVE: CVE-2017-17974 Date: 29/12/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: BA...
TCPCopy - A TCP Stream Replay Tool
TCPCopy is a TCP stream replay tool to support real testing of Internet server applications. Description Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of...
Pythem - Penetration Testing Framework
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...
QuickSand.io - Tool For Scanning Streams Within Office Documents Plus Xor DB Attack
QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or...
Analyze Suspected Malware Documents: QuickSand
Analyze Suspected Malware Documents QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detec...