What is afrog afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command...
What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are...
checkov Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, or kubernetes and detects security and compliance misconfigurations. Checkov is written in Python and provides a...
SMBeagle SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed...
Terrascan Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud-native infrastructure. Features 500+ Policies for security best practices Scanning of Terraform 12+ (HCL2) Scanning of Kubernetes YAML/JSON Support...
What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation...
adalanche – Active Directory ACL Visualizer and Explorer Active Directory security is notoriously difficult. Small organizations generally have no idea what they’re doing, and way too many people are just added to Domain Admins....
tfsec tfsec uses static analysis of your terraforms templates to spot potential security issues. Now with terraform v0.12+ support. Features Checks for sensitive data inclusion across all providers Checks for violations of AWS, Azure,...
pip-audit pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail...
Tsunami Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. Why Tsunami? When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations...
