checkov Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Cloudformation, or kubernetes and detects security and compliance misconfigurations. Checkov is written in Python and provides a...
kubeclarity KubeClarity is a tool for the detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published May 4, 2022 · Last modified September 28, 2023
What is afrog afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published August 21, 2023 · Last modified September 28, 2023
Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...
grype A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating...
For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system...
msldap LDAP library for MS AD Feature Comes with a built-in console LDAP client All parameters can be controlled via a convenient URL (see below) Supports integrated windows authentication (SSPI) both with NTLM and...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published June 9, 2019 · Last modified September 25, 2023
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
Information Gathering / Vulnerability Analysis
by do son · Published February 4, 2020 · Last modified September 24, 2023
naabu naabu is a fast port scanner tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does...
Vulnerability Analysis / Web Vulnerability Analysis
by do son · Published April 9, 2021 · Last modified September 24, 2023
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
