Security Training Share
The YAWAST Antecedent Web Application Security Toolkit YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL –...
nmap_vulners NSE script using some well-known service to provide info on vulnerabilities The only thing you should always keep in mind is that the script depends on having software versions at hand, so it...
XSpear XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on the headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params...
Attack Surface Mapper Attack Surface Mapper is a reconnaissance tool that uses a mixture of open-source intelligence and active techniques to expand the attack surface of your target. You feed in a mixture of...
CloudMapper CloudMapper generates network diagrams of Amazon Web Services (AWS) environments and displays them via your browser. It helps you understand visually what exists in your accounts and identify possible network misconfigurations. There are...
Open-source vulnerability assessment tool Discover, assess and mitigate known vulnerabilities in your Java and Python projects. The open-source vulnerability assessment tool supports software development organizations in regards to the secure use of open-source components...
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and...
Osmedeus Automatic Reconnaissance and Scanning in Penetration Testing What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Feature Subdomain Scan. Subdomain TakeOver...
WPScan is a black box WordPress vulnerability scanner. Changelog v3.6.3 Fixed unhandled error when performing password attack against wp-login.php and a 302 response only contained one cookie – Ref #1378 Install Requirement Ruby >= 2.2.2...
Clair Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker). In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the...
phpcs-security-audit phpcs-security-audit is a set of PHP_CodeSniffer rules that find vulnerabilities and weaknesses related to security in PHP code. It currently has core PHP rules as well as Drupal 7 specific rules. The tool also checks...
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities....
Dependency Check Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform...
