Information Security
npq safely* install packages with npm/yarn by auditing them as part of your install process. npq will perform the following steps to sanity check that the package is safe by employing syntactic heuristics and querying...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
Parth Heuristic Vulnerable Parameter Scanner Introduction Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls...
HubbleStack (Hubble for short) is a modular, open-source, security & compliance auditing framework which is built in python, using SaltStack as a library. It provides on-demand profile-based auditing, real-time security event notifications, alerting and...
Sifter Sifter is an osint, recon & vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts,...
Jwtear A modular Command-line tool to parse, create and manipulate JSON Web Token(JWT) tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE...
nuclei Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. It is used to send requests across targets based on a template leading to...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
Framework for Testing WAFs (FTW) Purpose This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline...
