Security Training Share
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a...
Electronegativity It is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the “Electron Security Checklist – A Guide for Developers...
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of the related information. It isn’t...
Tracy A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest...
ATSCAN SCANNER Advanced Search / Dork / Mass Exploitation Scanner Description Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ●...
KubiScan A tool for scanning Kubernetes cluster for risky permissions in Kubernetes’s Role-based access control (RBAC) authorization model. The tool was published as part of the “Securing Kubernetes Clusters by Eliminating Risky Permissions” research....
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Designed to be entirely extensible by just adding...
Brakeman Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation...
Flask Unsign Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys. For the standalone wordlist component, please visit the flask-unsign-wordlist repository. Changelog v0.0.2 Made it more...
Taipan – Web Application Security Scanner Taipan is an automated web application scanner which allows identifying web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which includes other...
Dependency-Track Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components, however, comes at a cost....
Cloud Reports Collects info about various cloud resources and analyzes them against best practices and give a JSON, HTML or PDF reports. Modules Collectors These collect the information about various cloud resources from the...
MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find...
progpilot A static analyzer for security purposes – Only PHP language is currently supported. Changelog v0.6 issue #15 fixed Use Download the latest phar archive in releases folder (or builds folder for dev versions). Optional: configure your analysis with a yaml...
