Information Security
Security Code Scan – static code analyzer for .NET security-code-scan is a vulnerability Patterns Detector for C# and VB.NET. Facts Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML...
Pacu Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an...
Burp Bounty – Scan Check Builder This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very...
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
kubesec Security risk analysis for Kubernetes resources Changelog v2.4 7ec6eeb Merge pull request #100 from controlplaneio/clearer_points_output 223236f chore: bump version in README -> 2.4.0 60a4ee7 test: added base tests for passed f66f1fb fix: updated tests to read the advice score...
SSLyze Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. Description SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting...
Electronegativity It is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the “Electron Security Checklist – A Guide for Developers...
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web applications and networks....
Tracy A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest...
Prowler: AWS CIS Benchmark Tool Prowler is a command-line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49...
