Dependency Check : Detects Publicly Disclosed Vulnerabilities In Application Dependencies
.png "Dependency Check : Detects Publicly Disclosed Vulnerabilities In Application Dependencies")
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. Documentation and links to production binary releases can be...
Firezone : WireGuard-Based VPN Server And Firewall
.png "Firezone : WireGuard-Based VPN Server And Firewall")
Firezone is a self-hosted VPN server and Linux firewall Manage remote access through an intuitive web interface and CLI utility.Deploy on your own infrastructure to keep control of your network traffic.Built on WireGuard® to be stable, performant, and lightweight. Get Started Follow our deploy guide to install your self-hosted instance of Firezone. Or, if you're on a supported platform, try our one-line install script : sudo -E bash -c "$(curl...
ggshield : Detect secret in source code, scan your repo for leaks
.png "ggshield : Detect secret in source code, scan your repo for leaks")
ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks. ggshield uses our public API through py-gitguardian to scan and detect potential secrets on files and other text content. Only metadata such as call time, request size and scan...
Verdict-as-a-Service : Analyze files for malicious content
.png "Verdict-as-a-Service : Analyze files for malicious content")
Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. ATTENTION: All SDKs are currently prototypes and under heavy construction! Integration of Malware Detection Easily integrate malware detection into any kind of application, service or platform. Create a command...
FISSURE : Frequency Independent SDR-based Signal Understanding and Reverse Engineering
.png "FISSURE : Frequency Independent SDR-based Signal Understanding and Reverse Engineering")
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a...
Crosslinked : LinkedIn Enumeration Tool
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from an organization. This technique provides accurate results without the use of API keys, credentials, or accessing LinkedIn directly! Install Install the last stable release from PyPi: pip3 install crosslinked Or, install the most recent code from GitHub: git clone https://github.com/m8sec/crosslinkedcd crosslinkedpython3 setup install Prerequisite CrossLinked assumes the organization's account...
Exegol : Fully Featured And Community-Driven Hacking Environment
Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements. Script kiddies use Kali Linux, real pentesters use Exegol, megachads maintain it. Wrapper & images Exegol is two things in one. Try it, and you'll stop using your old, unstable and risky environment, no more Kali Linux as host or...
DeathSleep : A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore
DeathSleep, a PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they have the objective of hiding from memory scanners while sleeping, usually changing page protections and even adding cool...
SecureCodeBox : Automate A Bunch Of Security-Testing Tools Out Of The Box
secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. Purpose of this Project The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application...
DongTai : Open-Source Passive Interactive Security Testing (IAST) Product
.png "DongTai : Open-Source Passive Interactive Security Testing (IAST) Product")
DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java and Python are supported for vulnerability detection. Project structure .├── deploy├── dongtai_common common functions and classes for...
