Tsunami Security Scanner 2020
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. To learn more about this, visit our documentation. It relies heavily on its plugin system to provide basic scanning capabilities. All publicly available to this plugins are hosted in a separate google/tsunami-security-scanner-plugins repository. Current Status Currently it is in 'pre-alpha' release for...
Cybersecurity and the Interconnectedness of the IoT
The Internet of Things (IoT) has become somewhat of a buzzword. It is through the interconnectedness of our devices that we are able to remain connected with one another. In 2018, there were roughly 22 billion IoT devices in use globally. As these continue to become more sophisticated and complex, projections show that this number will climb up to 50 billion come...
shhgit : Finds Secrets & Sensitive Files Across GitHub
shhgit finds secrets and sensitive files across GitHub (including Gists), GitLab and BitBucket committed in near real time. There are many great tools available to help with this depending on which side of the fence you sit. On the adversarial side, popular tools such as gitrob and truggleHog focus on digging in to commit history to find secret tokens from...
reNgine : An Automated recon Framework For Web Applications
reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the domains, endpoints, or gather information. The beauty of reNgine is that it gathers everything in one place. It has a pipeline of reconnaissance, which is highly customizable. reNgine can be very useful...
AI Technology Tracks Employees to Keep Social Distancing
The Coronavirus pandemic has adversely affected most businesses. Many organizations have suspended operations due to a decline in the demand for goods and services. But, some companies have started planning a safe return for their employees. Workers will need to wear masks and keep social distance to avoid contracting the virus. Some enterprises are integrating artificial intelligence (AI) software...
CAPTCHA And Beyond: Defending Against Bad Bots
Bots are a growing threat. An estimated 20% of web traffic is now made up of bad bots, carrying out everything from distributed denial-of-service (DDoS) or “credential stuffing” attacks to scraping data, publishing fake reviews, and slanting advertising and visitor metrics on websites. These Malicious bots are increasingly sophisticated in their behavior, often making them indistinguishable from human users. For...
Autoenum : Automatic Service Enumeration Script
Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments (i.e. HTB, VulnHub, OSCP) and draws a bit from a number of existing tools including AutoRecon (https://github.com/Tib3rius/AutoRecon), Auto-Recon (https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon), and nmapautomator (https://github.com/21y4d/nmapAutomator). Could also be used in a real-life pentesting engagment. Currently has only...
AuthMatrix : A Burp Suite Extension That Provides A Simple Way To Test Authorization
AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrix common in various threat...
Permission Manager : Tool To Kubernetes RBAC And Users Management, Web UI FTW
Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place. With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice&easy web UI. Screenshots First...
Quiver : A Meta-Tool for Kali Linux
Quiver is an organized namespace of shell functions that pre-fill commands in your terminal so that you can ditch your reliance on notes, copying, pasting, editing, copying and pasting again. Quiver helps you remember how to use every tool in your arsenal and doesn't hide them behind scripting that can be cumbersome to maintain or update. Instead you can...
.webp "WDAC Rule Levels Comparison And Guide – Understanding File Attribute-Based Security Measures")
