#other #awesome #awesome_list #awesome_lists #bugbounty #dns #domain #exploit #hacking #hacking_tools #osint #osint_tool #redteam #redteaming #search_engine #security #security_tools #url #vulnerabilities #vulnerability #wifi_network
https://github.com/edoardottt/awesome-hacker-search-engines
https://github.com/edoardottt/awesome-hacker-search-engines
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
#html #analytics #appsec #automation #devsecops #django #hacktoberfest #kubernetes #owasp #python #security #security_automation #security_orchestration #vulnerability_correlation #vulnerability_databases #vulnerability_management
https://github.com/DefectDojo/django-DefectDojo
https://github.com/DefectDojo/django-DefectDojo
GitHub
GitHub - DefectDojo/django-DefectDojo: Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Open-Source Unified Vulnerability Management, DevSecOps & ASPM - DefectDojo/django-DefectDojo
#other #azure #blueteam #cybersecurity #defender_for_endpoint #dfir #infosec #kql #mde #mdi #security #sentinel #threat_hunting #vulnerability_management #zero_day
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
GitHub
GitHub - Bert-JanP/Hunting-Queries-Detection-Rules: KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection…
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rul...
#go #cloud_native #golang #kubernetes #misconfiguration #octoberfest #operator #security #security_tools #vulnerability_detection #vulnerability_scanners
https://github.com/aquasecurity/trivy-operator
https://github.com/aquasecurity/trivy-operator
GitHub
GitHub - aquasecurity/trivy-operator: Kubernetes-native security toolkit
Kubernetes-native security toolkit. Contribute to aquasecurity/trivy-operator development by creating an account on GitHub.
#open_policy_agent #appsec #cloudnative #devsecops #golang #hacktoberfest #iac #infrastructure_as_code #open_policy_agent #security #security_tools #vulnerability_detection #vulnerability_scanners
https://github.com/Checkmarx/kics
https://github.com/Checkmarx/kics
GitHub
GitHub - Checkmarx/kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development…
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. - Checkmarx/kics
#python #bugbounty #cybersecurity #hacking #nuclei #penetration_testing #pentesting #reconnaissance #security #security_tools #vulnerability_scanners #web #webapplication #webappsecurity
https://github.com/gotr00t0day/Gsec
https://github.com/gotr00t0day/Gsec
GitHub
GitHub - gotr00t0day/Gsec: Web Security Scanner
Web Security Scanner. Contribute to gotr00t0day/Gsec development by creating an account on GitHub.
#rust #c #foo #greenbone #greenbone_community_edition #greenbone_vulnerability_management #gvm #openvas #openvas_scanner #scanner #techops #vulnerability #vulnerability_assessment #vulnerability_detection #vulnerability_management #vulnerability_scanners
https://github.com/greenbone/openvas-scanner
https://github.com/greenbone/openvas-scanner
GitHub
GitHub - greenbone/openvas-scanner: This repository contains the scanner component for Greenbone Community Edition.
This repository contains the scanner component for Greenbone Community Edition. - greenbone/openvas-scanner
#go #containers #devsecops #docker #go #golang #hacktoberfest #iac #infrastructure_as_code #kubernetes #misconfiguration #security #security_tools #vulnerability #vulnerability_detection #vulnerability_scanners
Trivy is a powerful tool that helps you find security issues in various places like container images, filesystems, Git repositories, and more. It checks for vulnerabilities, misconfigurations, sensitive information, and software licenses. Trivy supports many programming languages and platforms, making it very versatile. You can easily install it using methods like `brew install trivy` or `docker run aquasec/trivy`. It also integrates with popular tools like GitHub Actions and Kubernetes. Using Trivy helps you secure your projects by identifying potential security problems early, which is very beneficial for keeping your software safe and reliable.
https://github.com/aquasecurity/trivy
Trivy is a powerful tool that helps you find security issues in various places like container images, filesystems, Git repositories, and more. It checks for vulnerabilities, misconfigurations, sensitive information, and software licenses. Trivy supports many programming languages and platforms, making it very versatile. You can easily install it using methods like `brew install trivy` or `docker run aquasec/trivy`. It also integrates with popular tools like GitHub Actions and Kubernetes. Using Trivy helps you secure your projects by identifying potential security problems early, which is very beneficial for keeping your software safe and reliable.
https://github.com/aquasecurity/trivy
GitHub
GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories…
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - aquasecurity/trivy
#python #ai #llm_evaluation #llm_security #security_scanners #vulnerability_assessment
`garak` is a free tool that helps check if large language models (LLMs) have weaknesses or can be made to fail in unwanted ways. It tests for issues like hallucinations, data leaks, prompt injections, misinformation, and more. You can use it like `nmap` but for LLMs. To use `garak`, you install it with `pip` and specify the LLM model you want to test. It runs various probes to see if the model behaves incorrectly and gives you detailed reports on any vulnerabilities found. This helps ensure your LLMs are safe and reliable. You can get started by following the user guide and joining their Discord community for support.
https://github.com/NVIDIA/garak
`garak` is a free tool that helps check if large language models (LLMs) have weaknesses or can be made to fail in unwanted ways. It tests for issues like hallucinations, data leaks, prompt injections, misinformation, and more. You can use it like `nmap` but for LLMs. To use `garak`, you install it with `pip` and specify the LLM model you want to test. It runs various probes to see if the model behaves incorrectly and gives you detailed reports on any vulnerabilities found. This helps ensure your LLMs are safe and reliable. You can get started by following the user guide and joining their Discord community for support.
https://github.com/NVIDIA/garak
GitHub
GitHub - NVIDIA/garak: the LLM vulnerability scanner
the LLM vulnerability scanner. Contribute to NVIDIA/garak development by creating an account on GitHub.
#go #afrog #bug_bounty #penetration_testing #pentest #poc #red_teaming #vulnerability_scanner #vulnerability_scanning_tools
Afrog is a powerful tool for security professionals, especially those involved in bug bounty, penetration testing, and red teaming. It is a high-performance vulnerability scanner that is fast, stable, and has low false positives. Afrog supports user-defined Proof of Concepts (PoCs) and comes with various built-in types like CVE, CNVD, default passwords, and more. It generates detailed HTML vulnerability reports and allows customizable and updatable PoCs.
Using afrog, you can quickly scan websites for vulnerabilities, create HTML reports, and even store results in a database for easy access via a web interface. The tool is open-source, has an active community, and can be installed using Go or by downloading binaries from GitHub.
Overall, afrog enhances your security defense capabilities by providing a robust and efficient way to identify and remediate vulnerabilities.
https://github.com/zan8in/afrog
Afrog is a powerful tool for security professionals, especially those involved in bug bounty, penetration testing, and red teaming. It is a high-performance vulnerability scanner that is fast, stable, and has low false positives. Afrog supports user-defined Proof of Concepts (PoCs) and comes with various built-in types like CVE, CNVD, default passwords, and more. It generates detailed HTML vulnerability reports and allows customizable and updatable PoCs.
Using afrog, you can quickly scan websites for vulnerabilities, create HTML reports, and even store results in a database for easy access via a web interface. The tool is open-source, has an active community, and can be installed using Go or by downloading binaries from GitHub.
Overall, afrog enhances your security defense capabilities by providing a robust and efficient way to identify and remediate vulnerabilities.
https://github.com/zan8in/afrog
GitHub
GitHub - zan8in/afrog: A Security Tool for Bug Bounty, Pentest and Red Teaming.
A Security Tool for Bug Bounty, Pentest and Red Teaming. - zan8in/afrog
#javascript #bugbounty #exploit_development #exploits #fingerprint #hacktoberfest #nuclei #nuclei_checks #nuclei_templates #security #vulnerability_detection
Nuclei Templates are pre-made scripts used by the Nuclei scanner to find security vulnerabilities in applications. These templates are created and shared by a community of users, making it easier for everyone to identify and fix security issues. You can contribute your own templates, report bugs, or request new features, which helps grow the library of available templates. This community-driven approach ensures that the scanner stays updated and effective, benefiting users by providing a robust tool for enhancing application security. You can also join discussions on GitHub or the Discord community to learn more and share ideas.
https://github.com/projectdiscovery/nuclei-templates
Nuclei Templates are pre-made scripts used by the Nuclei scanner to find security vulnerabilities in applications. These templates are created and shared by a community of users, making it easier for everyone to identify and fix security issues. You can contribute your own templates, report bugs, or request new features, which helps grow the library of available templates. This community-driven approach ensures that the scanner stays updated and effective, benefiting users by providing a robust tool for enhancing application security. You can also join discussions on GitHub or the Discord community to learn more and share ideas.
https://github.com/projectdiscovery/nuclei-templates
GitHub
GitHub - projectdiscovery/nuclei-templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.
Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates
#go #api_gateway #application_security #appsec #blueteam #bruteforce #captcha #cve #cybersecurity #firewall #hackers #http_flood #security #self_hosted #sql_injection #vulnerability #waf #web_application_firewall #web_security #websecurity #xss
SafeLine is a tool that helps keep your web applications safe from attacks. It acts like a shield between your website and the internet, filtering and blocking bad traffic. This protects your site from things like SQL injection, XSS, and other types of attacks. SafeLine also has features like rate limiting to stop too much traffic, anti-bot challenges to block bots, and dynamic protection to encrypt your HTML and JS codes. Using SafeLine makes your web apps more secure, which is important to protect your data and users.
https://github.com/chaitin/SafeLine
SafeLine is a tool that helps keep your web applications safe from attacks. It acts like a shield between your website and the internet, filtering and blocking bad traffic. This protects your site from things like SQL injection, XSS, and other types of attacks. SafeLine also has features like rate limiting to stop too much traffic, anti-bot challenges to block bots, and dynamic protection to encrypt your HTML and JS codes. Using SafeLine makes your web apps more secure, which is important to protect your data and users.
https://github.com/chaitin/SafeLine
GitHub
GitHub - chaitin/SafeLine: SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from…
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. - chaitin/SafeLine
#go #container_image #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #openvex #security #static_analysis #tool #vex #vulnerabilities #vulnerability
Grype is a tool that scans container images and filesystems for known vulnerabilities. It supports various package types, including those from major operating systems like Alpine, Debian, and Ubuntu, as well as language-specific packages like Ruby, Java, JavaScript, Python, and more. Here’s how it benefits you You can easily install Grype using a simple script or through package managers like Homebrew or Chocolatey.
- **Comprehensive Scanning** You can choose from different output formats such as table, JSON, CycloneDX, and SARIF, or even create custom templates.
- **Integration with Other Tools** Grype has active community meetings and support options, including commercial support through Anchore.
- **Automatic Database Updates**: Grype manages its vulnerability database automatically, ensuring you always have the latest vulnerability information.
Overall, Grype helps you identify and manage vulnerabilities in your container images and filesystems efficiently.
https://github.com/anchore/grype
Grype is a tool that scans container images and filesystems for known vulnerabilities. It supports various package types, including those from major operating systems like Alpine, Debian, and Ubuntu, as well as language-specific packages like Ruby, Java, JavaScript, Python, and more. Here’s how it benefits you You can easily install Grype using a simple script or through package managers like Homebrew or Chocolatey.
- **Comprehensive Scanning** You can choose from different output formats such as table, JSON, CycloneDX, and SARIF, or even create custom templates.
- **Integration with Other Tools** Grype has active community meetings and support options, including commercial support through Anchore.
- **Automatic Database Updates**: Grype manages its vulnerability database automatically, ensuring you always have the latest vulnerability information.
Overall, Grype helps you identify and manage vulnerabilities in your container images and filesystems efficiently.
https://github.com/anchore/grype
GitHub
GitHub - anchore/grype: A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems - anchore/grype
#java #ant_task #build_tool #gradle_plugin #jenkins_plugin #maven_plugin #security #security_audit #software_composition_analysis #vulnerability_detection
Dependency-Check is a tool that helps you find vulnerabilities in the libraries and dependencies your project uses. It checks for known security issues by matching your dependencies against a database of vulnerabilities. Here’s how it benefits you It identifies publicly disclosed vulnerabilities in your project's dependencies, helping you secure your software.
- **Ease of Use** It generates reports linking to the associated CVE entries, providing clear information about the vulnerabilities found.
- **Flexibility** It is widely recognized and used, with documentation and community support available.
Overall, Dependency-Check helps ensure your software is secure by automatically detecting and reporting potential vulnerabilities in your dependencies.
https://github.com/jeremylong/DependencyCheck
Dependency-Check is a tool that helps you find vulnerabilities in the libraries and dependencies your project uses. It checks for known security issues by matching your dependencies against a database of vulnerabilities. Here’s how it benefits you It identifies publicly disclosed vulnerabilities in your project's dependencies, helping you secure your software.
- **Ease of Use** It generates reports linking to the associated CVE entries, providing clear information about the vulnerabilities found.
- **Flexibility** It is widely recognized and used, with documentation and community support available.
Overall, Dependency-Check helps ensure your software is secure by automatically detecting and reporting potential vulnerabilities in your dependencies.
https://github.com/jeremylong/DependencyCheck
GitHub
GitHub - jeremylong/DependencyCheck: The dependency-check repository has moved:
The dependency-check repository has moved:. Contribute to jeremylong/DependencyCheck development by creating an account on GitHub.
👍1
#go #attack_surface #cve_scanner #dast #hacktoberfest #nuclei_engine #security #security_scanner #subdomain_takeover #vulnerability_assessment #vulnerability_detection #vulnerability_scanner
Nuclei is a powerful vulnerability scanner that uses simple YAML-based templates to detect vulnerabilities. Here are the key benefits You can create and customize your own vulnerability detection scenarios using YAML templates, which helps in mimicking real-world conditions and reducing false positives.
- **High Performance** Thousands of security professionals contribute to the template library, ensuring you have access to the latest vulnerability detections.
- **Integration Capabilities** It supports multiple protocols such as TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and more.
- **Cloud Upload**: You can upload scan results to the ProjectDiscovery cloud platform for further analysis and remediation.
Overall, Nuclei provides a flexible, high-performance, and community-driven solution for vulnerability scanning.
https://github.com/projectdiscovery/nuclei
Nuclei is a powerful vulnerability scanner that uses simple YAML-based templates to detect vulnerabilities. Here are the key benefits You can create and customize your own vulnerability detection scenarios using YAML templates, which helps in mimicking real-world conditions and reducing false positives.
- **High Performance** Thousands of security professionals contribute to the template library, ensuring you have access to the latest vulnerability detections.
- **Integration Capabilities** It supports multiple protocols such as TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and more.
- **Cloud Upload**: You can upload scan results to the ProjectDiscovery cloud platform for further analysis and remediation.
Overall, Nuclei provides a flexible, high-performance, and community-driven solution for vulnerability scanning.
https://github.com/projectdiscovery/nuclei
GitHub
GitHub - projectdiscovery/nuclei: Nuclei is a fast, customizable vulnerability scanner powered by the global security community…
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the ...
❤1
#python #bugbounty #command_injection #commix #detection #exploitation #open_source #pentesting #python #takeover #vulnerability_scanner
Commix is a free tool that helps find and fix security problems in computer systems. It checks for "command injection" vulnerabilities, which are weaknesses that attackers can use to control your system. Commix works on many platforms and uses Python, making it easy to run without needing special setup. This tool benefits users by helping them protect their systems from attacks and ensuring they stay secure. It's also open-source, so anyone can improve or add features to it[1][3].
https://github.com/commixproject/commix
Commix is a free tool that helps find and fix security problems in computer systems. It checks for "command injection" vulnerabilities, which are weaknesses that attackers can use to control your system. Commix works on many platforms and uses Python, making it easy to run without needing special setup. This tool benefits users by helping them protect their systems from attacks and ensuring they stay secure. It's also open-source, so anyone can improve or add features to it[1][3].
https://github.com/commixproject/commix
GitHub
GitHub - commixproject/commix: Automated All-in-One OS Command Injection Exploitation Tool.
Automated All-in-One OS Command Injection Exploitation Tool. - commixproject/commix
#go #device_management #employee_experience #endpoint_ops #endpoint_security #gitops #mdm_api #open_source #osquery #security_analytics #vulnerability_management
Fleet is an open-source platform that helps organizations manage and secure their devices. It supports many operating systems like macOS, Windows, Linux, and ChromeOS. Fleet provides a simple dashboard to control devices from anywhere and integrates well with other tools like Puppet and Splunk. It also offers features like automatic software updates, disk encryption, and remote device management. This makes it easier for IT teams to keep devices secure and up-to-date. Additionally, Fleet is customizable and free to use, which can save organizations money and make their IT processes more efficient.
https://github.com/fleetdm/fleet
Fleet is an open-source platform that helps organizations manage and secure their devices. It supports many operating systems like macOS, Windows, Linux, and ChromeOS. Fleet provides a simple dashboard to control devices from anywhere and integrates well with other tools like Puppet and Splunk. It also offers features like automatic software updates, disk encryption, and remote device management. This makes it easier for IT teams to keep devices secure and up-to-date. Additionally, Fleet is customizable and free to use, which can save organizations money and make their IT processes more efficient.
https://github.com/fleetdm/fleet
GitHub
GitHub - fleetdm/fleet: Open device management
Open device management. Contribute to fleetdm/fleet development by creating an account on GitHub.