#go #cloud_native #golang #kubernetes #misconfiguration #octoberfest #operator #security #security_tools #vulnerability_detection #vulnerability_scanners

https://github.com/aquasecurity/trivy-operator

#open_policy_agent #appsec #cloudnative #devsecops #golang #hacktoberfest #iac #infrastructure_as_code #open_policy_agent #security #security_tools #vulnerability_detection #vulnerability_scanners

https://github.com/Checkmarx/kics

#python #bugbounty #cybersecurity #hacking #nuclei #penetration_testing #pentesting #reconnaissance #security #security_tools #vulnerability_scanners #web #webapplication #webappsecurity

https://github.com/gotr00t0day/Gsec

#rust #c #foo #greenbone #greenbone_community_edition #greenbone_vulnerability_management #gvm #openvas #openvas_scanner #scanner #techops #vulnerability #vulnerability_assessment #vulnerability_detection #vulnerability_management #vulnerability_scanners

https://github.com/greenbone/openvas-scanner

#go #containers #devsecops #docker #go #golang #hacktoberfest #iac #infrastructure_as_code #kubernetes #misconfiguration #security #security_tools #vulnerability #vulnerability_detection #vulnerability_scanners

Trivy is a powerful tool that helps you find security issues in various places like container images, filesystems, Git repositories, and more. It checks for vulnerabilities, misconfigurations, sensitive information, and software licenses. Trivy supports many programming languages and platforms, making it very versatile. You can easily install it using methods like `brew install trivy` or `docker run aquasec/trivy`. It also integrates with popular tools like GitHub Actions and Kubernetes. Using Trivy helps you secure your projects by identifying potential security problems early, which is very beneficial for keeping your software safe and reliable.

https://github.com/aquasecurity/trivy

#python #ai #llm_evaluation #llm_security #security_scanners #vulnerability_assessment

`garak` is a free tool that helps check if large language models (LLMs) have weaknesses or can be made to fail in unwanted ways. It tests for issues like hallucinations, data leaks, prompt injections, misinformation, and more. You can use it like `nmap` but for LLMs. To use `garak`, you install it with `pip` and specify the LLM model you want to test. It runs various probes to see if the model behaves incorrectly and gives you detailed reports on any vulnerabilities found. This helps ensure your LLMs are safe and reliable. You can get started by following the user guide and joining their Discord community for support.

https://github.com/NVIDIA/garak

#go #afrog #bug_bounty #penetration_testing #pentest #poc #red_teaming #vulnerability_scanner #vulnerability_scanning_tools

Afrog is a powerful tool for security professionals, especially those involved in bug bounty, penetration testing, and red teaming. It is a high-performance vulnerability scanner that is fast, stable, and has low false positives. Afrog supports user-defined Proof of Concepts (PoCs) and comes with various built-in types like CVE, CNVD, default passwords, and more. It generates detailed HTML vulnerability reports and allows customizable and updatable PoCs.

Using afrog, you can quickly scan websites for vulnerabilities, create HTML reports, and even store results in a database for easy access via a web interface. The tool is open-source, has an active community, and can be installed using Go or by downloading binaries from GitHub.

Overall, afrog enhances your security defense capabilities by providing a robust and efficient way to identify and remediate vulnerabilities.

https://github.com/zan8in/afrog

#javascript #bugbounty #exploit_development #exploits #fingerprint #hacktoberfest #nuclei #nuclei_checks #nuclei_templates #security #vulnerability_detection

Nuclei Templates are pre-made scripts used by the Nuclei scanner to find security vulnerabilities in applications. These templates are created and shared by a community of users, making it easier for everyone to identify and fix security issues. You can contribute your own templates, report bugs, or request new features, which helps grow the library of available templates. This community-driven approach ensures that the scanner stays updated and effective, benefiting users by providing a robust tool for enhancing application security. You can also join discussions on GitHub or the Discord community to learn more and share ideas.

https://github.com/projectdiscovery/nuclei-templates

#go #api_gateway #application_security #appsec #blueteam #bruteforce #captcha #cve #cybersecurity #firewall #hackers #http_flood #security #self_hosted #sql_injection #vulnerability #waf #web_application_firewall #web_security #websecurity #xss

SafeLine is a tool that helps keep your web applications safe from attacks. It acts like a shield between your website and the internet, filtering and blocking bad traffic. This protects your site from things like SQL injection, XSS, and other types of attacks. SafeLine also has features like rate limiting to stop too much traffic, anti-bot challenges to block bots, and dynamic protection to encrypt your HTML and JS codes. Using SafeLine makes your web apps more secure, which is important to protect your data and users.

https://github.com/chaitin/SafeLine

#go #container_image #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #openvex #security #static_analysis #tool #vex #vulnerabilities #vulnerability

Grype is a tool that scans container images and filesystems for known vulnerabilities. It supports various package types, including those from major operating systems like Alpine, Debian, and Ubuntu, as well as language-specific packages like Ruby, Java, JavaScript, Python, and more. Here’s how it benefits you You can easily install Grype using a simple script or through package managers like Homebrew or Chocolatey.
- **Comprehensive Scanning** You can choose from different output formats such as table, JSON, CycloneDX, and SARIF, or even create custom templates.
- **Integration with Other Tools** Grype has active community meetings and support options, including commercial support through Anchore.
- **Automatic Database Updates**: Grype manages its vulnerability database automatically, ensuring you always have the latest vulnerability information.

Overall, Grype helps you identify and manage vulnerabilities in your container images and filesystems efficiently.

https://github.com/anchore/grype

#java #ant_task #build_tool #gradle_plugin #jenkins_plugin #maven_plugin #security #security_audit #software_composition_analysis #vulnerability_detection

Dependency-Check is a tool that helps you find vulnerabilities in the libraries and dependencies your project uses. It checks for known security issues by matching your dependencies against a database of vulnerabilities. Here’s how it benefits you It identifies publicly disclosed vulnerabilities in your project's dependencies, helping you secure your software.
- **Ease of Use** It generates reports linking to the associated CVE entries, providing clear information about the vulnerabilities found.
- **Flexibility** It is widely recognized and used, with documentation and community support available.

Overall, Dependency-Check helps ensure your software is secure by automatically detecting and reporting potential vulnerabilities in your dependencies.

https://github.com/jeremylong/DependencyCheck

#go #attack_surface #cve_scanner #dast #hacktoberfest #nuclei_engine #security #security_scanner #subdomain_takeover #vulnerability_assessment #vulnerability_detection #vulnerability_scanner

Nuclei is a powerful vulnerability scanner that uses simple YAML-based templates to detect vulnerabilities. Here are the key benefits You can create and customize your own vulnerability detection scenarios using YAML templates, which helps in mimicking real-world conditions and reducing false positives.
- **High Performance** Thousands of security professionals contribute to the template library, ensuring you have access to the latest vulnerability detections.
- **Integration Capabilities** It supports multiple protocols such as TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and more.
- **Cloud Upload**: You can upload scan results to the ProjectDiscovery cloud platform for further analysis and remediation.

Overall, Nuclei provides a flexible, high-performance, and community-driven solution for vulnerability scanning.

https://github.com/projectdiscovery/nuclei

#python #bugbounty #command_injection #commix #detection #exploitation #open_source #pentesting #python #takeover #vulnerability_scanner

Commix is a free tool that helps find and fix security problems in computer systems. It checks for "command injection" vulnerabilities, which are weaknesses that attackers can use to control your system. Commix works on many platforms and uses Python, making it easy to run without needing special setup. This tool benefits users by helping them protect their systems from attacks and ensuring they stay secure. It's also open-source, so anyone can improve or add features to it[1][3].

https://github.com/commixproject/commix

#go #device_management #employee_experience #endpoint_ops #endpoint_security #gitops #mdm_api #open_source #osquery #security_analytics #vulnerability_management

Fleet is an open-source platform that helps organizations manage and secure their devices. It supports many operating systems like macOS, Windows, Linux, and ChromeOS. Fleet provides a simple dashboard to control devices from anywhere and integrates well with other tools like Puppet and Splunk. It also offers features like automatic software updates, disk encryption, and remote device management. This makes it easier for IT teams to keep devices secure and up-to-date. Additionally, Fleet is customizable and free to use, which can save organizations money and make their IT processes more efficient.

https://github.com/fleetdm/fleet

#typescript #ci #ci_cd #cicd #evaluation #evaluation_framework #llm #llm_eval #llm_evaluation #llm_evaluation_framework #llmops #pentesting #prompt_engineering #prompt_testing #prompts #rag #red_teaming #testing #vulnerability_scanners

Promptfoo is a tool that helps developers test and improve AI applications using Large Language Models (LLMs). It allows you to **test prompts and models** automatically, **secure your apps** by finding vulnerabilities, and **compare different models** side-by-side. You can use it on your computer or integrate it into your development workflow. This tool helps you make sure your AI apps work well and are secure before you release them. It saves time and ensures quality by using data instead of guessing.

https://github.com/promptfoo/promptfoo

#python #bounty #bugbounty #bypass #cheatsheet #enumeration #hacking #hacktoberfest #methodology #payload #payloads #penetration_testing #pentest #privilege_escalation #redteam #security #vulnerability #web_application

Payloads All The Things is a comprehensive collection of useful payloads and bypass techniques for web application security testing and penetration testing. It offers detailed documentation for each vulnerability, including how to exploit it and ready-to-use payloads, plus files for tools like Burp Intruder. You can contribute your own payloads or improvements, making it a collaborative resource. It also links to related projects for internal network and hardware pentesting, and provides learning resources like books and videos. Using this resource helps you efficiently find and test security weaknesses in web applications, improving your pentesting effectiveness and knowledge.

https://github.com/swisskyrepo/PayloadsAllTheThings

#python #security #security_tools #vulnerability #vulnerability_databases #vulnerability_management #vulnerability_scanners

OSV is a free, open-source database and toolset that helps you find and manage security vulnerabilities in open source software you use. It collects vulnerability data from many sources, including official advisories and automated scans, and presents it in a clear, machine-readable format. You can use the OSV scanner tool to automatically check your software dependencies for known security issues, helping you fix them quickly. This improves your software’s security by focusing on real risks and making vulnerability management easier and more efficient. OSV also offers APIs and integrates with other tools for automation and alerts.

https://github.com/google/osv.dev

#python #ai #bug_detection #code_audit #code_quality #code_review #developer_tools #devsecops #google_gemini #llm #react #sast #security_scanner #supabase #typescript #vite #vulnerability_scanner #xai

**DeepAudit** is an AI-powered code audit tool using multi-agent collaboration to deeply scan projects for vulnerabilities like SQL injection, XSS, and path traversal. Import code from GitHub/GitLab or paste snippets; agents plan, analyze with RAG knowledge, and verify issues via secure Docker sandbox PoCs, generating PDF reports with fix suggestions. Deploy easily with one Docker command, supports local Ollama models for privacy, and cuts traditional tools' high false positives. **You benefit** by automating secure audits like a pro hacker—saving time, reducing errors, ensuring real exploits are caught, and speeding safe releases without manual hassle.

https://github.com/lintsinghua/DeepAudit