Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to […]
PowerShell Script to perform a quick AD audit _____ ____ _____ _ _ _| _ | | _ |_ _ _| |_| |_| | | | | | | | . | | _||__|__|____/ |__|__|___|___|_|_| by phillips321 If you have any decent powershell one liners that could be used in the script please let me […]
LightBulb is an open source python framework for auditing web application firewalls and filters. Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a […]
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of […]
Yuki Chan is an Automated Penetration Testing tool that will be auditing all standard security assessment for you. It is one of the Best Penetration testing Tool which provides many Integrated Security Tools and Performing Many Penetration testing Operation into Target Network. There are more than 15 Modules has been Integrated with Yuki chan and it is […]
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate security practices and implementation of security auditing in the software development life-cycle. DevAudit can scan your […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
Galileo is a free web application auditing framework that can perform various penetration testing tasks, such as information gathering, fingerprinting, bruteforcing, injection test, and exploiting vulnerabilities. Galileo uses different modules to perform these tasks. The modules can be divided into following categories. Bruteforce Disclosure Fingerprint Injection Scanner Tools Exploitation Bruteforce modules can be used to […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically. Note: Scout2 is stable and […]
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list. Airgeddon Wireless Security Auditing Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS […]
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC […]
CS Suite is a one stop tool for auditing the security posture of the AWS infrastructure and does system audits as well. CS Suite leverages current open source tools capabilities and has other missing checks added into one tool to rule them all. The major features include: Simple installation with support of python virtual environment […]
Graudit (Grep rough audit) is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage: graudit <options> /path/to/scan […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during their pentests. AndroTickler also integrates with Frida to provide method […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
One stop tool for auditing the security posture of AWS. Pre-requisites Python 2.7 pip git Installation git clone https://github.com/SecurityFTW/cs-suite.git cd cs-suite/ sudo python setup.py Note – Generate a set of ReadOnly AWS keys which the tool will ask to finish the installation process. Virtual Environment installation (So you don’t mess with the already installed python […]
WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are domain-joined windows machines. However, some of the functions still apply […]
Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks Fern Wifi Cracker Features: WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP […]
Hey Guys, In this video i show you a great Security Auditing Tool for Unix/Linux Systems called Lynis. Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more […]