Dep-Scan – Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to startRead More

AuraBorealisApp – Do You Know What’s In Your Python Packages? A Tool For Visualizing Python Package Registry Security Audit Data

AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI) via Aura, a static analysis designed for large scale security auditing of Python packages. The current tool is a proof-of-concept, and includes some live Aura data,Read More

MacHound – An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts

MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and ingest the information into the Bloodhound database. In addition to using the HasSession and AdminTo edges, MacHound adds three new edgesRead More

Phpvuln – Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git repository: git clone Install the required PIP packages:Read More

Wynis – Audit Windows Security With Best Practice

Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDIT_CONF_%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus software   -APPDATA%COMPUTERNAME% : List all executable file in APPDATARead More

Audix – A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring

Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window’s Audit Policies are restricted by default. This means that for Incident Responders, Blue Teamers, CISO’s & people looking to monitor their environment through use of Windows Event Logs, must configure the audit policy settings to provide more advanced logging.This utility, aims toRead More

IPv6Tools – A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network

The IPv6Tools framework is a robust set of modules and plugins that allow a user to audit an IPv6 enabled network. The built-in modules support enumeration of IPv6 features such as ICMPv6 and Multicast Listener Discovery (MLD). In addition, the framework also supports enumeration of Upper Layer Protocols (ULP) such as multicast DNS (mDNS) andRead More