Aura – Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to conductRead More

Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python

A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users’ passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will be returned in aRead More

Harbian-Audit – Hardened Debian GNU/Linux Distro Auditing

Hardened Debian GNU/Linux and CentOS 8 distro auditing. The main test environment is in debian GNU/Linux 9/10 and CentOS 8, and other versions are not fully tested. There are no implementations of desktop and SELinux related items in this release. The code framework is based on the OVH-debian-cis project, Modified some of the original implementationsRead More

Lynis 3.0.0 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, securityRead More

INTERCEPT – Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works on Mac, Linux and Windows.How it worksRead More