Scylla – The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc…

Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username. In continuation, Scylla has shodan support so you can search for devices allRead More

OpenCSPM – Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain visibility into security risk across the entire account and track the resolution ofRead More

Censys-Python – An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine

An easy-to-use and lightweight API wrapper for the Censys Search Engine (censys.io). Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYS_API_ID and CENSYS_API_SECRET environment variables. $ censys configCensys API ID: XXXCensys API Secret: XXXSuccessfully authenticatedRead More

Fawkes – Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More

Fuzzilli – A JavaScript Engine Fuzzer

A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript. Usage The basic steps to use this fuzzer are: Download the source code for one of the supported JavaScript engines. See the Targets/ directory for the list of supported JavaScript engines. Apply theRead More

NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do “some” CVE checks, but this is primarily coming fromRead More

Anchore Engine – A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification

For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore DocumentationThe Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore Engine is provided as a Docker container image that can be run standalone orRead More

Cnitch – Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root

cnitch (snitch or container snitch) is a simple framework and command line tool for monitoring Docker containers to identify any processes which are running as root.Why is this a bad thing? If you have not already been to can I haz non-privileged containers? by mhausenblas then I recommend you head over there now to getRead More

dorkScanner – A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs

A typical search engine dork scanner that scrapes search engines with queries that you provide in order to find vulnerable URLs.IntroductionDorking is a technique used by newsrooms, investigative organisations, security auditors as well as tech savvy criminals to query various search engines for information hidden on public websites and vulnerabilities exposed by public servers. DorkingRead More

Spyse: All-In-One Cybersecurity Search Engine

Spyse is a cybersecurity search engine for finding technical information about different internet entities, business data, and vulnerabilities. It’s an all-in-one platform for fast and effortless reconnaissance without using any additional tools. Spyse engine implements a ready-to-use database with massive amounts of internet data that helps to avoid waiting for the end of the scan,Read More

X