Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to letRead More
[*] Source Code Management Attack Toolkit – SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials (username/password or API key) to the respective SCM system. Currently, the SCM systems that SCMKit supports areRead More
Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve further work. This new update brings: New scanning, reportingRead More
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection: Various programmingRead More
Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ docker build . -t cloudsploit:0.0.1$ docker run cloudsploit:0.0.1 -h$ docker run -e AWS_ACCESS_KEY_ID=XX -e AWS_SECRET_ACCESS_KEY=YY cloudsploit:0.0.1 –compliance=pci Documentation Background Deployment Options Self-Hosted Hosted at Aqua Wave Installation Configuration Amazon Web Services Microsoft Azure Google CloudRead More
An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection when encryptionRead More
A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. What is this all about? On 9th of February 2021, a security researcher Alex Birsan published an article that touched different resolve order flaws inRead More
Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain visibility into security risk across the entire account and track the resolution ofRead More
MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as Puppet, Chef, Salt, and Ansible are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising aRead More
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop Bulwark containers:Read More
