Kubeclarity – Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection: Various programmingRead More

Cloudsploit – Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ docker build . -t cloudsploit:0.0.1$ docker run cloudsploit:0.0.1 -h$ docker run -e AWS_ACCESS_KEY_ID=XX -e AWS_SECRET_ACCESS_KEY=YY cloudsploit:0.0.1 –compliance=pci Documentation Background Deployment Options Self-Hosted Hosted at Aqua Wave Installation Configuration Amazon Web Services Microsoft Azure Google CloudRead More

Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection when encryptionRead More

Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. What is this all about? On 9th of February 2021, a security researcher Alex Birsan published an article that touched different resolve order flaws inRead More

OpenCSPM – Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain visibility into security risk across the entire account and track the resolution ofRead More

MOSE – Post Exploitation Tool For Configuration Management Servers.

MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments. CM tools, such as Puppet, Chef, Salt, and Ansible are used to provision systems in a uniform manner based on their function in a network. Upon successfully compromising aRead More

Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop Bulwark containers:Read More

Faraday v3.12 – Collaborative Penetration Test and Vulnerability Management Platform

 There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday tasks in managing information. TheRead More

Permission Manager – A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW

Welcome to the Permission Manager!Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place.With Permission Manager, you can create users, assign namespaces/permissions, and distributeRead More

Vault – A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management

Please note: We take Vault’s security and our users’ trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected] Website: https://www.vaultproject.io IRC: #vault-tool on Freenode Announcement list: Google Groups Discussion list: Google Groups Documentation: https://www.vaultproject.io/docs/ Tutorials: HashiCorp’s Learn Platform Certification Exam: Vault AssociateRead More

X