Ssh-Mitm – Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

ssh-mitm is an intercepting (mitm) proxy server for security audits. Redirect/mirror Shell to another ssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! – intercepting traffic to other hosts is now possible when using arp spoofing or proxy is usedRead More

Wynis – Audit Windows Security With Best Practice

Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDIT_CONF_%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus software   -APPDATA%COMPUTERNAME% : List all executable file in APPDATARead More

RESTler – The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API.Read More

Packer-Fuzzer – A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call, which is also convenient for us to quickly discoverRead More

Hijackthis – A Free Utility That Finds Malware, Adware And Other Security Threats

HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new or previously unknown malware – but it also makes no distinctionRead More

Fast-Security-Scanners – Security Checks For Your Researches

A small contribution to community 🙂 We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NS takeover (Repo) docker run –dns=8.8.8.8 -e VULN_ID=dns_ns_takeover -e DOMAIN=site.com whitespots/dnsnstakeover Cache Poisoning (Repo) docker run –rm -it –name wcdscanner -e VULN_ID=wcd -e FIND_XSS=False -e DOMAIN=site.com whitespots/wcdxss XSS via MetaRead More

Terrascan – Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for security best practices Scanning of Terraform 12+ (HCL2) Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 Support for AWS, Azure, GCP, Kubernetes and GitHub Installing Terrascan’sRead More

Amlsec – Automated Security Risk Identification Using AutomationML-based Engineering Data

This prototype identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that potentially lead to physical damage. Installation Build AML2OWL This prototype depends on a forkedRead More

SIRAS – Security Incident Response Automated Simulations

Security Incident Response Automated Simulations (SIRAS) are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate the blueteam/tabletops scenarios. All smokers of siras make real actions into your AWS and then deleteRead More

X