GraphCrawler – GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology’s powerful Graphinder tool. Just point it towards a domain and add the ‘-e’ option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler willRead More

Awesome-Password-Cracking – A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security

A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn’t be here open an issue Books Hash Crack: Password Cracking Manual (v3) – Password CrackingRead More

Packj – Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform that continuously vets packages and provides free reports. How to use Packj accepts two input args: name of theRead More

Bpflock – eBPF Driven Security For Locking And Auditing Linux Machines

bpflock – eBPF driven security for locking and auditing Linux machines. Note: bpflock is currently in experimental stage, it may break, options and security semantics may change, some BPF programs will be updated to use Cilium ebpf library. 1. Introduction bpflock uses eBPF to strength Linux security. By restricting access to a various range ofRead More

Kubeaudit – Tool To Audit Your Kubernetes Clusters Against Common Security Controls

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don’t add new ones don’t run privileged and more! tldr. kubeaudit makes sure you deploy secure containers! Package To use kubeaudit as aRead More

Cspparse – A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google’s API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google’s API, it also parses the target site’s HTML to look for any CSP rules that are specified in the <meta> tag InstallationRead More

Sealighter – Easy ETW Tracing for Security Research

I created this project to help non-developers dive into researching Event Tracing for Windows (ETW) and Windows PreProcessor Tracing (WPP). Features Subscribe to multiple ETW and WPP Providers at once Automatically parse events into JSON without needing to know format Robust Event filtering including filter chaining and filter negation Output to Standard out, File, orRead More

VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API (Based on OpenAPI 3)  VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off toRead More

LambdaGuard – AWS Serverless Security

  AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results. It provides aRead More

WhiteBeam – Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms (incl. legacy) and architectures Source available: Audits welcome Reviewed by security researchers with combined 100+ years of experience In Action Video demonstration of detection and prevention capabilities Testing WhiteBeam against zerodayRead More