Kubeclarity – Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection: Various programmingRead More

Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More

Master_Librarian – A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo python3 -m pip install -r requirements.txt Overview: vulnerabilities on local libraries by CoolerVoid Example: $ python3 master_librarian.py -t csv $ python3 master_librarian.py -t txt -l 3 usage: master_librarian.py [-h] -t TYPES [-l LIMIT] optional arguments: -h, –helpRead More

Dep-Scan – Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to startRead More

Pip-Audit – Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from Google. This is not an official Google product. Features Support for auditingRead More

Canadian Furious Beaver – A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the “Broker” combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable fromRead More

Webstor – A Script To Quickly Enumerate All Websites Across All Of Your Organization’S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities

  WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your organization’s networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities. It is intended, in particular, to solve the unique problem presented in mid to largeRead More

DongTai – An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party Component Vulnerabilities, Etc.

中文版本(Chinese version) About DongTai IAST DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java andRead More

Bugs-feed – A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities…

Bug’s feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities… It’s implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search in allRead More

CamRaptor – Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee. Optimized to exploit multiple cameras at one time from list with threading enabled. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamRaptor Basic usageRead More

X