Displaying 1 to 20 from 24 results

laravel-auditing - Record the change log from models in Laravel

  •    PHP

This package will help you understand changes in your Eloquent models, by providing information about possible discrepancies and anomalies that could indicate business concerns or suspect activities. Laravel Auditing allows you to keep a history of model changes by simply using a trait. Retrieving the audited data is straightforward, making it possible to display it in various ways.

Ranger - Manage Data Security across the Hadoop Platform

  •    Java

Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. It provides centralized security administration to manage all security related tasks in a central UI or using REST APIs, Fine grained authorization, Centralize auditing of user access within Apache Hadoop, Apache Hive, Apache HBase and other Apache components.

twa - A tiny web auditor with strong opinions.

  •    Shell

A tiny web auditor with strong opinions. You'll need bash 4, curl, dig, and nc, along with a fairly POSIX system.




Change Data Capture Helper

  •    CSharp

Change data capture helper for SQL Server 2008 It's developed in C#

AutoAudit

  •    

T-SQL codegen script that creates audit trail triggers for SQL Server 2005 / 2008. Back-out procs, view to deleted rows, & rowhistroy function. Version 2 adds user context, SQL stmt, insert log, and base table DDL options. by SQL Server MVP Paul Nielsen. 4 yrs of bug fixes.

PowerShell EventLogWatcher Module

  •    

A PowerShell module that provides some additional functions to enhance PowerShell Eventing in relation to Windows Event Log events. Subscriptions can be made and actions taken when new events are written to a log. In a sense, this can be used as "poor mans" auditing system.

AuditDbContext - Entity Framework Auditing Context

  •    

AuditDbContext provides entity change auditing for Entity Framework POCO entities.


audit - For auditing what collaborators, hooks, and deploy keys you have added on all your GitHub repositories

  •    Go

For checking what collaborators, hooks, deploy keys, and protected branches you have added on all your GitHub repositories. This also scans all an organization's repos you have permission to view. Because nobody has enough RAM in their brain to remember this stuff for 100+ repos. Check out genuinetools/pepper for setting all your GitHub repo's master branches to be protected. Pepper even has settings for organizations and a dry-run flag for the paranoid.

otseca - Open source security auditing tool to search and dump system configuration

  •    Shell

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time. Otseca facilitates collection of many important information about a given system.

Penetration-Testing-Tools - Great collection of my Penetration Testing scripts, tools, cheatsheets collected over years, used during real-world assignments or collected from various good quality sources

  •    Python

This is a collection of many tools, scripts, cheatsheets and other loots that I've been developing over years for penetration testing and IT Security audits purposes. Many of them actually had been used during real-world assignments, some of them are a collection gathered from various sources (waiting to be used someday). This repository does not contain actual exploits. These I will release under separate repository in some point in future.

owasp-aasvs - OWASP Annotated Application Verfication Standard

  •    Javascript

This repository aims to host the versioned and authoritative source data for the OWASP ASVS project. In order to build on top of this data a strict and normalized format was required ( unlike say storing everything in MarkDown or HTML) as it's much easier to remove strictness then to add it. There are many data serialization formats, those with broad support include: XML, CSV and YAML.

ssh-auditor - The best way to scan for weak ssh passwords on your network

  •    Go

It's designed so that you can run ssh-auditor discover + ssh-auditor scan from cron every hour to to perform a constant audit.

vue-axe - Accessibility auditing for Vue.js applications.

  •    Javascript

Accessibility auditing for Vue.js applications by running dequelabs/axe-core validation on the page your viewing, axe-core will run 1 second after the last VueJS update (with a 5 seconds debounce max wait). Package inspired by dequelabs/react-axe.

conntrack-logger - Tool to log conntrack flows and associated process/service info

  •    Python

Tool to make best effort to log conntrack flows along with associated pids, which service cgroup they belong to and misc other info about them. Think of it as an auditd extension to log network connections.

nflog-zmq-pcap-pipe - Tool to collect nflog and pipe it to a pcap stream/file over network (0mq) for real-time (or close to) analysis

  •    Python

Set of scripts to allow selective dumping of packets with netfilter NFLOG module and sending of these over zeromq channel to remote host (producing pcap stream there) for analysis. Use-case is sending traffic to Snort IDS on a remote machine with some pre-filtering (with iptables, since it's generally faster, simplier and more flexible than BPF or userspace filters) to exclude encrypted and irrelevant traffic (like raw VPN/IPSec packets and p2p).