Displaying 1 to 14 from 14 results

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

CMSScan - CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

  •    CSS

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.

django-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool

  •    Python

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo. Try out DefectDojo in our testing environment.

NodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.

  •    Python

Static security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

glue - Application Security Automation

  •    Ruby

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Checkout the Playground to get a better understanding of Glue's features and how you can use them.

security-benchmarks - GSA Security Benchmarks and Tools

  •    Python

Welcome to the General Services Administration Security Benchmarks repository. Here you can find items to help implement GSA Security Benchmarks, Infrastructure As Code, and other tools for our DevSecOps work. The GSA publishes security guides for various operating systems and applications commonly used at the agency. For more information, please refer to the published guides on insite.gsa.gov (only accessible with GSA account).

hungryfox - Monitoring for leaks of sensitive information in git repositories

  •    Go

HungryFox is a software for continuous search for leaks of sensitive information like passwords, api-keys, private certificates and etc in your repositories. HungryFox differs from other solutions as it can work as a daemon and efficiently scans each new commit in repo and sends notification about found leaks.

apicheck - Testing your API for security

  •    Python

API-Check is a complete toolset created and designed for testing the REST API. Contributions Contributions are very welcome, see CONTRIBUTING.md or skim existing tickets to see where you could help out.

mobsf-ci - All that is required to run MobSF in the ci

  •    Shell

This repo contains all the is required to run MobSF in the CI. MobSF is a security tool that can scan APK/IPA and report various security issues. By running it in the CI, you can find those issues earlier, and fix them. To learn more about what it MobSF and what it can detect, checkout the blog post. To parse the report, use Glue - see in the next section how.

HolisticInfoSec-For-WebDevelopers-Fascicle2 - :books: IoT :lock: Mobile :books:


The contents of Fascicle 2 that's a work in progress is listed below, and can be found at the books landing page. If there is something you would like to see included in this fascicle, please submit an issue for consideration.

security-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book

  •    HTML

This repository contains all the code, playbooks, details regarding the book on Security Automation with Ansible2.

hammer - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

  •    Python

Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails. Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/.