We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings
The Windows Secure Host Baseline (SHB) provides an automated and flexible approach for assisting the DoD in deploying the latest releases of Windows 10 using a framework that can be consumed by organizations of all sizes. Formal product evaluations also support the move to Windows 10. The National Information Assurance Partnership (NIAP) and National Institute of Standards and Technology (NIST) oversees evaluations of commercial IT products for use in National Security Systems.
auditing certificates chrome-browser audit windows-10 windows-server compliance nessus group-policy applocker internet-explorer windows-firewall microsoft-office windows-server-2016 adobe-readerVulnWhisperer - Create actionable data from your Vulnerability Scans
VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed. The following instructions should be utilized as a Sample Guide in the absence of an existing ELK Cluster/Node. This will cover a Debian example install guide of a stand-alone node of Elasticsearch & Kibana.
nessus elasticstack elasticsearch logstash vulnerability qualysHardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance
This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for hardware and firmware vulnerabilities such as side-channel and UEFI vulnerabilities. The repository is a companion to NSA Cybersecurity Advisories such as Vulnerabilities Affecting Modern Processors. This repository is updated as new information, research, strategies, and guidance are developed. The following mitigations generally apply to all systems. For specific steps for a particular operating system or vendor product, consult detailed instructions and strategies at Specific Guidance.
audit vulnerability cve nessus spectre guidance meltdown cve-2017-5754 cve-2017-5715 cve-2017-5753 cve-2018-3640 cve-2018-3639 cve-2018-3693 cve-2018-3665Seccubus - Easy automated vulnerability scanning, reporting and analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.
seccubus repeated-scans nikto ssllabs security filters analysis vulnerability-detection vulnerability-management medusa nessus nmap testsslRTA - Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets
Red Team Arsenal is a web/network security scanner which has the capability to scan all company's online facing assets and provide an holistic security view of any security anomalies. It's a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks. It's an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.
security-tools security websecurity nessusnessusbeat - A Beat that monitors a local Nessus reports directory and outputs scan results to Elasticsearch or Logstash
Nessusbeat provides a Beat that monitors a local Nessus installation's reports directory and exports, parses, and outputs scan results to supported Beat outputs. To build the binary for Nessusbeat run the command below. This will generate a binary in the same directory with the name nessusbeat.
nessus elasticsearch beats beat logstash vulnerability-assessment vulnerability-scanning vulnerability-scanner elasticbeatsrisu - Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification
Risu is Nessus parser, that converts Nessus .nessus xml files into a ActiveRecord database, this allows for easy report generation and vulnerability verification. Risu has been tested with ruby-2.0.0, ruby-2.1.0 and ruby-2.2.3. Please use the latest version if possible. I recommend using chruby or RVM to setup your ruby environment.
xml-parser security nessus reportinggray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#
This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.
sql-injection fuzzer metasploit payload c-sharp automation mono xamarin security nessus openvas nexpose sqlmap arachni clamav cuckoo-sandbox pentesting blueteam redteamsec-tools - Docker images for infosec tools
Docker images for infosec tools
docker-image docker metasploit arachni fierce nikto nmap wireshark wpscan nessus pentest pentest-toolhakbot-origin-controller - Vendor-Neutral Security Tool Automation Controller (over REST)
Vendor-Neutral Security Tool Automation Controller (over REST)
software-security appsec devops automation rest dynamic-analysis nessus threadfix appspider webinspect burp zap securityPHPNessusNG - PHP wrapper functions for interfacing with the Nessus V6.x API
PHP wrapper functions for interfacing with the Nessus V6.x API. The Nessus 6 Vulnerability Scanner provides a RESTful API interface. This library aims to be a wrapper around this API, allowing you to query it directly, as detailed in the API documentation.
nessus library wrapper api clientDetect-CVE-2017-15361-TPM - Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361
This repository provides content for aiding DoD administrators in detecting systems that have an enabled Trusted Platform Module (TPM) that is vulnerable to CVE-2017-15361 and is a companion to Information Assurance Advisory RSA Key Generation Vulnerability Affecting Trusted Platform Modules. The files in this repository can be downloaded as a zip file here. See LICENSE.
rsa audit vulnerability cve nessus tpm trusted-platform-moduleBitLocker-Guidance - Configuration guidance for implementing BitLocker. #nsacyber
Microsoft BitLocker is a full volume encryption feature built into Windows. BitLocker is intended to protect data on devices that have been lost or stolen. BitLocker is available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, in the Professional and Enterprise editions of Windows 8/8.1, and in the Pro, Enterprise, and Education editions of Windows 10. BitLocker is also included in the Windows Server releases of Windows since Window Server 2008. This repository hosts Group Policy Objects, compliance checks, and configuration tools in support of implementing BitLocker.
microsoft encryption audit nessus guidance bitlocker full-disk-encryption bitlocker-drive-encryption
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
