Displaying 1 to 16 from 16 results

sslyze - Fast and powerful SSL/TLS server scanning library.

  •    Python

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

  •    HTML

To try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).

multi-git-status - Show uncommitted, untracked and unpushed changes for multiple Git repos

  •    Shell

Show uncommitted, untracked and unpushed changes in multiple Git repositories. Scan for .git dirs up to DEPTH directories deep. The default is 2. If DEPTH is 0, the scan is infinitely deep. Since there are a lot of different states a git repository can be in, mgitstatus makes no guarantees that all states are taken into account.

crl-monitor - CRL Monitor - X.509 Certificate Revocation List monitoring and X.509/Subject caching

  •    Python

There is a set of tool to maintain a cache of certificate fingerprints along with the IP addresses seen with a specific fingerprint and subject. In order to feed the cache, dumps of SSL scans need to be imported.

veye-checker - This projects creates SHA values for locale binaries - Shazam for packages.

  •    Rust

It's a command-line util that scans packaged binaries and resolves their SHA digest values into the package information. The whole idea behind this utility is described in the Versioneye's blogpost "Identifying components by SHA values". One can use this utility to lookup a version details of the package, fetch a license ID for the binary or get vulnerability details or automate due diligence process without installing any runtime or additional dependencies.

reprise - Simplified module reloader for Elixir

  •    Elixir

A simplified module reloader for Elixir. It differs from its predecessors (exreloader, mochiweb reloader) in a way that it scans only beam files of the current mix project and the current env.

versionscan - A PHP version scanner for reporting possible vulnerabilities

  •    PHP

Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues. PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of right now, this only reports back for the straight up version reported.

sample-scan-files - Sample scan files for testing DefectDojo imports

  •    HTML

Repository for sample scan files. Please do not upload any production data as the scans are intended to be scrubbed or against demo systems.

webbreaker - Dynamic Application Security Test Orchestration (DASTO)

  •    Python

WebBreaker is an open source Dynamic Application Security Test Orchestration (DASTO) client, enabling development teams to create pipelines for security testing and automation of functional security tests, with WebInspect, Fortify SSC, and ThreadFix.

cloud-reports - Scans your AWS cloud resources and generates reports

  •    TypeScript

Collects info about various cloud resources and analyzes them against best practices and give a JSON, HTML or PDF reports. These collect the information about various cloud resources from the cloud provider. This information later used by Analyzers to analyze.

pyndiff - Generate human-readable ndiff output when comparing 2 Nmap XML scan files

  •    Python

This library is used in Scantron, the distributed Nmap / masscan scanning framework, to email out Nmap scan diffs (coming soon!). pyndiff is developed and maintained by @opsdisk as part of Rackspace's Threat and Vulnerability Analysis team.

bridgecrew-orb - This CircleCI Orb Action runs Bridgecrew analysis of Infrastructure-as-Code repository


This CircleCI Orb Action runs Bridgecrew analysis of Infrastructure-as-Code repository. Bridgecrerw performs static security analysis of Terraform, CloudFormation and Kubernetes Infrastructure code security

RxCBCentral - A reactive, interface-driven central role Bluetooth LE library for iOS

  •    Swift

RxCBCentral provides a simple reactive paradigm for connecting to and communicating with Bluetooth LE peripherals from the central role. It is ideal for all applications - in particular those that require multiple concurrent Bluetooth LE integrations. Similar to the RxSwift and RxJava libraries, RxCBCentral and Android's RxCentralBle allow mobile engineers who work on different platforms to use similar protocols for BLE communication, enabling increased developer efficiency and simplifying the ability to achieve architectural platform-parity.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.