syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.
kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-toolsBrakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-auditThis package ensures that your application doesn't have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-master" to your composer.json "require-dev" section and you will not be able to harm yourself with software with known security vulnerabilities.
security-advisories security-vulnerability composer infosecDo you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsFor a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scannerClearly, I'm a lazy person (just look at what this tool does - it helps me figure out if I should order a car to pick me up and drive me to where I want to go). That being said, as a lazy person it pains me everytime open my phone, open the Uber app, type my destination, and see the estimated price, only for my inner, responsible, cost-cutting, fiduciary-self to end up taking the bus all the way home.
uber security-vulnerability security-incidents command-line-tool uber-cli uber-price uber-timeSQLiScanner works with Python version 3.x on Linux and osx.
sqlmap sqlmapapi autoscan scanner security-audit security sqlmap-webui security-vulnerabilityDeepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless. ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. It obtains manifests of dependencies from running pods and containers, serverless apps, applications, and operating system. ThreatMapper matches these against vulnerability feeds to identify vulnerable components.
vulnerability-scanning security-vulnerability vulnerability-management threat-analysis vulnerability github docker kubernetes jenkins devops circleci gitlab serverless secops cloud-native security-tools devsecops compliance-automation registry-scanningFuzzer and test suite for TLS (SSLv2, SSLv3, v1.0, v1.1, v1.2, v1.3) implementations. Early alpha version - thus no API stability guarantees.
tlslite-ng tls ssl security-audit security-vulnerability test-framework test-automation testing-tools test-suite tlslite protocol-verifier protocol-tester automation rfc-compliance standard-conformity standards robot drown tls13 tls12This is a mirror of Gera's Insecure Programming examples. Oldies but great for begineers getting into the basics of exploitation techniques and vulnerabilities.
vulnerabilities security-vulnerability security learning-exercise exploitationIMMINENT DANGER: the heuristics indicate that it can't be assured, that using the updater won't compromise the system. In the best case, the app publisher provides updated binaries with a patched version of Sparkle, which isn't vulnerable or avoids using unencrypted HTTP connections for retrieving the AppCast, as strongly encouraged by Sparkle's documentation. Alternative countermeasures may range from disabling auto-updates and not using the updater anymore, over restricting the app's network functionalities to putting the app under quarantine. UNKNOWN: the app was compiled against an older SDK, so that ATS is not active or there are exclusions from ATS, while the feed URL for the AppCast is not declared in the Info.plist, so it has to be programmatically provided, which can't be determined by statical analysis. Nevertheless the tool inspects all string literals in the executable to find all HTTP URLs, which might include the feed URL. This strategy has limits and can't catch URLs, which weren't fully hardcoded as strings or obfuscated in another way. The found URLs are printed for further investigation through the user to allow a better risk estimation. If an insecure URL serving an AppCast can be found, it is likely that the app is vulnerable, otherwise it can't be excluded.
security security-tools security-scanner security-vulnerabilityProof of concept code is already public elsewhere. DoS occurs in either direction - UDP from LAN to WAN or WAN to LAN.
security-vulnerability networkingIncludes a tool to efficiently perform capturing of handshakes. It intelligently manages all the words of the dictionaries to be tested, as well as keeps a history of everything that has already been tested, so that the same attempts are not repeated.
handshake cracker wordlist-generator wifi-password security-audit security-vulnerability penetration-testing hacking-tool john wordlist dictionaries ripper crack-process arch-linux handshake-crackerCompiles a json dataset containing properties to aid in the detection and mitigation of over 400 variants of ransomware using public sources. The latest version of the Ransomware Summary spreadsheet will then be downloaded and processed into a local json output which will be found in the core folder of your local repository along with a copy of the latest version of the spreadsheet. To change the source and destinations for local files edit the constants found in the header of the 'update_json.py' file.
ransomware security dataset-generation security-hardening ransomware-prevention excel-to-json security-audit security-vulnerability mitigation json json-dataset ransomware-resources detection ransomware-summary spreadsheet prevention wannacryHackerOne "in scope" domains
security security-tools security-vulnerability security-automation hackerone hackerone-apiZero dependencies and does not require the target to have open directory listing.
security security-scanner security-vulnerabilityWatchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360° view of any Internet property it scans. Given a list of domains/IP's it has the capability to perform a network scan, feed the output to open source web app scanners like Google's skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s. WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and map this information with it’s rich CVE database maintained and updated locally.
security-tools security security-vulnerability security-testing vulnerability-management vulnerability-assessment pentest-tool penetration-testing-framework cve-databases cve-search application-security network-security product-security bugbountyThe code has been published as the vulnerability used has been patched on all cod games as of 4/26/2018. For more information, read the post at https://momo5502.com/blog/?p=34 or see CVE-2018-10718. This software has been created purely for the purposes of academic research. It is not intended to be used to attack other systems. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
cpp exploit security-vulnerability mw2 cod hack pocShitHub is a collaborative platform, created to check your own and/or foreign code for security vulnerabilitys and design issues. A: Well, there are many other Code review systems, but we don't knew any system which isn't limited to team inside review and Open Source.
security-vulnerability clean-code collaborative collaboration jugendhackt
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.