Displaying 1 to 20 from 31 results

arachni - Web Application Security Scanner Framework

  •    Ruby

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

vulscan - Advanced vulnerability scanning with Nmap NSE

  •    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.




vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

wazuh - Wazuh - Host and endpoint security

  •    C

This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management. Wazuh provides an updated log analysis ruleset, and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.

Seccubus - Easy automated vulnerability scanning, reporting and analysis

  •    Javascript

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.


TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.

  •    Python

NOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.

pest - :beetle: Primitive Erlang Security Tool

  •    Erlang

Do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure. Erlang/OTP version 19.0 and higher is required. If beam files are used, they must have been compiled with the debug_info option to provide the abstract_code used by pest.erl. However, pest.erl also consumes Erlang source code, including Erlang source escript files. If beam files are available, it is best to use the beam files with pest.erl due to how the Erlang compiler preprocessor and optimizations can influence function calls.

csi - CSI (Continuous Security Integration) Framework => Automated Security Testing for CI/CD Pipelines & Beyond

  •    Ruby

If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please PM us as this will continue to promote CSIs interoperability w/ industry-recognized security tools moving forward. It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.

burp-molly-pack - Security checks pack for Burp Suite

  •    Java

Burp-molly-pack is Yandex security checks pack for Burp. The main goal of Burp-molly-pack is to extend Burp checks. Plugins contains Active and Passive security checks.

wazuh-ansible - Wazuh - Ansible playbook

  •    

This playbooks installs and configure Wazuh agent, manager and Elastic Stack. The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.

wazuh-api - Wazuh - RESTful API

  •    Javascript

Wazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL. Our goal is to completely manage Wazuh remotely. Perform everyday actions like adding an agent, check configuration, or look for syscheck files are now simplest using Wazuh API.

wazuh-docker - Wazuh - Docker containers

  •    Shell

In addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Containers are currently tested on Wazuh version 3.3.0 and Elastic Stack version 6.2.4. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.

wazuh-documentation - Wazuh - Project documentation

  •    Python

Here you will find instructions to install and deploy Wazuh HIDS. If you want to contribute to this documentation (built using Sphinx) or our projects please head over to our Github repositories and submit pull requests.

wazuh-kibana-app - Wazuh - Kibana plugin

  •    Javascript

Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app plugin. If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to mailto:wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.

wazuh-puppet - Wazuh - Puppet module

  •    Puppet

This module installs and configure Wazuh agent and manager. This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gazeley and Michael Porter. Wazuh has forked it with the purpose of maintaining it. Thank you to the authors for the contribution.

wazuh-ruleset - Wazuh - Ruleset

  •    Python

Wazuh ruleset is used to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies or security policy violations. The ruleset includes compliance mapping with PCI DSS v3.1 and CIS.