.svg){kind=icon}
emailWhat is the environmental impact of your website?
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
Advanced Kubernetes Architecture Security Tool
This tool allows to perform the reconstruction of complex attack paths by graph generation in a Kubernetes cluster. It uses Neo4j for the storage of objects and relationships in database as well as neodash for visualization. The language Cypher as MySQL allows queries to the database to retrieve graphs. It can be used by security auditors to quickly identify attack paths or security experts to monitor theses paths.
A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
This free tool audits the configuration of an SSH server or client and highlights the areas needing improvement.
Too many admins overlook SSH configuration when setting up new systems. Unfortunately, the defaults for many operating systems are optimized for compatibility, not security.
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
Talisman is a tool that scans git changesets to ensure that potential secrets or sensitive information do not leave the developer's workstation.
It validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc.
A command line utility to display dependency tree of the installed Python packages.
pipdeptree is a command line utility for displaying the installed python packages in form of a dependency tree. It works for packages installed globally on a machine as well as in a virtualenv. Since pip freeze shows all dependencies as a flat list, finding out which are the top level packages and which packages do they depend on requires some effort. It's also tedious to resolve conflicting dependencies that could have been installed because older version of pip didn't have true dependency resolution1. pipdeptree can help here by identifying conflicting dependencies installed in the environment.
Tool for building Kubernetes attack paths.
KubeHound creates a graph of attack paths in a Kubernetes cluster, allowing you to identify direct and multi-hop routes an attacker is able to take, visually or through complex graph queries.
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query.
The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface to begin harvesting sensitive information on GitHub. GitDorker can be used with additional tools such as GitRob or Trufflehog on interesting repos or users discovered from GitDorker to produce best results.
Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start.
Monkey365 - Open Source security tool @ Lauren M.'s LinkedIn Automate Your Audit Reports with AuditForge.
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
Save time, increase efficiency, and maintain data confidentiality with our open-source auditing software.
grep rough audit - source code auditing tool.
graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Your Microsoft Security test automation framework!
Monitor your Microsoft 365 tenant's security configuration using Maester!
Maester is an open source PowerShell-based test automation framework designed to help you monitor and maintain the security configuration of your Microsoft 365 environment.
PostgreSQL Auditing Extension.
The PostgreSQL Audit Extension (or pgaudit) provides detailed session and/or object audit logging via the standard logging facility provided by PostgreSQL. The goal of PostgreSQL Audit to provide the tools needed to produce audit logs required to pass certain government, financial, or ISO certification audits.
Active Directory Security Assessment. Close Active Directory and Entra ID Security Gaps.
Find and fix security vulnerabilities in AD, now Entra ID, and Okta with Purple Knight, a free AD security vulnerability assessment that helps you uncover hundreds of AD indicators of exposure (IOEs) and compromise (IOCs). Quickly conduct a security assessment of AD—involved in 9 out of 10 cyberattacks.
BTA is an open-source Active Directory security audit framework.
A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.
AdminDroid Microsoft 365 auditing tool come up with immense reports on all the Microsoft 365 audit activities in the audit log search. Providing in-depth details on user sign-in activities is a head start for admins to analyze the users' sign-in data. With this Azure AD auditing tool, admins can monitor user logins, user activities, group activities, application activities, etc. Jazz up your Microsoft 365 Azure auditing without playing hard with PowerShell cmdlet like 'Search-UnifiedAuditLog'.
the missing audit log library. auditor's purpose is to provide an easy and standardized way to collect and persists audit logs.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.