.svg){kind=icon}
As per the NIS2 Directive, ENISA is mandated to develop and maintain the European vulnerability database.
Access to reliable and timely information about vulnerabilities affecting Information and Communication Technology (ICT) products and services contributes to an enhanced cybersecurity risk management. Sources of publicly available information about vulnerabilities are an important tool for users of these services, competent authorities, and the broader cybersecurity community. ENISA has established a European Vulnerability Database (EUVD) where entities, regardless of whether they fall within the scope of the NIS2 Directive, and their suppliers of network and information systems, as well as competent authorities, most notably CSIRTs, can voluntarily disclose and register publicly known vulnerabilities to allow users to take appropriate mitigating measures.
Cloud native secrets management for developers - never leave your command line for secrets.
Never leave your terminal to use secrets while developing, testing, and building your apps.
Instead of custom scripts, tokens in your .zshrc files, visible EXPORTs in your bash history, misplaced .env.production files and more around your workstation -- just use teller and connect it to any vault, key store, or cloud service you like (Teller support Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and many more).
Security scanner for MCP servers
MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities like tool poisoning attacks, exfiltration channels and cross-origin escalations.
Honeypot servers with an integrated threat feed.
Deceptifeed is a honeypot and threat feed server. It runs multiple deceptive network services (honeypots), while the threat feed lists IP addresses that have interacted with the honeypots. Additionally, Deceptifeed provides real-time visibility into honeypot activity, allowing you to monitor logs and interactions as they occur.
DNS Measurement, Troubleshooting and Security Auditing Toolset.
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.
Related contents:
Fix Inventory is an open-source cloud asset inventory tool for infrastructure and security engineers.
Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.
Fix Inventory enables a broad set of exploration and automation scenarios. Its foundation is a graph-based data model, which exposes resource metadata and dependency relationships between your service's assets.
A powerful CLI allows you to search, explore, and manage your cloud resources.
Related contents:
PhishTool gives human analysts the power to reverse engineer phishing emails, to better defend against them. PhishTool is to phishing emails as a disassembler is to malware or a forensic toolkit is to file systems.
Related contents:
The last bastion
Secure access to your internal SSH, HTTPS, MySQL and Postgres servers with SSO and RBAC.
- [Warpgate @ GitHub]{https://github.com/warp-tech/warpgate).
A framework for securing software update systems.
The Update Framework (TUF) maintains the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
Related contents:
OpenSSF Scorecard assesses open source projects for security risks through a series of automated checksIt was created by OSS developers to help improve the health of critical projects that the community depends on.
You can use it to proactively assess and make informed decisions about accepting security risks within your codebase. You can also use the tool to evaluate other projects and dependencies, and work with maintainers to improve codebases you might want to integrate.
Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.
Related contents:
The Package Analysis project analyses the capabilities of packages available on open source repositories. The project looks for behaviors that indicate malicious software:
-
What files do they access?
-
What addresses do they connect to?
-
What commands do they run?
Related contents:
A framework to secure the integrity of software supply chains.
in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
Related contents:
A tool for preventing the installation of malicious PyPI and npm packages 🔥.
Supply-Chain Firewall is a command-line tool for preventing the installation of malicious PyPI and npm packages. It is intended primarily for use by engineers to protect their development workstations from compromise in a supply-chain attack.
Related contents:
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
This repository is an open-source dataset of 5938 malicious software packages (and counting) identified by Datadog, as part of our security research efforts in software supply-chain security. Most of the malicious packages have been identified by GuardDog.
Related contents:
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata.
GuardDog can be used to scan local or remote PyPI and npm packages or Go modules using any of the available heuristics.
Related contents:
Bypass Microsoft Account creation during Windows 11/10 install.
With Microsoft’s recent Windows 11 updates, the bypass for the network requirement (NRO) was "effectively" blocked, forcing users into an online account creation. MSAPatcher brings back the simplicity of the bypassnro.cmd one-liner, allowing you to bypass the NRO without having to manually add registry keys or deal with complex workarounds.
Related contents:
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.
SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
Related contents:
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy.
pwndbg (/paʊnˈdiˌbʌɡ/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
Related contents:
La plainte en ligne pour les arnaques sur internet (THESEE)
Pour les victimes d'escroqueries sur internet : faux sites de vente, piratage de comptes de messagerie, extorsion d'argent pour débloquer un ordinateur... vous pouvez déposer une plainte en ligne grâce au dispositif THESEE.
Related contents: