CycloneDX Bill of Materials Standard.

CycloneDX is a modern standard for the software supply chain.

The International Standard for Bill of Materials (ECMA-424) The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54) drive the continued advancement of the specification.

• CycloneDX BOM Standard @ GitHub.

Related contents:

• CycloneDX PHP Composer Plugin @ GitHub.

Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.

The MISP threat sharing platform is a free and open source software helping information sharing of threat and cybersecurity indicators.

MISP @ GitHub.

Open Cyber Threat Intelligence Platform.

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

OpenCTI @ GitHub

Ballyregan is a package & CLI that allows you to fetch free tested proxies really fast!

Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm that compromised 500+ packages including CrowdStrike npm packages in 2025.

Related contents:

• Malicious NPM packages: Are you exposed? @ sysdig.
• Un scanner pour lutter contre l'attaque Shai-Hulud @ Korben :fr:.

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.

Slack enumeration and exposed secrets detection tool. Monitoring and enumerating Slack for exposed secrets

Open Source Cloud Security Tool.

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more.

• Prowler @ GitHub.

Related contents:

• How to Complete Infrastructure Code Reviews Like a PRO @ microtica.

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.

Software for Adversary Simulations and Red Team Operations. Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response.

Real Intelligence Threat Analytics (R-I-T-A) is an open-source framework for detecting command and control communication through network traffic analysis. The RITA framework ingests Zeek logs or PCAPs converted to Zeek logs for analysis.

RITA @ GitHub.

Linting tool for CloudFormation templates. The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.

Related contents:

• How to Complete Infrastructure Code Reviews Like a PRO @ microtica.