phishing domain scanner.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation.
See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and brand impersonation. Useful as an additional source of targeted threat intelligence.
End-of-life (EOL) and support information is often hard to track, or very badly presented. endoflife.date documents EOL dates and support lifecycles for various products.
endoflife.date aggregates data from various sources and presents it in an understandable and succinct manner. It also makes the data available using an easily accessible API and has iCalendar support.
Method for an Optimised aNAlysis of Risks. MONARC is a tool and a method allowing an optimised, precise and repeatable risk assessment.
Depending on its size and its security needs, organisations must react in the most appropriate manner. Adopting good practices, taking the necessary measures and adjusting them proportionally: all this is part of the process to ensure information security. Most of all, it depends on performing a risk analysis on a regular basis.
The Kubenomicon was born of a desire to understand more about Kubernetes from an offensive perspective.
This project was heavily inspired by the Kubernetes Threat Matrix from Microsoft which is a great starting point as it provides a framework to help understand some of the concepts in a MITRE ATTACK style framework. The Microsoft Threat Matrix was explicitly not designed to be a playbook offensive for security professionals and thus it lacks the details necessary to actually exploit (and remediate) each attack in Kubernetes cluster.
World's Most Trusted Open Source Firewall.
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfigurations and phishing domains - all powered by a blend of open-source and custom tools.
Open Initiative for Process Specifications.
The open source community is collaborating to establish common specifications for secure software development based on open source best practices.
Open source alternative to Tines / Palo Alto XSOAR. Automate security alerts, your way.
Tracecat is an open source Tines / Splunk SOAR alternative. Build AI-assisted workflows, orchestrate alerts, and close cases fast.
SOAR (Security Orchestration, Automation and Response) refers to technologies that enable organizations to automatically collect and respond to alerts across different tooling. Though Tracecat is built for security, it's workflow automation and case management system can be applied to other alerting environments (e.g. site reliability engineering, DevOps, and physical systems monitoring).
Identify the accounts most vulnerable to dictionary attacks.
PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.
Tools and Techniques for Red Team / Penetration Testing.
This github repository contains a collection of 130+ tools and resources that can be useful for red teaming activities.
Some of the tools may be specifically designed for red teaming, while others are more general-purpose and can be adapted for use in a red teaming context.
Identity infrastructure, simplified for you.
Tools and Techniques for Blue Team / Incident Response.
This github repository contains a collection of 65+ tools and resources that can be useful for blue teaming activities.
Some of the tools may be specifically designed for blue teaming, while others are more general-purpose and can be adapted for use in a blue teaming context.
Personal Security Checklist. Your guide to securing your digital life and protecting your privacy.
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Each entry has about 42 bits of randomness. Queries are not recorded. Randomness is probably as good as the random resource in the operating system.
Search Evasion Techniques.
Malware authors spend a great deal of time and effort to develop complex code to perform malicious actions against a target system. It is crucial for malware to remain undetected and avoid sandbox analysis, antiviruses or malware analysts. With this kind of techniques, malware are able to pass under the radar and stay undetected on a system. The goal of this free database is to centralize the information about malware evasion techniques.
This project aims to provide Malware Analysts and Defenders with actionable insights and detection capabilities to shorten their response times.
No more insecure software. Make sure your software delivery organization has the capabilities required to deliver secure products.
The OWASP Product Security Capability Framework (PSCF) is a comprehensive guide designed to frame and enhance the security of software products. By leveraging a structured approach to identify, implement, and manage security capabilities, the PSCF aims to improve product security and ensure compliance with regulatory and industry standards.
La plateforme de lutte contre les spams vocaux et SMS qui vous informe et vous accompagne.