Tools and frameworks
AppSec / Product Security
- DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
- ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
- Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
- HackerOne Hacktivity: See the latest hacker activity on HackerOne
- Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy
- Kali Linux: The reference Linux-based VM for penetration testing
- Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
- PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
- Metasploit: The world’s most used Penetration testing framework
- PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
- Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
- Armitage: Cyber Attack Management for Metasploit
- Cobalt Strike: Adversary Simulation and Red team Operations
- OWTF: OWASP Offensive Web Testing Framework
- Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
- MITRE CALDERA https://github.com/mitre/caldera: CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
- TheHive: An Scalable Open Source and Free Security Incident Response Platform
- MISP: Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- AIL: AIL framework - Analysis Information Leak framework
- dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j: Windows Security Log Events Encyclopedia
- https://github.com/spinfoo/windows-evtx-forensics: Perform forensics in Windows Event Log Files
- https://github.com/Neo23x0/sigma: Sigma rules. Generic Signature Format for SIEM Systems
- https://uncoder.io/: Online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
- honeymap: Real-time websocket stream of GPS events on a fancy SVG world map
- MHN: Modern Honey Network
- IVRE: Network recon framework
- ISF: Industrial Control System (ICS) Exploitation Framework based on Python
- smod: MODBUS Penetration Testing Framework
- PLCscan: Siemens S7 PLC scanner
- NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
- conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols
- modscan: Modbus OT devices scanner for Windows