Merge pull request #407 from fabacab/new-tools

Add kube-hunter (Kubernetes pentest tool) and Open Source Vulnerabilities (a vuln DB).
This commit is contained in:
0xACAB 2021-02-06 08:34:40 -05:00 committed by GitHub
commit 53a2ea62fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -114,7 +114,6 @@ See also [awesome-tor](https://github.com/ajvb/awesome-tor).
* [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. * [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
* [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. * [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
* [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions. * [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions.
* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
* [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. * [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
## Books ## Books
@ -267,7 +266,6 @@ See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
## Hex Editors ## Hex Editors
* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types.
* [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#. * [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows.
* [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs. * [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs.
@ -443,6 +441,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
## Network Vulnerability Scanners ## Network Vulnerability Scanners
* [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner. * [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
* [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
* [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws. * [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
@ -759,6 +758,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC). * [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. * [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. * [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
* [Open Source Vulnerabilities (OSV)](https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. * [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. * [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk. * [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.