From 4df02a9c3fe75c9872fd44a66b63d445c9cf18f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=81=B0=E8=B1=86?= Date: Tue, 14 Jun 2022 10:08:11 +0800 Subject: [PATCH 01/13] Add XSS detection tool - Cyclops Name: Cyclops Type:Discovery/XSS Description: The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. github:https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3dafb2..b9f2630 100644 --- a/README.md +++ b/README.md @@ -303,7 +303,8 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI. - [is-website-vulnerable](https://github.com/lirantal/is-website-vulnerable) - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries. - [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features. -- [Keyscope](https://github.com/SpectralOps/keyscope) - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust +- [Keyscope](https://github.com/SpectralOps/keyscope) - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust +- [Cyclops](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) - The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. ### Runtime Application Self-Protection From d7172067534c52cd946a5436da4c8d27565bcf07 Mon Sep 17 00:00:00 2001 From: Felix P Date: Mon, 11 Jul 2022 19:17:18 +0200 Subject: [PATCH 02/13] Update README.md Add cve-ape tool at DevOps section. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..832a948 100644 --- a/README.md +++ b/README.md @@ -361,6 +361,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Trivy](https://github.com/aquasecurity/trivy) - A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI. - [Preflight](https://github.com/spectralops/preflight) - helps you verify scripts and executables to mitigate supply chain attacks in your CI and other systems. - [Teller](https://github.com/spectralops/teller) - a secrets management tool for devops and developers - manage secrets across multiple vaults and keystores from a single place. +- [cve-ape](https://github.com/baalmor/cve-ape) - A non-intrusive CVE scanner for embedding in test and CI environments that can scan package lists and individual packages for existing CVEs via locally stored CVE database. Can also be used as an offline CVE scanner for e.g. OT/ICS. ## Terminal From be56f952cb2e09a6c4bd2173ca8d7d3066d52458 Mon Sep 17 00:00:00 2001 From: gleatd01 <53531609+gleatd01@users.noreply.github.com> Date: Mon, 25 Jul 2022 11:40:15 -0400 Subject: [PATCH 03/13] Update README.md ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..2efbcbf 100644 --- a/README.md +++ b/README.md @@ -205,6 +205,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Linux Malware Detect](https://www.rfxn.com/projects/linux-malware-detect/) - A malware scanner for Linux designed around the threats faced in shared hosted environments. - [LOKI](https://github.com/Neo23x0/Loki) - Simple Indicators of Compromise and Incident Response Scanner - [rkhunter](http://rkhunter.sourceforge.net/) - A Rootkit Hunter for Linux +- [ClamAv](http://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. ### Content Disarm & Reconstruct From f283e6187199922b1f47b8e72890932715d81ea2 Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Thu, 28 Jul 2022 14:50:08 +0100 Subject: [PATCH 04/13] Adds Awesome Privacy under Other --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..22861fb 100644 --- a/README.md +++ b/README.md @@ -435,6 +435,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - A curated list of awesome malware analysis tools and resources. - [Awesome PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - A collection of tools developed by other researchers in the Computer Science area to process network traces. - [Awesome Pentest](https://github.com/enaqx/awesome-pentest) - A collection of awesome penetration testing resources, tools and other shiny things. +- [Awesome Privacy](https://github.com/lissy93/awesome-privacy) - A curated list of privacy-respecting software and services. - [Awesome Linux Containers](https://github.com/Friz-zy/awesome-linux-containers) - A curated list of awesome Linux Containers frameworks, libraries and software. - [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response) - A curated list of resources for incident response. - [Awesome Web Hacking](https://github.com/infoslack/awesome-web-hacking) - This list is for anyone wishing to learn about web application security but do not have a starting point. From 9eeda27439de43c1f0d6b948cd77a44e94ec9046 Mon Sep 17 00:00:00 2001 From: Elad Kaplan Date: Fri, 29 Jul 2022 23:41:58 +0300 Subject: [PATCH 05/13] add shellclear tool --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..818ba75 100644 --- a/README.md +++ b/README.md @@ -365,6 +365,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog ## Terminal * [shellfirm](https://github.com/kaplanelad/shellfirm) - It is a handy utility to help avoid running dangerous commands with an extra approval step. You will immediately get a small prompt challenge that will double verify your action when risky patterns are detected. +* [shellclear](https://github.com/rusty-ferris-club/shellclear) - It helps you to secure your shell history commands by finding sensitive commands in your all history commands and allows you to clean them ## Operating Systems From 39041a13c56e3ec9b8001f8aad5fc7d2b90a5e8e Mon Sep 17 00:00:00 2001 From: Elad Kaplan Date: Fri, 29 Jul 2022 23:52:20 +0300 Subject: [PATCH 06/13] add shellclear tool --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 818ba75..d6efe6d 100644 --- a/README.md +++ b/README.md @@ -365,7 +365,8 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog ## Terminal * [shellfirm](https://github.com/kaplanelad/shellfirm) - It is a handy utility to help avoid running dangerous commands with an extra approval step. You will immediately get a small prompt challenge that will double verify your action when risky patterns are detected. -* [shellclear](https://github.com/rusty-ferris-club/shellclear) - It helps you to secure your shell history commands by finding sensitive commands in your all history commands and allows you to clean them +* [shellclear](https://github.com/rusty-ferris-club/shellclear) - It helps you to Secure your shell history commands by finding sensitive commands in your all history commands and allowing you to clean them. + ## Operating Systems From 3f448ade6c10b6e3be1b07f3f0fc1a2060736e04 Mon Sep 17 00:00:00 2001 From: Asi Greenholts <88270351+asi-cider@users.noreply.github.com> Date: Mon, 1 Aug 2022 19:03:08 +0300 Subject: [PATCH 07/13] add cicd-goat --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..ca601c6 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://hub.docker.com/r/bkimminich/juice-shop) - `docker pull jeroenwillemsen/wrongsecrets`- [OWASP WrongSecrets](https://hub.docker.com/r/jeroenwillemsen/wrongsecrets) +- `docker-compose -d up` - [cicd-goat](https://github.com/cider-security-research/cicd-goat) ## Endpoint From eb7bd5993690772a64e28d79efdda361f2ffb30e Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Wed, 3 Aug 2022 00:29:02 +0200 Subject: [PATCH 08/13] Update README.md Added Falco.org to the RASP list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..4097437 100644 --- a/README.md +++ b/README.md @@ -311,6 +311,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog ### Runtime Application Self-Protection +- [Falco](https://falco.org/) - The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF. - [Sqreen](https://www.sqreen.io/) - Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection. - [OpenRASP](https://github.com/baidu/openrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load. From 7e4494c468d5a50e79a45e3bb4782c89b43d78f3 Mon Sep 17 00:00:00 2001 From: Tim Kern Date: Tue, 16 Aug 2022 11:51:17 -0500 Subject: [PATCH 09/13] Added Fleet device management Placed under endpoint > configuration management Link to the code coverage report- https://app.codecov.io/gh/fleetdm/fleet --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..f82bb51 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Configuration Management +- [Fleet device management](https://github.com/fleetdm/fleet) - Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems. - [Rudder](http://www.rudder-project.org/) - Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance. Automate common system administration tasks (installation, configuration); Enforce configuration over time (configuring once is good, ensuring that configuration is valid and automatically fixing it is better); Inventory of all managed nodes; Web interface to configure and manage nodes and their configuration; Compliance reporting, by configuration and/or by node. ### Authentication From 13715bd237887e3783e6e6e4f1eedfa532c7971d Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Tue, 23 Aug 2022 09:49:20 +0100 Subject: [PATCH 10/13] Add awesome security newsletters --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..62df53e 100644 --- a/README.md +++ b/README.md @@ -433,6 +433,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Awesome Hacking](https://github.com/carpedm20/awesome-hacking) - A curated list of awesome Hacking tutorials, tools and resources. - [Awesome Honeypots](https://github.com/paralax/awesome-honeypots) - An awesome list of honeypot resources. - [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - A curated list of awesome malware analysis tools and resources. +- [Awesome Security Newsletters](https://github.com/TalEliyahu/awesome-security-newsletters) - A curated list of awesome newsletters to keep up to date on security news via e-mail. - [Awesome PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - A collection of tools developed by other researchers in the Computer Science area to process network traces. - [Awesome Pentest](https://github.com/enaqx/awesome-pentest) - A collection of awesome penetration testing resources, tools and other shiny things. - [Awesome Linux Containers](https://github.com/Friz-zy/awesome-linux-containers) - A curated list of awesome Linux Containers frameworks, libraries and software. From 8626ea92834741d85afbfb903a784c420d9e020d Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 26 Aug 2022 11:28:17 -0400 Subject: [PATCH 11/13] Add Awesome Censys Queries --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..1ff30ca 100644 --- a/README.md +++ b/README.md @@ -448,6 +448,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Awesome Container Security](https://github.com/kai5263499/container-security-awesome) - A curated list of awesome resources related to container building and runtime security - [Awesome Crypto Papers](https://github.com/pFarb/awesome-crypto-papers) - A curated list of cryptography papers, articles, tutorials and howtos. - [Awesome Shodan Search Queries](https://github.com/jakejarvis/awesome-shodan-queries) - A collection of interesting, funny, and depressing search queries to plug into Shodan.io. +- [Awesome Censys Queries](https://github.com/thehappydinoa/awesome-censys-queries) - A collection of fascinating and bizarre Censys Search Queries. - [Awesome Anti Forensics](https://github.com/remiflavien1/awesome-anti-forensic) - A collection of awesome tools used to counter forensics activities. - [Awesome Security Talks & Videos](https://github.com/PaulSec/awesome-sec-talks) - A curated list of awesome security talks, organized by year and then conference. - [Awesome Bluetooth Security](https://github.com/engn33r/awesome-bluetooth-security) - A curated list of Bluetooth security resources. From e268feecf0358595b4da0a905d277eaa17e5fe2e Mon Sep 17 00:00:00 2001 From: Samrose Date: Fri, 26 Aug 2022 22:30:52 +0400 Subject: [PATCH 12/13] Add Matano Add Matano - open source security lake platform on AWS --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1997af2..6a6ac41 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,6 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper) - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. ### Monitoring / Logging - - [justniffer](http://justniffer.sourceforge.net/) - Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. - [httpry](http://dumpsterventures.com/jason/httpry/) - httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. - [ngrep](http://ngrep.sourceforge.net/) - ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. @@ -94,6 +93,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Fibratus](https://github.com/rabbitstack/fibratus) - Fibratus is a tool for exploration and tracing of the Windows kernel. It is able to capture the most of the Windows kernel activity - process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments. - [opensnitch](https://github.com/evilsocket/opensnitch) - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall - [wazuh](https://github.com/wazuh/wazuh) - Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of monitoring file system changes, system calls and inventory changes. +- [Matano](https://github.com/matanolabs/matano): Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code. ### IDS / IPS / Host IDS / Host IPS @@ -150,7 +150,8 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [FIR](https://github.com/certsocietegenerale/FIR) - Fast Incident Response, a cybersecurity incident management platform. - [LogESP](https://github.com/dogoncouch/LogESP) - Open Source SIEM (Security Information and Event Management system). - [wazuh](https://github.com/wazuh/wazuh) -Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. It works with tons of data supported by an OpenSearch fork and custom WUI. -- +- [Matano](https://github.com/matanolabs/matano): Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code. + ### VPN - [OpenVPN](https://openvpn.net/) - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. @@ -352,6 +353,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Apache Metron (incubating)](https://github.com/apache/incubator-metron) - Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. - [Apache Spot (incubating)](https://github.com/apache/incubator-spot) - Apache Spot is open source software for leveraging insights from flow and packet analysis. - [binarypig](https://github.com/endgameinc/binarypig) - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch. +- [Matano](https://github.com/matanolabs/matano): Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code. ## DevOps From 66cd90f648537594acbacdb1e9e77fd200e98a7b Mon Sep 17 00:00:00 2001 From: karimhabush <37211852+karimhabush@users.noreply.github.com> Date: Wed, 31 Aug 2022 22:48:50 +0100 Subject: [PATCH 13/13] Add cyberowl Request to add cyberowl to Threat Intelligence tools. Repo: https://github.com/karimhabush/cyberowl --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1997af2..4f07f5e 100644 --- a/README.md +++ b/README.md @@ -271,6 +271,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [MISP - Open Source Threat Intelligence Platform ](https://www.misp-project.org/) - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/). - [PhishStats](https://phishstats.info/) - Phishing Statistics with search for IP, domain and website title. - [Threat Jammer](https://threatjammer.com) - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources. +- [Cyberowl](https://github.com/karimhabush/cyberowl) - A daily updated summary of the most frequent types of security incidents currently being reported from different sources. ## Social Engineering