Security News

20 essential open-source cybersecurity tools that save you time
2024-03-25 06:00

When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time. Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs
2024-03-21 05:30

WebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. Subdomain enumeration: It leverages tools like Assetfinder, Subfinder, Amass, and httpx to comprehensively discover subdomains.

Lynis: Open-source security auditing tool
2024-03-19 04:00

Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis. Lynis conducts a thorough security examination of the system directly.

Quicmap: Fast, open-source QUIC protocol scanner
2024-03-18 04:30

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs.

MobSF: Open-source security research platform for mobile apps
2024-03-14 05:30

The Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation.

Open Source Password Managers: Overview, Pros & Cons
2024-03-13 17:28

There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. Other providers of open source password solutions are a hybrid between open source and proprietary - their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy.

BSAM: Open-source methodology for Bluetooth security assessment
2024-03-13 05:30

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. "Many of the examples presented during the conference were real tests on devices that attendees - most of them cybersecurity experts - were carrying with them," they told Help Net Security.

CloudGrappler: Open-source tool detects activity in cloud environments
2024-03-11 05:30

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)
2024-03-08 04:30

MITRE now offers an open-source version of its Aviation Risk Identification and Assessment software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. The first prototype of ARIA was developed for the Federal Aviation Administration in collaboration with the FAA's Safety and Technical Training service unit Quality Assurance group, and it was introduced in October 2020.

Securing open source software: Whose job is it, anyway?
2024-03-08 01:02

On the government side of things, this includes a voluntary threat intelligence sharing program between the Feds and open source software developers and operators, which the US Cybersecurity and Infrastructure Security Agency will lead. "We want to help foster real-time collaboration around security incidents," CISA director Jen Easterly explained in a keynote address at the agency's Open Source Software Security Summit this week. While it's not exactly new, in 2022 NPM - which bills itself as the world's largest software registry - began requiring maintainers of high-impact projects to use MFA. Last year, NPM developed tools that allow maintainers to automatically generate package provenance and Software Bill of Materials, which allow anyone using the open source packages to trace and verify code dependencies.