Security News
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time. Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.
WebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. Subdomain enumeration: It leverages tools like Assetfinder, Subfinder, Amass, and httpx to comprehensively discover subdomains.
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis. Lynis conducts a thorough security examination of the system directly.
Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs.
The Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation.
There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. Other providers of open source password solutions are a hybrid between open source and proprietary - their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy.
Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. "Many of the examples presented during the conference were real tests on devices that attendees - most of them cybersecurity experts - were carrying with them," they told Help Net Security.
CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.
MITRE now offers an open-source version of its Aviation Risk Identification and Assessment software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. The first prototype of ARIA was developed for the Federal Aviation Administration in collaboration with the FAA's Safety and Technical Training service unit Quality Assurance group, and it was introduced in October 2020.
On the government side of things, this includes a voluntary threat intelligence sharing program between the Feds and open source software developers and operators, which the US Cybersecurity and Infrastructure Security Agency will lead. "We want to help foster real-time collaboration around security incidents," CISA director Jen Easterly explained in a keynote address at the agency's Open Source Software Security Summit this week. While it's not exactly new, in 2022 NPM - which bills itself as the world's largest software registry - began requiring maintainers of high-impact projects to use MFA. Last year, NPM developed tools that allow maintainers to automatically generate package provenance and Software Bill of Materials, which allow anyone using the open source packages to trace and verify code dependencies.