Security News

SiCat: Open-source exploit finder
2024-02-12 04:30

SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Performing exploit searches based on desired inputs and sources such as Exploit-DB, Exploit Alert, Packetstorm Security, NVD Database, and Metasploit modules.

SOAPHound: Open-source tool to collect Active Directory data via ADWS
2024-02-08 05:00

SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services protocol. SOAPHound is a substitute for various open-source security tools typically employed for extracting data from Active Directory via the LDAP protocol.

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure
2024-02-07 05:30

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community," Toni de la Fuente, the creator of Prowler, told Help Net Security.

CVEMap: Open-source tool to query, browse and search CVEs
2024-02-01 05:00

CVEMap is an open-source command-line interface tool that allows you to explore Common Vulnerabilities and Exposures. Security experts, who must be constantly alert to thwart adversaries seeking any vulnerability, are distracted by the sheer volume of CVEs.

Faction: Open-source pentesting report generation and collaboration framework
2024-01-30 05:30

Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs.

Automated Emulation: Open-source breach and attack simulation lab
2024-01-25 05:30

Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The creator of Automated Emulation, Jason Ostrom, aimed to develop an infrastructure security lab to enhance skills in adversary simulation, focusing on linking TTPs and evaluating various endpoint security products.

CloudFoxable: Open-source AWS penetration testing playground
2024-01-22 05:00

CloudFoxable is a capture-the-flag style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely.

Skytrack: Open-source aircraft reconnaissance tool
2024-01-18 05:30

Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance. The tool utilizes multiple data sources to collect information on aircraft, can produce a PDF report for a specific aircraft, and offers conversion between ICAO and Tail Number designations.

Wazuh: Building robust cybersecurity architecture with open source tools
2024-01-17 15:04

Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Organizations require various security tools that satisfy the key areas of a security architecture as they each play a role in securing digital assets.

Adalanche: Open-source Active Directory ACL visualizer, explorer
2024-01-15 05:00

Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. "The visual attack graph representation of your Active Directory pops up in your browser, and you can explore things from there. The more data you add, the more insights you get: if you run the open-source Windows collector, you get local accounts, groups, services, file/registry permissions, etc., from both workstations and servers in the graph."