Security Assessment

A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.

A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.

A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.

A security tool that performs whitebox evaluation of S3 object permissions to identify publicly accessible files and generate reports on potential exposure risks.

A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.

SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through systematic testing and analysis.

A PowerShell security assessment script that evaluates Siemens SIMATIC PCS 7 industrial control systems for security misconfigurations and vulnerabilities.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.

kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.

Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

A Python script that inventories and lists main AWS account resources to provide visibility into cloud infrastructure components that may impact billing or security.

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.

MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.

AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming.