Security Audit

A comprehensive application security service provider offering manual penetration testing, vulnerability assessment, and security solutions across various industries.

A comprehensive cybersecurity consulting service offering security assessments, risk analysis, and implementation of tailored information security management systems for organizations.

A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.

A compliance management platform that simplifies CMMC Level 1 certification for defense contractors through guided workflows, policy templates, and evidence management tools.

Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.

ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.

A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.

Monitor GitHub for sensitive data

A simple snippet to increment ../ on the URL.

A storage exploration tool that provides unified access to view publicly accessible Amazon S3 buckets, Azure Blob storage, FTP servers, and HTTP directory listings.

A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.

A security tool that performs whitebox evaluation of S3 object permissions to identify publicly accessible files and generate reports on potential exposure risks.

Pre-commit hook for validating outgoing changeset

S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.

Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.

A sensitive data detection tool for scanning source code repositories

Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

Web server scanner for identifying security vulnerabilities.

A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.

APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

An extensible, heuristic-based vulnerability scanning tool for installed npm packages.

A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.

A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.