Security Audit
Explore 67 curated tools and resources
LATEST ADDITIONS
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
A simple snippet to increment ../ on the URL.
A Burp extension for scanning JavaScript files for endpoint links
A command-line program for finding secrets and sensitive information in textual data and Git history.
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
A tool to identify publicly accessible S3 objects
Pre-commit hook for validating outgoing changeset
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A sensitive data detection tool for scanning source code repositories
A compliant audit log tool that provides a searchable, exportable record of read/write events.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
Identify AWS IAM permissions by brute-forcing API calls.
Web server scanner for identifying security vulnerabilities.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.
A tool to scan for CORS misconfigurations in web applications
Conmachi is a Golang tool for scanning container environments for security issues.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Guidelines for contributing to a cybersecurity tools and resources list
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Mitigate security concerns of Dependency Confusion supply chain security risks.
Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A Python script to check system compliance against CIS Benchmarks with customizable options.
A tool for identifying potential security vulnerabilities in web applications
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Repokid uses Access Advisor to remove unused service permissions from IAM roles in AWS.
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
Second-order subdomain takeover scanner
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
Tool to inform about potential risks in project dependencies list.
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Websecurify provides efficient ways to protect organizations with sophisticated technology and expert consultancy.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
Comprehensive host-survey tool for security checks in C#.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
Open source security auditing tool to search and dump system configuration.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Identifies misconfigured CloudFront domains vulnerable to hijacking
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
A script and library for identifying risks in AWS IAM configuration
A free online tool that scans and fixes common security issues in WordPress websites.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
Simple script to check a domain's email protections and identify vulnerabilities.
Open source tool for generating YARA rules about installed software from a running OS.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security