Security Scanning

A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.

AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.

Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.

A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

Second-order subdomain takeover scanner

A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

ssh-audit is a Python-based tool for auditing SSH server and client configurations to identify security weaknesses and ensure compliance with best practices.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.

FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.