Gamma Ray
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications. Its pluggable infrastructure makes it very easy to write an integration with several vulnerabilities databases. To get it, run: $> go get github.com/nearform/gammaray. Once finished, you should have the gammaray binary in your GOPATH/bin folder. Usage: Gammaray comes as a single binary, so you only need to run it passing your project as an argument: $> gammaray <path-to-your-node-app>. Gammaray supports flags like -path, -image, -log-level, and -ignore-list. By providing the path to a JSON file with CVE/CWE ignore array, you can customize the vulnerabilities to be ignored. After running, all the vulnerabilities affecting your packages will be displayed. Contributing: As a developer, clone the repository, start hacking, and PRs are welcome! $> mkd
FEATURES
ALTERNATIVES
A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1
A JavaScript scanner built in PHP for scraping URLs and other information.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
An open source project for static analysis of vulnerabilities in application containers
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.