Gamma Ray
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications. Its pluggable infrastructure makes it very easy to write an integration with several vulnerabilities databases. To get it, run: $> go get github.com/nearform/gammaray. Once finished, you should have the gammaray binary in your GOPATH/bin folder. Usage: Gammaray comes as a single binary, so you only need to run it passing your project as an argument: $> gammaray <path-to-your-node-app>. Gammaray supports flags like -path, -image, -log-level, and -ignore-list. By providing the path to a JSON file with CVE/CWE ignore array, you can customize the vulnerabilities to be ignored. After running, all the vulnerabilities affecting your packages will be displayed. Contributing: As a developer, clone the repository, start hacking, and PRs are welcome! $> mkd
FEATURES
SIMILAR TOOLS
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A tool for detecting and exploiting Android application vulnerabilities
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A list of vulnerable applications for testing and learning
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A tool to run YARA rules against node_module folders to identify suspicious scripts
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.