GAUNTLT (Go Ahead, Be Mean To Your Code) provides hooks to a variety of security tools and facilitates testing and communication between security, dev, and ops teams to build rugged software. It includes attack adapters for tools like curl, nmap, sslyze, sqlmap, and more, and can easily integrate with your organization's testing tools and processes.
FEATURES
ALTERNATIVES
Community project for developing common guidelines and best practices for secure configurations.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
A security dataset and CTF platform with full and attack-only versions pre-indexed for Splunk.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
A sample security dataset and CTF platform for information security professionals, researchers, students, and enthusiasts.
A book that helps improve Docker security by covering risks and countermeasures
A golang utility to spider through a website searching for additional links.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.