Quick Android Review Kit
This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. There is no need to root the test device, as this tool focuses on vulnerabilities that can be exploited under otherwise secure conditions. It is capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds. For more options please see the --help command. Results: A report is generated in JSON and can be built into other format types, to change the report type please use the --report-type flag. Installation: With pip (no security checks on requirements): ~ pip install --user qark # --user is only needed if not using a virtualenv ~ qark --help With requirements.txt (security checks on requirements): ~ git clone https://github.com/linkedin/qark ~ cd qark ~ pip install -r requirements.txt ~ pip install . --user # --user is only needed if not using a virtualenv
FEATURES
ALTERNATIVES
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A non-profit organization focused on improving the security of software through resources and training.
A script that checks for common best-practices around deploying Docker containers in production.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05
A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.