CAPA
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
When you manage private open source packages, for reasons such as keeping intellectual property private, then these packages will be hosted and served via private registries, or require authorization. By definition, these packages won't exist on public registries. However, when a package name is used without a reserved namespace (also known as a scope in npm, for example), they are often free to be registered by any other user on the Internet and create a potential Dependency Confusion attack vector. The attack manifests due to a mix of user misconfiguration, and bad design of package managers, which will cause the download of the package from the public registry, instead of the private registry. This tool detects two types of potential Dependency Confusion compromises: - Vulnerable - Suspicious Vulnerable: A case of actual vulnerable package is when a package name is detected to be used in a project, but the same package name is not registered on the public registry.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A fake Django admin login screen to detect and notify admins of attempted unauthorized access
SAST and malware analysis tool for Android APKs with detailed scan information.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
A low overhead rate limiter for your routes
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.