Tag: owasp


Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

CRSDistributedMacModSecurityNEW TOOLSOWASP ModSecurity

CRS – OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.The Core Rule Set provides protection against many common attack categories, including:SQL Injection (SQLi)Cross Site Scripting (XSS)Local File Inclusion (LFI)Remote File Inclusion (RFI)Remote Code Execution (RCE)PHP Code InjectionHTTP Protocol Violations    HTTPoxyShellshockSession FixationScanner DetectionMetadata/Error LeakagesProject Honey Pot…

NEW TOOLSOWASP VBScanPenetration TestPerlVBScan

VBScan 0.1.8 – Black Box vBulletin Vulnerability Scanner

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.Project Leader : Mohammad Reza Espargham Github : SourceForge : OWASP Page : usage : ./ <target>./ VBScan 0.1.7 introduction…

Ant TaskDependencyCheckGradle PluginJenkins PluginMaven PluginNEW TOOLSOWASP DependencyCheckSecurity AuditSoftware Composition AnalysisVulnerability Detection

DependencyCheck v3.3.1 – A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.Documentation and links to production binary releases can be found on the github pages. Additionally, more information about the architecture and ways to extend dependency-check can be found on the wiki.Current ReleasesJenkins PluginFor instructions…

Kali LinuxMacNEW TOOLSOWTFpenetration testingTesting Frameworkweb-application-securityweb-security

OWTF v2.4 – Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time toSee the big picture and think out of the boxMore efficiently find, verify and combine vulnerabilitiesHave time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessionsPerform more tactical/targeted fuzzing on seemingly risky areasDemonstrate true impact despite the short timeframes we are…

ClamavDetect MalwareDrupalMacMalware DetectionMascNEW TOOLSScanScanner WebWebYara

Masc – A Web Malware Scanner

A malware (web) scanner developed during CyperCamp Hackathon 2017.FeaturesAt the moment, there are some features avaiable for any type of website (custom or CMS) and some of them only available for specific platforms:Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules databases and ClamAV engine (if available)Perform some cleaning operations to improve website protectionMonitor the website for changes. Details are written in a log fileScan your site to know if it has been infected with some malwareList your local backupsLogging supportBackup your…

DefectDojoDjangoNEW TOOLSSecurity AutomationVulnerability CorrelationVulnerability DatabasesVulnerability Management

DefectDojo – Application Vulnerability Correlation And Security Orchestration Application

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.Quick Start$ git clone cd django-DefectDojo$ ./setup.bash$ ./run_dojo.bashnavigate to you'd like to check out a demo of DefectDojo before installing it, you can check out our PythonAnywhere demo site.You can log in as an administrator like so:You can also log…

DamniGoatiOSJailbreakNEW TOOLSOWASP iGoatOWASP iGoat (Swift)

OWASP iGoat (Swift) – A Damn Vulnerable Swift Application For iOS

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swif 4 and Ruby iGoat (Objective C) was presented at:OWASP TOP 10 Mobile Reverse EngineeringRuntime AnalysisData Protection (Rest)Data Protection (Transit)Key ManagementTamperingInjection FlawsBroken CryptographyMemory ManagementURL Scheme AttackSocial EngineeringSSL PinningAuthenticationJailbreak DetectionSide Channel Data LeaksCloud MisconfigurationCrypto ChallengesDocumentation: iGoat WikiiGoat Quick Setup git clone open iGoat-Swift.xcodeproj with xcode.Setup iGoat Server Navigate to server > docker_packaging and then user command docker compose up Using Cydia…

AppsecKurukshetraMacMySQLNEW TOOLSRubySandboxSecure Coding

Kurukshetra – A Framework For Teaching Secure Coding By Means Of Interactive Problem Solving

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment.Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which…

AstraNEW TOOLSpenetration testingPenetration Testing FrameworkPostman CollectionREST APISecurity AutomationSecurity Testing

Astra – Automated Security Testing For REST API’s

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing apis in…