souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
13 results tagged scan  ✕   ✕
Grype https://github.com/anchore/grype
12/04/2022 cluster icon
  • Hadolint : A smarter Dockerfile linter that helps you build best practice Docker images. The linter is parsing the Dockerfile into an AST and performs rules on t...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Rancher : Rancher is open source software that makes it simple for organizations to deploy a private container service and deliver Docker orchestration to users...
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
thumbnail

A vulnerability scanner for container images and filesystems.

docker container security scan
OpenVAS https://www.openvas.org/
29/04/2020 cluster icon
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

security scan test tool
SpiderFoot https://www.spiderfoot.net/
11/02/2020 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
thumbnail

With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (OSINT) about IP addresses, domain names, e-mail addresses, usernames, names, subnets and ASNs from many sources such as AlienVault, HaveIBeenPwned, SecurityTrails, SHODAN and more.

security osint scan tool
ApplicationInspector https://github.com/microsoft/ApplicationInspector
29/01/2020 cluster icon
  • semgrep : semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctnes...
  • SonarQube : SonarQube is an open source platform for continuous inspection of code quality.
  • tickgit : tickgit is a tool to help you manage tickets, todo items, and checklists within a codebase. Use the tickgit command to view pending tasks, progress re...
  • Black : By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyl...
  • Inj3ct0r 1337day.com : Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)
thumbnail

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

staticanalysis code scan
REDbot https://redbot.org/
07/12/2019 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
  • Report URI : Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your si...
  • Hoppscotch : A free, online, open source API request builder
thumbnail

REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how they'll behave, pointing out common problems and suggesting improvements. Although it is not a HTTP conformance tester, it can find a number of HTTP-related issues.

tool http scan service cache
Wappalyzer https://www.wappalyzer.com/
07/12/2019 cluster icon
  • TrackingTheTrackers.com : A free analysis tool to check if a website is disguising third-party trackers as first-party trackers.
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • WebPagetest : Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds. You...
  • REDbot : REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how ...
  • NameQL : NameQL helps you find a great domain name. It considers thousands of potential names in milliseconds and shows you the best, and only the ones where [...

Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, ecommerce platforms, web frameworks, server software, analytics tools and many more.

website scan service
OpenSCAP https://www.open-scap.org/
03/10/2018 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Syncthing : Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying...

The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines. We maintain great flexibility and interoperability, reducing the costs of performing security audits.

security tool scan
Open Paperless https://github.com/zhoubear/open-paperless
29/12/2017 cluster icon
  • MediaGoblin : MediaGoblin is a free software media publishing platform that anyone can run. You can think of it as a decentralized alternative to Flickr, YouTube, S...
  • Poetry : Python packaging and dependency management made easy
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • GNU social : GNU social is a continuation of the StatusNet project. It is social communication software for both public and private communications. It is widely su...
  • pass : pass is a very simple password store that keeps passwords inside gpg2 encrypted files inside a simple directory tree residing at ~/.password-store. Th...
thumbnail

Scan, index, and archive all of your paper documents. Open Paperless is a re-think of the user interface and user experience for Mayan EDMS. The goal is to reduce the complexity and make it more suitable for home users.

python document management scan archive freesoftware
Observatory https://observatory.mozilla.org/
01/09/2016 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...
  • REDbot : REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how ...

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

http security scan configuration
Security Headers https://securityheaders.com/
02/05/2016 cluster icon
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
  • Report URI : Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your si...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
thumbnail

I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

http security test scan service
WhatWeb http://www.morningstarsecurity.com/research/whatweb
17/04/2016 cluster icon
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • BounCA : BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web ...
thumbnail

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

web scan tool analysis security
Zed Attack Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
04/08/2014 cluster icon
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
thumbnail

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

web security proxy scan tool
Wapiti http://wapiti.sourceforge.net
18/06/2011 cluster icon
  • Nikto2 : Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potent...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • Sitespeed.io : Sitespeed.io is an open source tool that helps you analyze and optimize your website speed and performance based on performance best practices. It col...
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

web security software test scan
1636 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn