Select a tag to browse associated projects and drill deeper into the tag cloud.
A incident and advisory system for CERTs (Computer Emergency Response Teams). SIRIOS is based on the OTRS trouble ticket system that enables you to record your complete correspondence (e-mail, telephone etc.) without gaps. Thanks to the different modules of SIRIOS you can process your ... [More]
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Actually w3af has more than 130 plugins, including SQL injection, Cross Site Scripting and unsafe scripts detection.
OpenVAS is an open source remote security vulnerability scanner, designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.
Nepenthes is a versatile tool to collect malware. It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting ... [More]
Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Wapiti acts like a fuzzer ... [More]
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to ... [More]
The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Science and Technology (NIST) Risk Management Framework (RMF). While many security ... [More]
Dradis is an open source framework to enable effective information sharing, specially during security assessments. Our goals: Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple ... [More]