Projects tagged ‘vulnerability’

A incident and advisory system for CERTs (Computer Emergency Response Teams). SIRIOS is based on the OTRS trouble ticket system that enables you to record your complete correspondence (e-mail ... [More] , telephone etc.) without gaps. Thanks to the different modules of SIRIOS you can process your CERT-specific information in a very structured manner (for example Advisories and Incidents). [Less]

Nepenthes is a versatile tool to collect malware. It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities.

w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Actually w3af has ... [More] more than 130 plugins, including SQL injection, Cross Site Scripting and unsafe scripts detection. [Less]

The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the ... [More] National Institute of Science and Technology (NIST) Risk Management Framework (RMF). While many security managers are eager to demonstrate their best practices for incident response, patch management, and configuration management, they are overwhelmed with the reporting and documentation requirements of FISMA. [Less]

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed ... [More] webapp, looking for scripts and forms where it can inject data. Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. [Less]

OpenVAS is an open source remote security vulnerability scanner, designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and ... [More] provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. [Less]

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like ... [More] RATS and SWAAT while keeping the technical requirements to a minimum and being very flexible. [Less]

Hoktar ?The main goal of Hoktar is to secure your network by handling the long and terrible vulnerability management process. FeaturesHoktar is able to : Import Nessus scan Email the specified ... [More] person assigned to a vulnerability asking him to justify it Generate a weekly report of resolved/unassigned/modified vulnerability Automatically escalating a vulnerability Still in development. [Less]

nessquik is a fast web frontend for the Nessus Vulnerability Scanner. It uses modern javascript technologies to deliver a responsive, easy to use interface that lets people quickly schedule scans using Nessus.