Skip to content

Instantly share code, notes, and snippets.

@Exadra37

Exadra37/security-tools.md

Last active September 22, 2020 13:17
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Exadra37/a4a003e0da409f75c9d2cc0f16254961 to your computer and use it in GitHub Desktop.
Save Exadra37/a4a003e0da409f75c9d2cc0f16254961 to your computer and use it in GitHub Desktop.
Download ZIP
Security Tools
Raw
security-tools.md

SECURITY TOOLS

My personal list of security tools I recommend in the Approov Blog were I write articles as a Developer Advocate for security in Mobile and APIs.

API

  • MITMPROXY or Man In The Middle Proxy - Intercept traffic from a client consuming an API.
  • Fierce Domain Scanner - Enumerate hostnames for a domain.
  • Certificate Transparency Logs:
    • Web Interface:
    • Programmaticly access the certificate transparency logs:

MOBILE

  • MobSF or Mobile Security Framework - Automatically find security vulnerabilities in your web applications while you are developing and testing your applications

WEB

  • OWASP ZAP or Zed Attack Proxy - Automatically find security vulnerabilities in your web applications while you are developing and testing your applications

CODE

  • GitRob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
  • GitSecrets - Scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
  • ShowJava - Decompiles the apk directly in the mobile phone.
  • LuckyPatches - Is a modifier app for unlimited access in games and play store.

GENERIC

  • SHODAN - Shodan is the world's first search engine for Internet-connected devices. Find vulnerable stuff connected to the internet.

ARTICLES

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment