Skip to content

Instantly share code, notes, and snippets.

@justsml
Last active September 29, 2022 19:26
Show Gist options
  • Save justsml/ddd6fccd9a1f1859f3471ef84a2dce65 to your computer and use it in GitHub Desktop.
Save justsml/ddd6fccd9a1f1859f3471ef84a2dce65 to your computer and use it in GitHub Desktop.

Security Tooling

The following security tools are used by both attackers & defenders. That's how you know it's good.

These tools go far beyond Dependabot, and can provide far richer details than almost any 3rd party scanning services (e.g. Nessus).

Dependency Scanning

SecurityScorecards.dev

Note: Scorecard supports NPM & Rubygems projects.

Also, there's an easy-to-setup GitHub Action that runs the scorecard report as part of CI workflows.


Red Team / Offense


Infrastructure Scanning

Ostorlab Scanning Platform is a tool that can scan a target network with extensible & modular plugins.

Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response.

Note: Prowler is included in other tools such as CS-Suite.

Lynix is a security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening.

Note: Vuls uses a massive set of vulnerability databases.

References & Misc Tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment