pedramjm

blueprint-securesoftwarepipeline

For engineers and security teams driving fast and secure software supply chains

concourse-http-resource

A generic Concourse resource for hitting an HTTP URL based on a small alpine base image.

AAPG

[A]ndroid [A]pplication [P]entest [G]uide

appsec-risk-assessment-guide

Contains documentation (guides, resources, links etc.) to accompany the formal application security risk assessment

asra-domains

Application Security domains

auditd

Best Practice Auditd Configuration

codeexamples-android

Android examples from the vogella.com website

continuous-threat-modeling

A Continuous Threat Modeling methodology

dependencycheck-central-mysql-docker

Self-updating OWASP DependencyCheck Database Server :book:

driftctl

Detect, track and alert on infrastructure drift

Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

falco

Cloud Native Runtime Security

Hello-World

My first repository on GitHub!

Infosec_Reference

An Information Security Reference That Doesn't Suck

inql

InQL - A Burp Extension for GraphQL Security Testing

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

nessus-dash

Flask based Cybersecurity Dashboard

nessus-database-export

Script to export Nessus results to a relational database for use in reports, analysis, or whatever else.

nessus-file-analyzer

GUI tool which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc. and exports results to a Microsoft Excel Workbook for effortless analysis.

nessus-file-reader

CLI tool and python module which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc.

scripts

Various scripts for penetration testing

sentinel-attack

Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework

steampipe

Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.

testing

test repo

testyml

ThreatMapper

Identify vulnerabilities in running containers, images, hosts and repositories

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

web-methodology

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki