Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
.well-known (RFC) is becoming an increasingly popular destination for stashing site-wide metadata. Some of that metadata is relevant to site security or may unintentionally leak information, so we should scan it.
Some starting points:
Presence of/interesting things in an MTA-STS policy (RFC)
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Is your feature request related to a problem? Please describe.
For users that want to run/use your tool in a CI/CD pipeline as part of a quality check, needing to install the tool locally may not always be an option.
Describe the solution you'd like
I would like to see this tool be made available in an official Docker image like many other CLI-based tools provide (ie. [AquaSec/Trivy](
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
.well-known(RFC) is becoming an increasingly popular destination for stashing site-wide metadata. Some of that metadata is relevant to site security or may unintentionally leak information, so we should scan it.Some starting points: