Provide Information Site

tool

This is a collection of sites about security.
The order is alphabetical.

URL
Name
Language
Number of items displayed

tool

No	Name	URL	Description	Tag
1	barq	https://github.com/Voulnet/barq	Barq is an AWS Cloud Post-Exploitation framework designed for attacking and extracting data from EC2 instances in an AWS environment. It allows security professionals to perform attacks on running EC2 instances without needing the original SSH key pairs or passwords. Features include enumerating EC2 instances, extracting stored secrets, launching payloads, and interacting with various AWS services. It can be run with Python 2 or 3 and integrates with Metasploit and Empire for further exploitation.sss	English Tools AWS
2	DefenseCode ThunderScan	https://github.com/marketplace/actions/defensecode-thunderscan-action	The DefenseCode ThunderScan Action is a GitHub Action that integrates the ThunderScan SAST (Static Application Security Testing) solution for source code scanning to identify vulnerabilities. This tool helps developers assess the security of their code by analyzing it for potential flaws and generating a SARIF (Static Analysis Results Interchange Format) output. It can be seamlessly integrated into a CI/CD pipeline and DevOps environments. The action allows security teams to automate vulnerability detection during development, making it easier to secure applications early in the development process.sss	English Tools Source Code Audit Automatic Audit tools
3	DefenseCode Web Security Scanner	https://github.com/marketplace/actions/defensecode-thunderscan-action	The DefenseCode ThunderScan Action is a GitHub Action that allows users to integrate ThunderScan, a static application security testing (SAST) solution, directly into their CI/CD pipelines. This tool analyzes the source code for vulnerabilities and provides results in the SARIF (Static Analysis Results Interchange Format). By using ThunderScan, developers can detect security issues early in the development cycle, allowing teams to resolve vulnerabilities before deployment. This automation helps improve code security and supports continuous integration practicessss	Japanese Web Audit Tools Automatic Audit tools
4	Fortify Static Code Analyzer	https://www.microfocus.com/ja-jp/products/static-code-analysis-sast/overview	It is a source code diagnostic tool that has been in use for more than 10 years. It supports basic languages, and can be integrated with general development environments to perform source code checking from the time of development.sss	Japanese Tools Source Code Audit Automatic Audit tools
5	GreyNoise	https://www.greynoise.io/	GreyNoise is a threat intelligence platform that helps security teams filter out noise from benign traffic and focus on real-time, verified threats. It monitors large-scale internet activity to identify potential attacks and shares intelligence on malicious actors. By using a network of proprietary sensors, GreyNoise enables security teams to prioritize and mitigate real threats efficiently. The platform offers detailed information on exploit activities, IP addresses involved in attacks, and provides insights into global cyber threat trends.sss	Japanese Tools Foreign Country Information Provision OSINT
6	HCL App Scan	https://www.hcljapan.co.jp/software/products/appscan/	HCL AppScan is a comprehensive security testing solution designed to identify vulnerabilities in web and mobile applications. It provides both dynamic analysis (testing running applications) and static analysis (examining source code) to detect security issues. Available as both on-premises and cloud-based solutions, it helps organizations ensure the security of applications throughout the development lifecycle. AppScan supports a wide range of testing capabilities, including mobile app security, and offers automated vulnerability detection with actionable remediation advice.sss	Japanese Major Tools Foreign Country Automatic Audit tools
7	JWT.io Debugger	https://jwt.io/ja	This is a free JWT debugging service provided by Okta. ・JWT decoder ・JWT encoder If you use JWT, this is a very useful feature created with a great GUI.sss	Japanese Tools
8	KALI LINUX	https://www.kali.org/	Kali Linux is an advanced, open-source Linux distribution tailored for penetration testing, security research, forensics, and reverse engineering. It is packed with numerous security tools and optimized for professionals in the cybersecurity field. Kali Linux can be run on various platforms including ARM, mobile devices, virtual machines, and cloud environments, making it flexible for a range of use cases in security assessments.sss	English Web Audit Network Audit Major Tools Foreign Country Hacking Forensic Pentest Windows Linux/Unix Mac OS
9	Nessus	https://jp.tenable.com/products/nessus	A famous network vulnerability scanner. It provides an integrated security service based on network scanners, including cloud and installation versions.sss	Japanese Network Audit Major Tools Foreign Country Automatic Audit tools Windows Linux/Unix Mac OS Vulnerability Management
10	Nexpose	https://www.rapid7.com/products/nexpose/	A famous network vulnerability scanner. It requires installation and is often compared to Nessus. Vulnerabilities detected by Nexpose can be linked with Metasploit.sss	English Network Audit Major Tools Foreign Country Automatic Audit tools
11	Nmap	https://nmap.org/	Nmap (Network Mapper) is a free and open-source tool used for network discovery and security auditing. It helps users identify hosts and services on a computer network, detect operating systems, and discover vulnerabilities. Nmap supports various scanning techniques, including port scanning and OS detection, and is widely used by network administrators, security professionals, and hackers for network mapping and security assessments.sss	English Network Audit Tools Foreign Country Automatic Audit tools Open Source
12	OpenVAS	http://www.openvas.org/	It is a network diagnostic tool split from Nessus. It is maintained by https://www.greenbone.net/ as open source and sells appliance products with OpenVAS pre-installed.sss	English Network Audit Tools Foreign Country
13	OSS-Fuzz	https://github.com/google/oss-fuzz	ChatGPT said: The OSS-Fuzz project, developed by Google, is a continuous fuzzing service for open source software. It aims to improve the security and stability of popular open-source projects by applying modern fuzzing techniques in a scalable, distributed environment. OSS-Fuzz identifies vulnerabilities such as buffer overflows, which can have serious security implications, and supports fuzzing engines like libFuzzer, AFL++, and Honggfuzz. OSS-Fuzz supports a wide range of programming languages including C/C++, Rust, Go, Python, Java, and JavaScript, and it works with tools like ClusterFuzz for distributed fuzz testing. As of August 2023, it has helped identify and fix over 10,000 vulnerabilities and over 36,000 bugs across more than 1,000 projects.sss	English Tools Open Source Fuzzing Git Google
14	Parrot Security OS	https://github.com/ParrotSec	Like Kali Linux, it specializes in vulnerability testing. A variety of tools for attacks are already installed from the beginning.sss	English Web Audit Network Audit Tools Foreign Country Hacking Forensic Pentest Windows Linux/Unix Mac OS
15	powershellempire	https://github.com/EmpireProject/Empire	Empire is a post-exploitation framework combining PowerShell and Python agents. It provides a range of post-exploitation modules and secure communication for evading detection, focusing on usability and adaptability in both Windows and Linux environments.sss	English Tools Hacking Windows
16	Probely	https://probely.com/web-vulnerability-scanner/web-app-scanning/	Probely is a web application vulnerability scanner that automates the security testing of web applications. It aims to eliminate false positives and provide comprehensive scan coverage, focusing on delivering actionable results with minimal intervention. Probely utilizes a headless-chrome-based spider for scanning, making it effective for complex JavaScript apps and Single-Page Applications (SPAs). This tool allows security teams to quickly identify and address vulnerabilities without manual validation, enhancing security and efficiency in DevOps environments.sss	English Web Audit Automatic Audit tools
17	Project Discovery	https://projectdiscovery.io/	ProjectDiscovery specializes in vulnerability management, providing tools that help organizations detect, prioritize, and mitigate exploitable vulnerabilities across their infrastructure. Their platform utilizes high-fidelity scanning powered by open-source tools like Nuclei, enabling security teams to focus on real threats. They offer continuous scanning, automated vulnerability detection, and customizable workflows, all designed to reduce false positives and streamline remediation. ProjectDiscovery helps security professionals manage their attack surface and integrate security into their DevOps processes.sss	English Network Audit Tools Foreign Country Open Source
18	Project OneFuzz	https://github.com/microsoft/onefuzz	OneFuzz is an open-source platform for continuous fuzzing-as-a-service. It allows developers to easily run fuzzing jobs to identify software vulnerabilities before release. With OneFuzz, users can scale fuzzing from a few virtual machines to thousands of cores. It supports both Windows and Linux platforms and includes features like ensemble fuzzing, live-debugging, and automatic triage of found vulnerabilities.sss	English Tools Open Source Microsoft Fuzzing Git
19	protocol-fuzzer-ce	https://gitlab.com/gitlab-org/security-products/protocol-fuzzer-ce	The Protocol Fuzzer CE is a community edition of GitLab's protocol fuzzing framework, designed to test and identify vulnerabilities in network protocols. Based on the Peach Fuzzer Professional, it includes key features but with some functionality removed. The tool is used to discover potential security flaws in protocol implementations, making it an essential part of a security professional's toolkit.sss	Japanese Tools Open Source Fuzzing Git
20	Prowler	https://github.com/prowler-cloud/prowler	Prowler is a security tool for assessing AWS security best practices, auditing, incident response, continuous monitoring, hardening, and forensics readiness Prowler includes all CIS controls and many additional checks to help with GDPR, HIPAA, and other security frameworks. Prowler includes all CIS controls and many additional checks to help with GDPR, HIPAA, and other security frameworks.sss	English Tools AWS
21	https://github.com/RhinoSecurityLabs/pacuRhinoSecurityLabs/pacu	https://github.com/RhinoSecurityLabs/pacu	Pacu is an open-source AWS exploitation framework created by Rhino Security Labs. It is designed for penetration testing and security assessment of Amazon Web Services (AWS) environments. Pacu helps security professionals identify vulnerabilities in AWS configurations, using a variety of modules to exploit issues such as privilege escalation, backdooring IAM users, and attacking vulnerable Lambda functions. It can be easily installed and used with Python and Docker, making it a valuable tool for testing the security of cloud environments.sss	English Tools AWS
22	ripstech	https://www.ripstech.com/	Ripstech, now rebranded as Sonar, provides solutions for ensuring clean code by improving code quality, security, and maintainability. Their platform offers tools like SonarQube, SonarCloud, and SonarLint to support continuous code analysis and quality management. These tools help developers identify and fix issues in real-time, optimize development processes, and reduce technical debt. Sonar integrates seamlessly into DevOps pipelines, making it easier to maintain high-quality, secure code from development to production.sss	English Tools Source Code Audit Automatic Audit tools
23	ShadowDragon	https://shadowdragon.io/	ShadowDragon provides advanced OSINT (Open Source Intelligence) tools that enable investigators to gather and analyze data from over 225 sources. Their platform includes tools for social media analysis, malware investigation, geolocation, and more, designed to streamline investigations and uncover actionable insights quickly and efficiently.sss	English News Tools
24	Snort	https://www.snort.org/	Snort is an open-source Intrusion Prevention System (IPS) used for real-time traffic analysis and packet logging. It is designed to detect and prevent malicious network activity by analyzing network traffic and generating alerts based on predefined rules. Snort can function as a packet sniffer, a packet logger, or as a full-blown IPS to prevent attacks. It is widely deployed for network security and provides tools for both individual and organizational use. Users can access community rules for free or subscribe for real-time updates via Snort Subscriber Ruleset.sss	English Tools Open Source IDS/IPS Management
25	sqlmap	http://sqlmap.org/	SQLMap is an open-source penetration testing tool designed to automate the process of detecting and exploiting SQL injection flaws. It offers a robust engine for identifying vulnerabilities and exploiting database servers, supporting multiple SQL injection techniques. SQLMap allows security professionals to access underlying file systems, execute commands on the operating system, and dump databases. It's widely used for vulnerability assessments, data exfiltration, and escalating privileges within database systems.sss	English Tools Automatic Audit tools
26	Suricata	https://suricata.io/	Suricata is an open-source, high-performance network analysis and threat detection engine. It is widely used by public and private organizations to monitor and protect their networks. Suricata supports multiple features such as intrusion detection, intrusion prevention, and network security monitoring. It is known for its high scalability and the ability to analyze large amounts of network traffic in real-time. Suricata integrates with various tools and platforms and is backed by a strong global community.sss	English Tools Open Source IDS/IPS Management
27	trivy	https://github.com/aquasecurity/trivy	Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issuessss	English Tools Vulnerability Management Open Source Server Configuration Audit Git
28	VADDY	https://vaddy.net/	The artificial intelligence technology used in VAddy has succeeded in omitting complex configuration items, making it easy for even inexperienced users to perform vulnerability assessments. Even those with no experience in security diagnostics can easily perform inspections. In addition, the minimum number of inspection items corresponding to real-world threats enables fast inspection. Excerpt from [https://vaddy.net/ja/reasons.html Translated with www.DeepL.com/Translator (free version)sss	Japanese Web Audit Tools Automatic Audit tools
29	Vega	https://subgraph.com/vega/	Vega is a free and open-source web security scanner and testing platform designed to assess the security of web applications. It helps find vulnerabilities such as SQL injection, cross-site scripting (XSS), and inadvertently exposed sensitive information. Written in Java, it provides a graphical user interface (GUI) and works on Linux, OS X, and Windows. Vega includes an automated scanner, an intercepting proxy, and a powerful API for extending its capabilities with custom attack modules written in JavaScript.sss	English Web Audit Tools Automatic Audit tools
30	VEX	https://www.ubsecure.jp/vex	VEX by UBsecure is a leading vulnerability assessment tool for web applications, holding the largest market share in Japan. Released in 2007, VEX has gained widespread recognition, especially in the financial industry, for its high-precision vulnerability detection. The tool has been continuously improved over the years, with feedback from thousands of site assessments, ensuring high reliability and effectiveness. VEX is widely used by security professionals to conduct comprehensive vulnerability testing and is known for its advanced capabilities in identifying and mitigating web application security risks.sss	Japanese Tools Automatic Audit tools
31	vuls	https://vuls.biz/lp/	It is a scanner-installed version of the software installed in various environments that can be scanned for vulnerabilities.There are free versions of OSS and paid versions with full support and functions.sss	Japanese Tools Automatic Audit tools Open Source
32	Wappalyzer	https://chromewebstore.google.com/detail/wappalyzer-technology-pro/gppongmhjkpfnbhagpmjfkannfbllamg	Wappalyzer is a browser extension that identifies the technologies used by websites. It can detect frameworks, programming languages, CMSs, and many other web technologies, making it useful for developers, marketers, and researchers who want to learn more about the tech behind websites.sss	English Tools Foreign Country Open Source Site Information Gathering
33	wappalyzergo	https://github.com/projectdiscovery/wappalyzergo	The WappalyzerGo project is a high-performance Go implementation of the Wappalyzer technology detection library. It helps identify technologies used on websites (like CMS, frameworks, servers, etc.) by analyzing the headers and body of web pages. This tool is based on data from the original Wappalyzer project and offers features such as normalized regex patterns and an auto-updating database for detecting technology fingerprints. This Go library is optimized for performance and is easy to integrate into applications for technology detection in web security assessments or analytics.sss	English Tools Foreign Country Open Source Site Information Gathering
34	WPScan	https://wpscan.org/	WPScan is a security scanner specifically designed for WordPress sites. It allows security professionals and site maintainers to identify vulnerabilities in WordPress installations, including plugins, themes, and configuration settings. WPScan checks for a variety of issues such as outdated WordPress versions, vulnerable plugins or themes, weak passwords, exposed error logs, and more. It uses a comprehensive database of known vulnerabilities to perform security assessments and help improve the overall security of WordPress sites.sss	English Tools WordPress Automatic Audit tools

Display Dashboard Setting