|
1
|
|
barq
|
https://github.com/Voulnet/barq
|
The AWS Cloud Post Exploitation framework!sss
|
|
|
2
|
|
DefenseCode ThunderScan
|
https://github.com/marketplace/actions/defensecode-thunderscan-action
|
This is a paid source code audit tool.sss
|
|
|
3
|
|
DefenseCode Web Security Scanner
|
https://github.com/marketplace/actions/defensecode-thunderscan-action
|
This is a paid web application scanner.sss
|
|
|
4
|
|
Fortify Static Code Analyzer
|
https://www.microfocus.com/ja-jp/products/static-code-analysis-sast/overview
|
It is a source code diagnostic tool that has been in use for more than 10 years.
It supports basic languages, and can be integrated with general development environments to perform source code checking from the time of development.sss
|
|
|
5
|
|
GreyNoise
|
https://www.greynoise.io/
|
GreyNoise, Inc. All Rights Reserved.
|
|
|
6
|
|
HCL App Scan
|
https://www.hcljapan.co.jp/software/products/appscan/
|
Web audit tool and cloud version are also provided. Simple network audit such as port scanners can also be performed.sss
|
|
|
7
|
|
https://www.kali.org/
|
https://www.kali.org/
|
This is a Linux specialized for vulnerability testing.
A variety of tools for attacks are already installed.sss
|
|
|
8
|
|
Nessus
|
https://jp.tenable.com/products/nessus
|
A famous network vulnerability scanner. It provides an integrated security service based on network scanners, including cloud and installation versions.sss
|
|
|
9
|
|
Nexpose
|
https://www.rapid7.com/products/nexpose/
|
A famous network vulnerability scanner. It requires installation and is often compared to Nessus.
Vulnerabilities detected by Nexpose can be linked with Metasploit.sss
|
|
|
10
|
|
Nmap
|
https://nmap.org/
|
This is a very famous port scanning tool.
It can also do simple network audit.sss
|
|
|
11
|
|
OpenVAS
|
http://www.openvas.org/
|
It is a network diagnostic tool split from Nessus.
It is maintained by https://www.greenbone.net/ as open source and sells appliance products with OpenVAS pre-installed.sss
|
|
|
12
|
|
OSS-Fuzz
|
https://github.com/google/oss-fuzz
|
This is a tool for sending large amounts of data that may cause problems to applications published by Google.sss
|
|
|
13
|
|
Parrot Security OS
|
https://github.com/ParrotSec
|
Like Kali Linux, it specializes in vulnerability testing. A variety of tools for attacks are already installed from the beginning.sss
|
|
|
14
|
|
powershellempire
|
https://www.powershellempire.com/
|
The project itself is already finished.
You can download following url.
https://github.com/EmpireProject/Empiresss
|
|
|
15
|
|
Probely
|
https://probely.com/web-vulnerability-scanner/
|
This service provides website diagnosis in four plans: Free, Starter, Pro, and Premium.sss
|
|
|
16
|
|
Project Discovery
|
https://projectdiscovery.io/
|
|
|
|
17
|
|
Project OneFuzz
|
https://github.com/microsoft/onefuzz
|
This is a tool for sending large amounts of data that may cause problems with applications published by Microsoft.sss
|
|
|
18
|
|
protocol-fuzzer-ce
|
https://gitlab.com/gitlab-org/security-products/protocol-fuzzer-ce
|
This tool is used to send a large amount of data that may cause problems to applications published by GitLub.sss
|
|
|
19
|
|
Prowler
|
https://github.com/toniblyx/prowler
|
Prowler is a security tool for assessing AWS security best practices, auditing, incident response, continuous monitoring, hardening, and forensics readiness Prowler includes all CIS controls and many additional checks to help with GDPR, HIPAA, and other security frameworks. Prowler includes all CIS controls and many additional checks to help with GDPR, HIPAA, and other security frameworks.sss
|
|
|
20
|
|
https://github.com/RhinoSecurityLabs/pacuRhinoSecurityLabs/pacu
|
https://github.com/RhinoSecurityLabs/pacu
|
AWS exploitation framework,sss
|
|
|
21
|
|
ripstech
|
https://www.ripstech.com/
|
A source code audit tool for web applications.sss
|
|
|
22
|
|
ShadowDragon
|
https://shadowdragon.io/
|
|
|
|
23
|
|
Snort
|
https://www.snort.org/
|
A free, open source, fast and robust network threat detection engine.sss
|
|
|
24
|
|
sqlmap
|
http://sqlmap.org/
|
It is a very famous diagnostic tool that specializes in SQL injection.sss
|
|
|
25
|
|
Suricata
|
https://suricata.io/
|
Suricata is a free and open source, mature, fast and robust network threat detection engine.sss
|
|
|
26
|
|
trivy
|
https://github.com/aquasecurity/trivy
|
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issuessss
|
|
|
27
|
|
VADDY
|
https://vaddy.net/
|
The artificial intelligence technology used in VAddy has succeeded in omitting complex configuration items, making it easy for even inexperienced users to perform vulnerability assessments.
Even those with no experience in security diagnostics can easily perform inspections.
In addition, the minimum number of inspection items corresponding to real-world threats enables fast inspection.
Excerpt from [https://vaddy.net/ja/reasons.html
Translated with www.DeepL.com/Translator (free version)sss
|
|
|
28
|
|
Vega
|
https://subgraph.com/vega/
|
An open source web application scanner.sss
|
|
|
29
|
|
VEX
|
https://www.ubsecure.jp/vex
|
It is a very good web vulnerability assessment tool.sss
|
|
|
30
|
|
vuls
|
https://vuls.biz/
|
It is a scanner-installed version of the software installed in various environments that can be scanned for vulnerabilities.
There are free versions of OSS and paid versions with full support and functions.sss
|
|
|
31
|
|
Wappalyzer
|
https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg
|
This is a Chrome extension plugin that collects information about the language, CMS, version, etc. of a site.sss
|
|
|
32
|
|
wappalyzergo
|
https://github.com/projectdiscovery/wappalyzergo
|
This tool collects information such as the language used, CMS, and version of the site.sss
|
|
|
33
|
|
WPScan
|
https://wpscan.org/
|
WPScan is a black box WordPress vulnerability scanner.sss
|
|
