Search Results for "vulnerability management"

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is...

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich...

...Beside security related information it will also scan for general system information, installed packages and possible configuration errors. This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd). Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits, by automation of control testing. Extended support for companies is available

SIGVI is a vulnerability manager for enterprise environments. Uses vulnerability sources like NVD, auto-updates its repository and looks for vulnerable products installed on your servers, creating alerts and notifying their administrators.

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...

A management system for sensitive system and security information. This system is designed to aid IT/Security professionals in maintaining a repository of sensitive information for their systems, to include: sensitive system information (architecture, assets and inventory, vulnerability data, remediation strategies, assessments) and so on.

Vsam (Vulnerabillity, Scanning, Analysis and Management) is a project dedicated to the release of a virtual appliance for the management and analysis of vulnerability scan data. The main goals are ease of use and stability of the application.

The Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host.

Nessconnect is a GUI, CLI and API client for Nessus and Nessus compatible servers. With an improved user interface, it provides local session management, scan templates, report generation through XSLT, charts and graphs, and vulnerability trending.

An OVAL vulnerability assessment and compliance management tool, written in Python. Depends on paramiko and elementtree.

QuIDScor is a daemon software integrating Intrusion Detection Systems (IDS) and vulnerability assesment and management platforms. Today QuIDScor correlates and verifies Snort alerts against QualysGuard vulnerability assessment data.

Free and easy to use vulnerability scanner for web server administrators.

CMS identifier (cmsident) attempts to identify the content management system used to generate a given web site (and its version). Future versions will automatically look up found versions in vulnerability databases to alert if updates are necessary.