vulnerability-management-resources
vulscan
vulnerability-management-resources | vulscan | |
---|---|---|
2 | 3 | |
10 | 3,342 | |
- | 2.1% | |
2.6 | 3.4 | |
10 months ago | 10 months ago | |
Lua | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vulnerability-management-resources
-
Catalog of zero-day vulnerabilities
Microsoft lists zero-day vulnerabilities their patches will fix each Patch Tuesday, but tracking down other zero-days doesn’t seem as easy. I’ve looked at the resources listed here but none seem to explicitly notate and filter for zero-days. The Tenable plugins search doesn’t allow filtering of zero-days, either. I could set up a news search or Twitter search each day, but if there’s one resource out there somewhere that keeps track of them all, that’d be extremely helpful.
-
zero-day exploit notifications
For other vulnerability related resources check: https://github.com/nickpieper/vuln-management-resources
vulscan
-
Scanning ports and finding network vulnerabilities using nmap
Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.
- Using Sn1per, what next?
- Windows Volnurability Report
What are some alternatives?
SSVC - Stakeholder-Specific Vulnerability Categorization
nmap-vulners - NSE script based on Vulners.com API
openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.
GVM-Docker - Greenbone Vulnerability Management Docker Image with OpenVAS
vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
haproxy-auth-request - auth-request allows you to add access control to your HTTP services based on a subrequest to a configured HAProxy backend.
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
Nginx-Lua-Anti-DDoS - A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserializati
faraday - Open Source Vulnerability Management Platform
iotvas-nmap - This is a NSE script that uses IoTVAS API and enables NMAP port scanner to perform connected device discovery and security risk assessment
luash - Extensible Lua terminal emulator
rtc - Lua script to executable compiler