Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Zed Alternatives
Similar projects and alternatives to Zed
-
-
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
-
awesome-dva
A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
-
PHP IDS
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
-
-
Sonar
Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
-
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
ArchiveBox
🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
-
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
-
-
Proxyman
Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
-
-
-
Vault
A tool for secrets management, encryption as a service, and privileged access management
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Zed reviews and mentions
-
Cyber Security for developers: what and where to learn?
Dynamic Application Security Testing - DAST
-
Pentesting Tools I Use Everyday
Learn more about ZAP here: https://www.zaproxy.org/
- CSPM opensource suggestions
-
Mapping your AWS attack surface
Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.
-
Help with random values in query string
MITM proxy or ZAP are good at those kinds of tricks
-
How to Become a Pirate Archivist
I'm not in the pirate archivist space, but sections 3 and 5 are relevant to my interests. I've had great luck with ZAP (https://github.com/zaproxy/zaproxy#readme) glued to a copy of Firefox (because it allows monkeying with the _browser_'s proxy without having to alter the system one as other browsers do) for archiving all content seen while surfing around a site. It even achieves the stated goal of preserving the HTML (etc) in a database since ZAP uses hsqldb
Then, section 5 reads like an advertisement for Scrapy since it is just stellar at following all pagination links and then either emitting the extracted payload as your own data structure and/or by telling Scrapy you want to download some media as-is. It will, by default, put the local content in a directory of your choice and hash the url to make the local filename. A separate json file serves as the "accounting" between the things it downloaded and their hashed on-disk filename
Scrapy is also able to glue 3 and 5 together because it has a pluggable (everything, heh) dupe detection hook and also HTTP cache support that can be backed by anything, including the aforementioned hsqldb operating in network mode. Scrapy is also very test friendly, since each method accepts a well known python object and emits either a follow-on request, zero or more extracted objects, or nothing if pagination has ended
I can appreciate there may be other scraping frameworks, but of the ones I've tried Scrapy makes everything that I've asked it to do simple and transparent
-
Boss hired a new advisor, and his first demand is "RESTful APIs should not response HTTP status code".
My suggestion would be to follow the OWASP guides or present them to management since they are an industry standard. Furthermore in preparation for pentesting you can instruct your QAs to run through the ASVS controls and run OWASP ZAP to mitigate existing issues. Security and best-practice checks could also be enforced on pull request reviews (there's a ton of software like snyk or blackduck which can be automated per branch/pr etc)
-
Get or extract download URL from a client?
OWASP ZAP is a good alternative https://www.zaproxy.org/
-
What small changes did you implement for your users that really helped them out in their day to day work?
webapp security auditing,
-
Writing a TLS capable http proxy in Rust using actix-web
I'm trying to write an HTTP interception proxy similar to what's found in Burp Suite or Zap that allows users to intercept HTTP requests sent by their browser. I have found an example using actix-web which can handle non-TLS requests and I'm trying to modify it to support TLS.
-
A note from our sponsor - Sonar
www.sonarsource.com | 24 Mar 2023
Stats
zaproxy/zaproxy is an open source project licensed under Apache License 2.0 which is an OSI approved license.