GitHub - betterleaks/betterleaks: A Better Secrets Scanner built for configurability and speed
Betterleaks is a tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and whatever else you wanna throw at it via stdin. If you wanna learn more about how the detection engine works check out this blog: Regex is (almost) all you need. Betterleaks development is supported by Aikido Security ➜ ~/code(master) betterleaks git -v ○ ○ ◠○ Betterleaks v1.0.0 Finding: "expo
SSHambleã®èª¿æŸ» - ã‚ã‚‹ã‚‚ã‚Šã™ã¶ã‚ã
ã“ã®ãƒ–ãƒã‚°ã¯ã‚¢ãƒ«ãƒã‚¤ãƒˆã®seigo2016ãŒæ›¸ã„ã¦ã„ã¾ã™ã€‚ ã‚ã‚‹ã‚‚ã‚Šã™ã¶ã‚ãã®å†…容ã¯å€‹äººã®æ„見ã§ã™ã€‚ 検証ã«ã¯è‡ªèº«ã§ç®¡ç†ã™ã‚‹ç’°å¢ƒã‚’使用ã—ã€è‡ªå·±è²¬ä»»ã§ãŠé¡˜ã„ã—ã¾ã™ã€‚ã¾ãŸã€ã“ã®æƒ…å ±ã‚’æ‚ªç”¨ã™ã‚‹ã“ã¨ã¯çµ¶å¯¾ã«è¡Œã‚ãªã„ã§ãã ã•ã„。 1. ã¯ã˜ã‚㫠今回ã¯ã€runZeroãŒå…¬é–‹ã—㟠SSH ã‚»ã‚ュリティ検査ツールSSHambleã«ã¤ã„ã¦æ¤œè¨¼ã‚’è¡Œã„ã¾ã—ãŸã€‚ 2. ãƒ„ãƒ¼ãƒ«æ¦‚è¦ runZeroãŒå…¬é–‹ã—ã¦ã„ã‚‹ã€SSHã®èªè¨¼ã¾ã‚ã‚Šã®äºˆæœŸã›ã¬çŠ¶æ…‹é·ç§»ã‚„èªè¨¼å¾Œæ”»æ’ƒã€èªè¨¼ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã®è§£æžã€ãƒã‚¹ãƒˆã‚»ãƒƒã‚·ãƒ§ãƒ³åˆ—挙ãªã©ã‚’調査ã™ã‚‹ãŸã‚ã®ãƒ„ールã§ã€Goã§å®Ÿè£…ã•ã‚Œã¦ã„ã¾ã™ã€‚ SSHã®è¨å®šä¸å‚™ã‚„脆弱性ã«é–¢ã™ã‚‹ã‚¹ã‚ャン・分æžãƒ»å¯¾è©±åž‹ã‚·ã‚§ãƒ«ãƒ„ールãªã©ãŒå‚™ã‚ã£ã¦ãŠã‚Šã€çŠ¶æ…‹é·ç§»ã‚„èªè¨¼ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã«ã¤ã„ã¦ã‚‚検証ã§ãã‚‹ã“ã¨ãŒå¤§ããªç‰¹å¾´ã§ã™ã€‚ GitHubリãƒã‚¸ãƒˆãƒª: https://github.com/runZeroInc/sshamble 3
Plugins
PluginsAs information about new vulnerabilities is discovered and released into the general public domain, Tenable Research designs programs to detect them. These programs are named plugins and are written in the Nessus Attack Scripting Language (NASL). The plugins contain vulnerability information, a simplified set of remediation actions and the algorithm to test for the presence of the security
The Shadowserver Foundation
The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. Our Story We collect vast amounts of threat data, send tens of thousands of free daily remediation reports, and cultivate strong reciprocal relationships with network providers, national governments and law enforcement. We bring malicious activiti
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - SirCryptic/cwv-scanner: This is a simple web application vulnerability scanner that checks if a given URL or IP address is vulnerable to 36 common web application security vulnerabilities. The tool is designed to help website owners and security
RustScan Cheat Sheet
Zmap Cheat Sheet
GitHub - osamahamad/Interesting-Things: Single-WebApp-Target essentials testing methodology tool starting at recon-information gathering for the juicy stuff ended up in exploitation.
GitHub - reewardius/Nuclei-AI-Prompts: Nuclei-AI-Prompts
GitHub - aicoa/hound: 基于golang的渗é€æµ‹è¯•æ¦å™¨ï¼Œå°†web打点部分与常规的æ¼æ‰«éƒ¨åˆ†è¿›è¡Œæ•´åˆä¸Žæ”¹è¿›
GitHub - rix4uni/subhijack: A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predefined service fingerprints.
Enumerating IPSEC IKE/ISAKMP Ports (500, 4500, etc.)
Reconnaissance 101: Active & Passive Reconnaissance — ProjectDiscovery Blog
GitHub - runZeroInc/sshamble: SSHamble: Unexpected Exposures in SSH
Censys, Ten Years Later: Evaluating Censys’ Performance - Censys
MasterThesis/results/product at main · haraldaarz/MasterThesis
GitHub - dragonked2/Egyscan: Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensab
report_schema/severity.md at main · The-Shadowserver-Foundation/report_schema)
site:www.shadowserver.org inurl:/what-we-do/network-reporting/ "DESCRIPTION LAST UPDATED:" "DEFAULT SEVERITY LEVEL:" and (critical: or high:) | Google Search
https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg
{{#tags}}- {{label}}
{{/tags}}