Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Security scanner for your Terraform code

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Kubernetes-native security toolkit

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

⛅️🔐 Security Requirements for Yandex.Cloud configuration: IAM, network access, key management, Kubernetes, audit logs.

Plugin for YATAS that audits AWS accounts for misconfiguration and security issues

A tool to find .git folder exposed due to server misconfiguration.

Fast CORS Misconfiguration Scanner

Env Breaker adalah Pemindaian dan deteksi file .env pada situs-situs target. Skrip ini membantu mengidentifikasi kemungkinan kebocoran informasi sensitif yang terkait dengan file .env

Plugin for YATAS that audits GCP projects for misconfiguration and security issues

This script automate exploit only cloud service

⚛️ nucleo is a script that checks common vulnerabilities and security misconfigurations, strongly inspired by nuclei.

NetGun is a free and open source tool for port scanning, services enumeration, misconfigurations testing and CVE research. This is only for testing, official repository: https://github.com/MyCr4ck/NetGun_Classe03

Global Misconfig Finder (web)

A tool to diagnose software configuration errors by analyzing stack trace.

Azure services configuration analyzer