WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution… Continue reading WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

Quicmap: Fast, open-source QUIC protocol scanner

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC… Continue reading Quicmap: Fast, open-source QUIC protocol scanner

RiskInDroid: Open-source risk analysis of Android apps

RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level o… Continue reading RiskInDroid: Open-source risk analysis of Android apps

TruffleHog: Open-source solution for scanning secrets

TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning G… Continue reading TruffleHog: Open-source solution for scanning secrets

Custom rules in security tools can be a game changer for vulnerability detection

In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach, utilizing custom … Continue reading Custom rules in security tools can be a game changer for vulnerability detection

Nemesis: Open-source offensive data enrichment and analytic pipeline

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ Nemesis was created by Lee Chagolla-Chris… Continue reading Nemesis: Open-source offensive data enrichment and analytic pipeline

Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support

With its innovative feature for generating reliable Vulnerability Exploitability eXchange (VEX) documents, Kubescape became the first open-source project to provide this functionality. This advancement offers security practitioners a powerful tool to e… Continue reading Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support

Aqua Trivy open-source security scanner now finds Kubernetes security risks

The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure … Continue reading Aqua Trivy open-source security scanner now finds Kubernetes security risks