From 3c8e904e02e04a5b886bad12306bfb4acf247dfa Mon Sep 17 00:00:00 2001 From: Evan <8990377+Riprock@users.noreply.github.com> Date: Tue, 22 Feb 2022 20:15:54 -0500 Subject: [PATCH 1/6] Added some Awesome Lists Other Security and Sysadmin Lists that I felt should be added --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index e0e1a3f..ae6fd55 100644 --- a/README.md +++ b/README.md @@ -447,6 +447,8 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Awesome Security Talks & Videos](https://github.com/PaulSec/awesome-sec-talks) - A curated list of awesome security talks, organized by year and then conference. - [Awesome Bluetooth Security](https://github.com/engn33r/awesome-bluetooth-security) - A curated list of Bluetooth security resources. - [Awesome WebSocket Security](https://github.com/PalindromeLabs/awesome-websocket-security) - A curated list of WebSocket security resources. +- [Awesome SOAR](https://github.com/correlatedsecurity/Awesome-SOAR) - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list. +- [Awesome Security Hardening](https://github.com/decalage2/awesome-security-hardening) - A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources. ### Other Common Awesome Lists @@ -455,6 +457,9 @@ Other amazingly awesome lists: - [awesome-awesomeness](https://github.com/bayandin/awesome-awesomeness) - awesome-* or *-awesome lists. - [lists](https://github.com/jnv/lists) - The definitive list of (awesome) lists curated on GitHub. - [Movies For Hacker](https://github.com/k4m4/movies-for-hackers) - A curated list of movies every hacker & cyberpunk must watch. +- [Awesome Self-Hosted](https://github.com/awesome-selfhosted/awesome-selfhosted) +- [Awesome Analytics](https://github.com/0xnr/awesome-analytics) +- [Awesome Sysadmin](https://github.com/awesome-foss/awesome-sysadmin) ## [Contributing](contributing.md) From 3ed15655393609d71b9906e6c74f74451f270f70 Mon Sep 17 00:00:00 2001 From: Marcin Kozlowski Date: Sat, 5 Mar 2022 13:33:48 +0100 Subject: [PATCH 2/6] Added Scanmycode CE (Community Edition) - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f3dafb2..d6ebee0 100644 --- a/README.md +++ b/README.md @@ -303,6 +303,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI. - [is-website-vulnerable](https://github.com/lirantal/is-website-vulnerable) - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries. - [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features. +- [Scanmycode CE (Community Edition)](https://github.com/marcinguy/scanmycode-ce) - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks) - [Keyscope](https://github.com/SpectralOps/keyscope) - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust ### Runtime Application Self-Protection From d96449cd5cd5478ec612cb71b3f18bb2128bfcc5 Mon Sep 17 00:00:00 2001 From: Diego Parrilla Date: Mon, 7 Mar 2022 16:26:53 +0100 Subject: [PATCH 3/6] Add ThreatJammer.com to the Threat Intel list I hope this new service is valuable to the threat intel community and security professionals. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f3dafb2..6ba32b2 100644 --- a/README.md +++ b/README.md @@ -268,6 +268,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [CIFv2](https://github.com/csirtgadgets/massive-octo-spice) - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). - [MISP - Open Source Threat Intelligence Platform ](https://www.misp-project.org/) - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/). - [PhishStats](https://phishstats.info/) - Phishing Statistics with search for IP, domain and website title. +- [Threat Jammer](https://threatjammer.com) - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources. ## Social Engineering From db0332e4d4432653e33e7052a442a63e9b874f02 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 30 Mar 2022 21:48:51 +0200 Subject: [PATCH 4/6] Update list: add OWASP WrongSecrets --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f3dafb2..324b7db 100644 --- a/README.md +++ b/README.md @@ -194,6 +194,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://hub.docker.com/r/bkimminich/juice-shop) +- `docker pull jeroenwillemsen/wrongsecrets`- [OWASP WrongSecrets](https://hub.docker.com/r/jeroenwillemsen/wrongsecrets) ## Endpoint From fd75e9fcc4736164c3192573026128a395fe485f Mon Sep 17 00:00:00 2001 From: snorlax19 <74537035+snorlax19@users.noreply.github.com> Date: Thu, 19 May 2022 08:22:20 +0200 Subject: [PATCH 5/6] Update README: Added OWASP ASVS --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f3dafb2..07b69f5 100644 --- a/README.md +++ b/README.md @@ -324,6 +324,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Insider CLI](https://github.com/insidersec/insider) - A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js). - [Full Stack Python Security](https://www.manning.com/books/full-stack-python-security) - A comprehensive look at cybersecurity for Python developers - [Making Sense of Cyber Security](https://www.manning.com/books/making-sense-of-cyber-security) - A jargon-free, practical guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy. (early access, published continuously, final release early 2022) +- [Security checklist by OWASP](https://owasp.org/www-project-application-security-verification-standard/) - A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration. ## Exploits & Payloads From 964f8a42aba8be09dac5b2b11f3b132a1f2c9330 Mon Sep 17 00:00:00 2001 From: snorlax19 <74537035+snorlax19@users.noreply.github.com> Date: Thu, 19 May 2022 08:26:32 +0200 Subject: [PATCH 6/6] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 07b69f5..90a0cb1 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Insider CLI](https://github.com/insidersec/insider) - A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js). - [Full Stack Python Security](https://www.manning.com/books/full-stack-python-security) - A comprehensive look at cybersecurity for Python developers - [Making Sense of Cyber Security](https://www.manning.com/books/making-sense-of-cyber-security) - A jargon-free, practical guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy. (early access, published continuously, final release early 2022) -- [Security checklist by OWASP](https://owasp.org/www-project-application-security-verification-standard/) - A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration. +- [Security Checklist by OWASP](https://owasp.org/www-project-application-security-verification-standard/) - A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration. ## Exploits & Payloads