From a5ac21112697831f01520243c21e8538b9c8c1f1 Mon Sep 17 00:00:00 2001 From: "Julien Vehent [:ulfr]" Date: Sun, 18 Sep 2016 10:56:57 -0400 Subject: [PATCH 1/4] Add various security projets & books --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 114456c..7680dfd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Threat Intelligence](#threat-intelligence) - [Web](#web) - [Big Data](#big-data) + - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) - [Other Security Awesome Lists](#other-security-awesome-lists) - [Other Common Awesome Lists](#other-common-awesome-lists) @@ -170,6 +171,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Forensics - [grr](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics. +- [mig](http://mig.mozilla.org/) - MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. ## Threat Intelligence @@ -218,10 +220,15 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [OpenSOC](https://github.com/OpenSOC/opensoc) - OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. - [binarypig](https://github.com/endgameinc/binarypig) - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch. +## DevOps + +- [Securing DevOps](https://manning.com/books/securing-devops?a_aid=securingdevops&a_bid=1353bcd8) - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure. + ## Datastores - [Vault](https://www.vaultproject.io/) - An encrypted datastore secure enough to hold environment and application secrets. - [Safe](https://github.com/starkandwayne/safe) - A Vault CLI that makes reading from and writing to the Vault easier to do. +- [Sops](https://github.com/mozilla/sops - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP. ## Other Awesome Lists From 9485553108908eb55547900ddd60b5b7ce592f24 Mon Sep 17 00:00:00 2001 From: filinpavel Date: Mon, 14 Nov 2016 14:07:58 +0700 Subject: [PATCH 2/4] added scapy and changed docker link added scapy to Network \ Scaning/Pentesting section and changed docker-metasploit link cause https://hub.docker.com/r/pandrew/metasploit/ shows 404 page --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d643c9d..b31ff81 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Metasploit Framework](https://github.com/rapid7/metasploit-framework) - A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. - [Kali](https://www.kali.org/) - Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). - [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool. +- [scapy](https://github.com/secdev/scapy) - Scapy: the python-based interactive packet manipulation program & library. - [Pompem](https://github.com/rfunix/Pompem) - Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security... - [Nmap](https://nmap.org) - Nmap is a free and open source utility for network discovery and security auditing. @@ -136,7 +137,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) - `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) -- `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.com/r/pandrew/metasploit/) +- `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) - `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) From dff4b176d486e5de7c0ea213ae5c505e4d937b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20K=C3=BChnel?= Date: Mon, 21 Nov 2016 12:40:34 +0100 Subject: [PATCH 3/4] Fix link to docker section from TOC --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 88f1201..febeccd 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Fast Packet Processing](#fast-packet-processing) - [Firewall](#firewall) - [Anti-Spam](#anti-spam) - - [Docker](#docker) + - [Docker](#docker-images-for-penetration-testing--security) - [Endpoint](#endpoint) - [Anti-Virus / Anti-Malware](#anti-virus--anti-malware) - [Threat Intelligence](#threat-intelligence) From caf27c9111f19574879736fe8021b2321511c777 Mon Sep 17 00:00:00 2001 From: Paul Date: Thu, 24 Nov 2016 16:03:50 +0100 Subject: [PATCH 4/4] Updated structure & Added Rasp category --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 88f1201..028dfe1 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,16 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Docker](#docker) - [Endpoint](#endpoint) - [Anti-Virus / Anti-Malware](#anti-virus--anti-malware) + - [Configuration Management](#configuration-management) + - [Authentication](#authentication) + - [Mobile / Android / iOS](#mobile--android--ios) + - [Forensics](#forensics) - [Threat Intelligence](#threat-intelligence) - [Web](#web) + - [Organization](#organization) + - [Web Application Firewall](#web-application-firewall) + - [Scanning / Pentesting](#scanning--pentesting-1) + - [Runtime Application Self-Protection](#runtime-application-self-protection) - [Big Data](#big-data) - [DevOps](#devops) - [Other Awesome Lists](#other-awesome-lists) @@ -165,7 +173,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [google-authenticator](https://github.com/google/google-authenticator) - The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. [Tutorials: How to set up two-factor authentication for SSH login on Linux](http://xmodulo.com/two-factor-authentication-ssh-login-linux.html) -### Mobile / Android /iOS +### Mobile / Android / iOS - [android-security-awesome](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps. - [SecMobi Wiki](http://wiki.secmobi.com/) - A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. * @@ -214,6 +222,10 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework. - [PTF](https://github.com/trustedsec/ptf) - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools. +### Runtime Application Self-Protection + +- [Sqreen](https://www.sqreen.io/) - Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection. + ## Big Data - [data_hacking](https://github.com/ClickSecurity/data_hacking) - Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data.