misconfigurations

👀 A Kubernetes cluster resource sanitizer

Vulnerability scanning just got lazier

Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

Modified Nuclei Templates Version to FUZZ Host Header

TProx is a fast reverse proxy path traversal detector and directory bruteforcer.

AWS IAM Security Toolkit: CIS Benchmarks | Enumeration | Privilege Escalation

DroidSniper - Misconfigured Android Debug Bridge Scanner

A benchmark to compare (compliance) scanners for Kubernetes workloads (i.e. Misconfigurations of workloads and NOT infrastructure security) The tool generates a suite of manifests using cdk8s, where every manifest is considered a single check in the benchmark. The design idea is to have a hardened configurations as the base and then for each check one single misconfiguration is introduced. Scanners are supposed to detect this misconfiguration.

Misconfig Mapper Docs is a project by Intigriti for the community to help you identify, exploit and resolve common security misconfigurations in third-party services used by your company and/or bug bounty targets!

WatchThisFirewall is a firewall analyzer tool designed to connect to firewalls and perform a comprehensive analysis of their configurations. It checks for misconfigurations, ensures compliance, and optimizes rules. At the moment only Cisco ASA is supported.

ShareForce, The Web Directory Brute-Forcer is a Python security tool for authorized testing. It probes Microsoft SharePoint servers, identifying vulnerabilities by systematically accessing common directories. Use responsibly to reveal misconfigurations, weak credentials, and sensitive data exposure, helping secure SharePoint installations.

Security misconfiguration detector for GitHub workflow files