Cybersecurity Tools and Engineering

Cloud Security

• ASD Blueprint for Secure Cloud - Australian Signals Directorate Blueprint for Secure Cloud to support the design, configuration and deployment of secure and hybrid workspaces - focus on Microsoft 365 - https://github.com/ASD-Blueprint/ASD-Blueprint-for-Secure-Cloud
• Can I take over XYZ? - a list of services and how to claim (sub)domains with dangling DNS records - https://github.com/EdOverflow/can-i-take-over-xyz
• Cloud-active-defense - a reverse-proxy available as a Docker container that can be deployed in-front of your web-application that adds a layer of active defense that then provide threat indicators and signals to you - https://github.com/SAP/cloud-active-defense
• CloudCatalog - defending AWS infrastructure requires identifying and documenting the resources in use, CloudCatalog provides a decent tool to do just that - https://github.com/boyney123/cloudcatalog
• CloudSploit - an open-source project designed to allow detection of security risks in cloud infrastructure accounts - https://github.com/aquasecurity/cloudsploit
• Prowler - Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness - https://github.com/prowler-cloud/prowler
• ScubaGear - Automation to assess the state of your M365 tenant against CISA's baselines; ScubaGear is an effective way to discover weak-spots in your MS365 configurations https://github.com/cisagov/ScubaGear
• ScubaGoggles - Security Configuration Baselines and assessment tool for Google Workspace (it’s in alphabut worth watching) - https://github.com/cisagov/ScubaGoggles

Development / DevSecOps

• Bearer - Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks - https://github.com/Bearer/bearer
• Infisical - an open-source secret management platform for DevOps teams, Sync secrets across your team/infrastructure and prevent secret leaks https://github.com/Infisical/infisical
• Poutine - a security scanner to detect misconfigurations and vulnerabilities in the CI/CD pipelines of a repository, supporting GitHub Actions and Gitlab CI/CD - https://github.com/boostsecurityio/poutine
• pre-commit - An awesome framework for managing and maintaining multi-language pre-commit hooks, automate your application security controls - https://github.com/pre-commit/pre-commit
• Pyimps - Quickly see python imports in terminal in a tree view - while Pyimps is not directly a cybersecurity tool it provides Python project observability that enables better code-supply-chain outcomes - https://github.com/bedbad/pyimps
• Safety CLI - Python dependency vulnerability scanner to detect packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems - https://pypi.org/project/safety/
• cak/secure - a lightweight package that adds optional security headers for Python web frameworks like FastAPI and others. - https://github.com/cak/secure
• Trufflehog - Scan your source code repositories for secrets that should not be in your source code in the first place. Use as a Github Action (or other repo trigger) to automatically alert you when accidents with secrets happen - github.com/trufflesecurity/trufflehog

Large Language Model (LLM) Related

• AI Exploits - A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities, the team at Protect AI have done a good job here in building a collection of exploits to help cybersecurity practitioners to understand and prevent them - https://github.com/protectai/ai-exploits
• garak - an "nmap" for AI/LLM; checks if an LLM can be made to fail in a way we don't typically want. Probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses - https://github.com/leondz/garak
• PentestGPT - Penetration testing with ChatGPT assistance, not quite prime time ready but tools like this are showing up quickly - https://github.com/GreyDGL/PentestGPT
• Substrate - a powerful open-source framework using LLM technologies for reverse engineering human understanding and meaning; Substrate is another project from Daniel Miessler and the application of his new project Substrate provides a powerful tool to deal with mis-information, dis-information, fraud and narrative bending operations - https://github.com/human-substrate/Substrate

Logging and Observability

• Hoop - an access gateway for databases and servers so you can keep control of what your technical and engineering staff do with your databases; enables features that databases do not usually have such as SSO auth, session recording, just in time access grants - https://github.com/hoophq/hoop
• Kunai - Kunai is a threat-hunting and observability tool for Linux, you can think of it as a kind-of Windows-Sysmon equivalent for Linux - https://github.com/kunai-project/kunai
• Logging Made Easy (LME) - CISA recently took over stewardship of the Logging Made Easy project that can be very helpful for organizations that do not have the kind of budget needed for a full-fledged SIEM - https://github.com/cisagov/LME
• SELKS - a free and open source Debian-based IDS/IPS/Network Security Monitoring platform - https://github.com/StamusNetworks/SELKS
• Sigma - if you understand what an intrusion detection system (IDS) does then you’ll appreciate Sigma that enables threat-signatures based on logging data - https://github.com/SigmaHQ/sigma
• Wazah - Open source XDR and SIEM protection for endpoints and cloud workloads - https://github.com/wazuh/wazuh

Ransomware Response

• No More Ransom - Decryption Tools - decryption tools for certain ransomware that have been reverse engineered or had their keys leaked in a way that make it possible to decrypt files with some limited ransomware variants - https://www.nomoreransom.org/en/decryption-tools.html
• Kaspersky - Decryption Tools - a collection of ransomware decryptors developed by Kaspersky -https://noransom.kaspersky.com/
• Emsisoft - Decryption Tools - a large collection of ransomware decryption tools. This collection largely overlaps with the tools listed by No More Ransom - https://www.emsisoft.com/en/ransomware-decryption/
• Heimdal Security - Decryption Tools - another large collection of ransomware decryption tools that also has substantial overlap with tools listed by No More Ransom - https://heimdalsecurity.com/blog/ransomware-decryption-tools/

Threat Response and Threat Management

• Admyral - open-source Cybersecurity Automation and Investigation Assistant; provides a case management and workflow automation, currently (July 2024) beta, commercial paid versions coming - https://github.com/Admyral-Security/admyral
• AWS Kill Switch - an AWS lambda function that makes it easy for security teams to quickly lock an AWS account or service when dealing with security incidents - https://github.com/secengjeff/awskillswitch
• blocklistproject/Lists - a maintained list of DNS records associated with web-applications and threats; Useful for use in firewalls and routers to prevent access to certain web-applications and common threat sources - https://github.com/blocklistproject/Lists
• Eric Zimmerman’s Tools - an awesome collection of mostly Windows tools for digital forensic tasks that are also super useful in CTF events - https://ericzimmerman.github.io/
• IR-Cheatsheets - an awesome collection of Incident Response cheat-sheets from BlackPerl - https://github.com/BlackPerl-DFIR/IR-Cheatsheets
• Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening - https://github.com/CISOfy/lynis
• Microsoft-Extractor-Suite - acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes - https://github.com/invictus-ir/Microsoft-Extractor-Suite
• MISP - Open Source Threat Intelligence and Sharing Platform - https://github.com/MISP/MISP
• MSSecurityVulnerabilities - Getting straightforward information from Microsoft on vulnerabilities can be arduous, this PowerShell module makes it easier to retrieve Microsoft security vulnerability information https://github.com/eizedev/MSSecurityVulnerabilities
• Threat Intel Feeds - an awesome collection of freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple IPs, URLs, CVEs and Hashes - https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds
• Telegram Explorer - Telegram Explorer tool created to help researchers, investigators and law enforcement agents to collect and process the huge amount of data generated from criminal, fraud, security and others Telegram groups - https://github.com/guibacellar/TEx
• Telerecon - A reconnaissance framework for researching and investigating threat actors on Telegram - https://github.com/sockysec/Telerecon
• Wordlists - a well maintained wordlist useful in the assessment of web-resources and APIs that can help discover endpoints that are otherwise not known - https://github.com/assetnote/wordlists

Vulnerability and Discovery

• argument-injection-vectors - A curated list of argument injection vectors for use in your red-team and app-sec review activities - https://github.com/SonarSource/argument-injection-vectors
• Burp Extension/argumentinjectionhammer - A Burp Extension designed to identify argument injection vulnerabilities - https://github.com/nccgroup/argumentinjectionhammer
• Caido - new kid on the block for web application security testing that will give Burp Suite a run for the money - https://github.com/caido/caido
• Fresh Resolvers - if you are working on sub-domain takeover reviews for your organization you may need up-to-date lists of reliable DNS servers - https://github.com/threatpatrols/fresh-resolvers
• iShutdown - provides a straightforward set of Python scripts that can help determine if an Apple device has been impacted by Pegasus from Israeli cyber-arms company NSO Group - https://github.com/KasperskyLab/iShutdown
• nmap-bootstrap-xsl - Render nmap XML report data as beautiful reports for humans - https://github.com/honze-net/nmap-bootstrap-xsl
• nmap-did-what - docker container and a Python script to parse Nmap XML output into an SQLite database that is then used as a Grafana datasource to view Nmap scan details in a dashboard - https://github.com/hackertarget/nmap-did-what/
• Nuclei - Fast and customizable vulnerability scanner based on simple YAML based domain-specific-language (DSL) - https://github.com/projectdiscovery/nuclei
• Nuclei Templates Collection - the largest collection of Nuclei templates we’ve seen yet, includes a handy de-duplication tool too - https://github.com/emadshanab/Nuclei-Templates-Collection
• Nuclei Templates/Ostorlab - Awesome collection of Nuclei templates to detect most remotely known exploitable vulnerabilities. Sourced from CISA, KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs https://github.com/Ostorlab/KEV
• OFFAT - automatically test APIs for common vulnerabilities after generating tests from openapi specification file - provides features to automatically fuzz inputs specified via YAML config file - https://github.com/OWASP/OFFAT
• Pentest-cheat-sheets - An excellent collection of cheat sheets and check lists for cyber security pentesting - https://github.com/ByteSnipers/awesome-pentest-cheat-sheets
• Pivot-Atlas - awesome pivoting handbook for cyber threat analysts, that contains reference material for how to make use of threat activity observables, such as IP addresses and file hashes - https://github.com/korniko98/pivot-atlas
• Shodan - Well known and valuable threat research resource, sign up for a free account for extended search features - https://www.shodan.io
• Shodan Dorks - a lovely list of search operators and hints for creating advanced Shodan queries - https://github.com/lothos612/shodan
• ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - https://github.com/jtesta/ssh-audit
• SSHamble - a tool for testing and checking SSH implementations for implementation and configuration problems - https://github.com/runZeroInc/sshamble
• SQLMap - if you don’t know about sqlmap yet then it’s time to get busy and test your systems, applications and endpoints for well known SQL injection issues - https://github.com/sqlmapproject/sqlmap
• Terrapin Scanner - a small utility program that can be used to determine the vulnerability of an SSH client or server against the Terrapin SSH Attack - https://github.com/RUB-NDS/Terrapin-Scanner
• Web-check - Lissy93 is awesome! Her web-check tool with fall source available provides comprehensive, on-demand open source intelligence for any website - https://github.com/Lissy93/web-check

Platforms and Systems

• Authentik - an open-source Identity Provider (IdP) that can integrated into existing environments to support new protocols, and is an awesome solution for implementing sign-up, recovery, into your application - https://github.com/goauthentik/authentik
• Kali Linux - you really should already know about Kali. The cool kids use Kali Linux for good reason, it’s an open-sourced OS with a wide range of security tools already installed and ready to use. The final release for 2023 just dropped, get it while it’s hot - https://www.kali.org/get-kali

Information and Further Learning

• Aws-customer-playbook-framework - a must read/know for AWS customers from AWS itself. Provides excellent sample security playbook templates to handle various Amazon Web Services scenarios - https://github.com/aws-samples/aws-customer-playbook-framework
• CVSS v4 - The CVSS scoring system has had a major revision recently, stay up-to-date - https://www.first.org/cvss/v4.0/faq
• DevSecOps-Playbook - this resource is gold for any organization that understands they need to automate their cybersecurity - https://github.com/6mile/DevSecOps-Playbook
• ISO 27001 Toolkit - How to get started with the ISO 27001, advice and guidance for your own implementation - https://iseoblue.com/27001-getting-started
• Top 10 CI/CD Security Risks - Adversaries of all levels of sophistication are shifting their attention to CI/CD, realizing CI/CD services provide an efficient path to reaching an organization’s crown jewels - https://github.com/cider-security-research/top-10-cicd-security-risks
• sectemplates - a Github repo to watch as it develops, providing Cybersecurity templates describing workflows for various cybersecurity activities - https://github.com/securitytemplates/sectemplates
• United States NSA Guidelines on zero-trust designs - an excellent document from the NSA that describing design considerations for deploying zero-trust - defense.gov

Cybersecurity Awesome lists

• https://github.com/sbilly/awesome-security
• https://github.com/Johnson90512/Awesome-Security-Resources
• https://github.com/okhosting/awesome-cyber-security (different to fabionoth)
• https://github.com/fabionoth/awesome-cyber-security (different to okhosting)