Open Sources Tool - Stringlifier & Tripod

 Stringlifier:

                             a python based tool/module help to analyzing security and application logs, or when attempting to discover credentials that might have been accidentally exposed. 

Typical usage scenarios include:

• Sanitizing application or security logs
• Detecting accidentally exposed credentials (complex passwords or api keys)

It detects code/text that resembles a randomly generated string in any plain text. It uses machine learning to distinguish between normal and random character sequences. It can also be adapted for more fine-grained classifications (password, API key, hash, etc.). 

“1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, random generated passwords, API keys, or many other types of strings. You can usually spot them in logs, command lines, configuration files, and source code. Whether you are analyzing security and application logs or you are hunting for accidentally exposed credentials, they can, unfortunately, make your life a lot harder. This is because building a search pattern for something random is a particularly hard task.

Download Link : 

https://github.com/adobe/stringlifier

Tripod:

 is a tool/ML model for computing latent representations for large sequences. It has been used on source code and text and it has applications such as:

• Malicious code detection
• Sentiment analysis
• Information/code indexing and retrieval
• Anomaly Detection/ Unsupervised Learning

Download Link : https://github.com/adobe/tripod

Open Source Microservices Tool - Istio

Istio 

        is an open platform that provides a uniform way to connect, manage, and secure microservices.

Istio provides the underlying secure communication channel, and manages authentication, authorization, and encryption of service communication at scale. With Istio, service communications are secured by default, letting you enforce policies consistently across diverse protocols and runtimes – all with little or no application changes.

Istio lets you connect, secure, control, and observe services.

While Istio is platform independent, using it with Kubernetes (or infrastructure) network policies, the benefits are even greater, including the ability to secure pod-to-pod or service-to-service communication at the network and application layers.

Ref Link : 

https://opensource.google/projects/istio

Download Link :

https://istio.io/docs/setup/getting-started/#download

SIEMonster V4 - Free | Open Source Security Incident and Event Management (SIEM)

SIEMonster Security Information and Event Management (SIEM):

                                                                                              built on customizable, components. Included is UEBA, Bro, Suricata, The Hive, Cortex, Apache Ni-Fi, Kafka, MISP and Wazuh.

SIEMonster provides Community Edition is a single appliance or Virtual machine, for companies from 1-100 endpoints. It is completely free to use.

 SIEMonster is a collection of the best open source security tools and our own development as professional hackers to provide a SIEM for everyone. We showcase the latest and greatest tools for security professionals and our Community Edition v.4 Fully Loaded has it all. Designed for smaller organizations, charities, classrooms or even those who just want to check out our Fully Loaded SIEM. This edition is completely free, for the community and to be supported by the community.

Community Edition gives you the ability to monitor all network assets in an affordable scalable solution. This single server solution makes it easier for organizations who only have 1-100 endpoints. To access the Community Edition you will need to sign up to the Community Portal, which is available via the download button on our website. There you will also find all the resources you will need to help install and learn about SIEMonster. We have created an admin guide and videos for you. You are also encouraged to interact with other Community Edition users for support or just share how you are using the SIEM and even help out another user, after all that’s what Community is all about.

SIEMonster’s slogan is SIEM for everyone and this is why our prices are so affordable. Whether you are a small, medium or large enterprise we have the right product and licensing for you.

Pre Requisites :

You will need a minimum of 32GB RAM and 8 VCPU’s of power.

Note: Community edition will monitor up to 100 endpoints at 5,000 EPS as it’s designed to give you a taste and allow you to play with the product for as long as you like.

When you’re ready to get serious, let us know, and we’ll help you with our other editions.

Reference : Docs | Videos

https://siemonster.knowledgeowl.com/help

Download Link:

https://go.siemonster.com/Community-Edition

Free Risk Assessment Tool - Titania

Risk Assessment Tool:

                                 is a quick to implement, easy to use tool that helps you lock down your workstations and servers against attack. Discover new vulnerabilities (that others might find) & harden your network today.

Cyber Essentials, the inspiration for our Risk Assessment Tool, is a Government-backed and industry supported scheme to guide businesses in protecting themselves from cyber threats. It is derived from years of research on business breaches - which resulted in practical, easy to implement actions removing up to 80% of your cyber risk.

The five controls, designed to maximise protection of your business are: 

•     Boundary Firewalls and Internet Gateways
•     Secure Configuration
•     Access Control
•     Malware Protection
•     Patch Management

Despite its relative simplicity, basic knowledge of information security is required to understand and complete the Cyber Essentials self-assessment questionnaire (both in language and practice). This knowledge is something many businesses either don’t have or is it costly to hire (IT experts are often busy, costly or both!).

Titania’s automated audits help at every step, our free Risk Assessment Tool is simple enough for SME’s and our enterprise tools (Paws and Nipper Studio) will accelerate compliance, cut costs and free up your experts for the many projects on their “to do” list...

Lancaster University study of Cyber Essentials found:

“This, more than anything else should be understood by SMEs, taking no action to combat cyber threats simply isn’t an option. With Cyber Essentials tools, more than 99% of the vulnerabilities in SMEs interviewed were mitigated.”

Download Link : https://www.titania.com/downloads/riskassessmenttool-1.3.291-win64.exe

Ref / Key Link : https://www.titania.com/customers/bonus-tools/risk-assessment-tool

Best / Open Source Wordpress Vulnerability Scanner

WPScan :

                 is a black box WordPress vulnerability scanner.

WPScan comes pre-installed on the following Linux distributions:

• BackBox Linux
• Kali Linux
• Pentoo
• SamuraiWTF
• ArchAssault

Prerequisites:

• Ruby >= 1.9.2 - Recommended: 2.2.1
• Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
• RubyGems - Recommended: latest
• Git

 Download Link : https://github.com/wpscanteam/wpscan

Flunym0us :

                   is a Vulnerability Scanner for Wordpress and Moodle.

                 Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.


Flunym0us requires python.

Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

Download Link : https://code.google.com/p/flunym0us/downloads/list

 Timthumb :

                Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

            Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.

Download Link : https://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip

 Vane :

          is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan.

Prerequisites

• Windows not supported
• Ruby => 1.9
• RubyGems
• Git

Download Link : https://github.com/delvelabs/vane

WordPress Security Scan

                           Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

Online URL : http://hackertarget.com/wordpress-security-scan/

 

Best / Open Source Tools for Security / Network Monitoring

Nagios:

              is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes. 

              

             Nagios is a powerful, enterprise-class host, service, application, and network monitoring program. Designed to be fast, flexible, and rock-solid stable. Nagios runs on *NIX hosts and can monitor Windows, Linux/Unix/BSD, Netware, and network devices.

             Designed with scalability and flexibility in mind, Nagios gives you the peace of mind that comes from knowing your organization's business processes won't be affected by unknown outages.

             Nagios is a powerful tool that provides you with instant awareness of your organization's mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end-users and customers.

Download Link : http://sourceforge.net/projects/nagios/

or

http://www.nagios.org/download/

 

OpenSMART :

Open (Source|System) Monitoring and Reporting Tool, can do that for you.

OpenSMART is a rich featured monitoring and reporting tool, including:

• easy to use web frontend
• many predefined checks for application and system monitoring
• abiltiy to monitor HA cluster applications
• notification of administrators by email / SMS or anything else you can script
• collection and ad-hoc reporting of many system figures like disk space or CPU consumption
• many checks for application monitoring report their response time, too

OpenSMART saves its data (monitoring data and reporting data) in a database. This enables you to

• get your SLA reporting data from your database
• get your monthly/weekly/daily performance data from your database
• do trend analyses with your response times.

 Download Link : http://opensmart.sourceforge.net/index.php/downloads

 Icinga :

               is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations.

Features

• Monitor host and service status
• View the whole network and map dependencies
• Gather performance and utilization data
• Build in redundancy with distributed monitoring
• Customize multiple users access, notifications and views

Download Link : https://www.icinga.org/download/

or

http://sourceforge.net/projects/icinga/

 

 Cacti :

              is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

 

               Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and  populate them with data in a MySQL database. The frontend is completely PHP driven.

 

Download Link : http://www.cacti.net/download_cacti.php

or 

http://sourceforge.net/projects/cacti/

NeDi :

         is a lightwheight network management framework, which is based on a scheduled discovery, a SQL backend and a web based user interface.

         NeDi proofs to be a valuable tool for the security team as well. Keep track of wired and wireless clients throughout your entire network. You’ll be able to see IP changes and which hosts have more than one address. The upcoming host identification feature, expands NeDi’s awareness beyond the network layers and can locate vulnerable SSH servers for example…

Download Link : http://www.nedi.ch/download/

or

http://sourceforge.net/projects/nedi/?source=navbar

Observium :

                 is an autodiscovering PHP/MySQL based network monitoring system focused primarily on Cisco and Linux networks but includes support for a wide range of network hardware and operating systems.

                 Observium is an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network.

                 Observium Community is available free and open source. Observium Professional adds rapid patches, security fixes and additional features and hardware support for a small yearly license fee.

Download Link : http://observium.org/wiki/Download

or

http://sourceforge.net/projects/projectobserver/

ZABBIX :

                is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices and other IT resources. It supports distributed and WEB monitoring, auto-discovery, and more.

An enterprise-class distributed monitoring solution for networks & apps

Zabbix Features

•     Monitor Everything
•     Enterprise Ready
•     Proactive Monitoring
•     Capacity Planning
•     True Open Source
•     Business Solutions

Download Link : http://www.zabbix.com/download.php

or

http://sourceforge.net/projects/zabbix/

 

SpiderFoot 2.1.0 - Open Source Footprinting Tool

SpiderFoot:

                    simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable.

                    You will quickly obtain information such as: URLs handling passwords, network ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.

                       "Footprinting" is the process of understanding as much as possible about a given target in order to perform a more complete security penetration test. Particularly for large networks, this can be a daunting task.

                         The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself.

                        SpiderFoot is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire.

                         As a simple example, you could create a module that automatically attempts to brute-force usernames and passwords any time a password-handling webpage is identified by the spidering module.

 

SpiderFoot 2.1.0 is now available, a major update over 2.0.5 which was released back in September.

Major improvements are as follows:

- Identifies sites co-hosted on IPs of your target.
- Checks whether your target, affiliates or co-hosts have a bad reputation (PhishTank, Google
SafeBrowsing, McAfee SiteAdvisor, abuse.ch and many more.)
- Identifies the ISPs and BGP AS of your target.
- Smarter at identifying owned netblocks.
- UI enhancements, including some data visualizations.
- More comprehensive searches across other Internet TLDs.
- Identifies the use of non-standard HTTP headers.
- Bing searches.
- Many tweaks, improvements and bug fixes.

Website & Download: http://www.spiderfoot.net
GitHub: https://github.com/smicallef/spiderfoot/tree/2.1
 Source Forge : http://sourceforge.net/projects/spiderfoot/

Arachni v0.4.6-0.4.3 (Open Source Web Application Security Scanner Framework)

Arachni v0.4.6-0.4.3 has been released :

                     (Open Source Web Application Security Scanner Framework)

                      There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

Framework
----------
* Massively decreased RAM consumption.
* Amount of performed requests cut down by 1/3 -- and thus 1/3 decrease in scan times.
* Overhauled timing attack and boolean/differential analysis algorithms to fix
  SQLi false-positives with misbehaving webapps/servers.
* Vulnerability coverage optimizations with 100% scores on WAVSEP's tests for:
  * SQL injection
  * Local File Inclusion
  * Remote File Inclusion
  * Non-DOM XSS -- DOM XSS not supported until Arachni v0.5.

WebUI
-----
* Implemented Scan Scheduler with support for recurring scans.
* Redesigned Issue table during the Scan progress screen, to group
  and filter issues by type and severity. 

Issues table

The issues table has been massively redesigned to provide more context at a glance and help you prioritize and focus on the issues that interest you most.

While the scan is running and new issues appear, High and Medium severity type groups will, by default, be displayed as expanded, to show each logged issue, while Low and Informational severity ones will be displayed as collapsed. This way your attention will be drawn to where it’s most needed.
Of course, you can change the visibility settings to suit your preferences, using the controls on the left of the table, as well as reset them to their default configuration.

Scan scheduling

The major change for the web interface is the addition of the much awaited Scheduler, which combined with the existing incremental/revisioned scans provides quite a powerful feature. In essence, it allows you to schedule a scan to run at a later time and optionally configure it to be a recurring one.

                                            What’s interesting here is the recurring bit, each scan occurrence is not a separate entity but a revision of the previous scan, this way you’ll be able to track changes in your website’s security with ease. It also allows you to speed things up by providing you with the ability to feed the sitemaps of previous revisions to the next one (either to extend or restrict the scope), thus making the crawl process much faster (or skipping it altogether).

 For more details about the new release please visit:
    http://www.arachni-scanner.com/blog/arachni-0-4-6-0-4-3-release/

Download page:               http://www.arachni-scanner.com/download/

Homepage                      - http://www.arachni-scanner.com
Blog                                 - http://www.arachni-scanner.com/blog
Documentation               - https://github.com/Arachni/arachni/wiki
Support                           - http://support.arachni-scanner.com
GitHub page                   - http://github.com/Arachni/arachni
Code Documentation     - http://rubydoc.info/github/Arachni/arachni
Copyright                        - 2010-2014
License                             - Apache License v2