Showing posts with label open source security reporting. Show all posts
Showing posts with label open source security reporting. Show all posts

Friday, August 21, 2020

Open Sources Tool - Stringlifier & Tripod

 Stringlifier:

                             a python based tool/module help to analyzing security and application logs, or when attempting to discover credentials that might have been accidentally exposed. 


Typical usage scenarios include:

  • Sanitizing application or security logs
  • Detecting accidentally exposed credentials (complex passwords or api keys)


It detects code/text that resembles a randomly generated string in any plain text. It uses machine learning to distinguish between normal and random character sequences. It can also be adapted for more fine-grained classifications (password, API key, hash, etc.). 


“1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, random generated passwords, API keys, or many other types of strings. You can usually spot them in logs, command lines, configuration files, and source code. Whether you are analyzing security and application logs or you are hunting for accidentally exposed credentials, they can, unfortunately, make your life a lot harder. This is because building a search pattern for something random is a particularly hard task.


Download Link : 

https://github.com/adobe/stringlifier


Tripod:

 is a tool/ML model for computing latent representations for large sequences. It has been used on source code and text and it has applications such as:

  • Malicious code detection
  • Sentiment analysis
  • Information/code indexing and retrieval
  • Anomaly Detection/ Unsupervised Learning

Friday, July 29, 2011

open source security assessment framework



Dradis

is an open source framework to enable effective information sharing, specially during security assessments.

Dradis is a self-contained web application that provides a centralized repository of information to keep track

This application is suited to people in lengthy engagements, it’s very useful to have all the information in one place. It’s also good to have if your team changes (i.e. someone joins half the way through), it will be useful to bring them up to speed.

Download Link : Click Here

************************************************************************************