diff --git a/_pages/index.rst b/_pages/index.rst index b8c3d21..2355bce 100644 --- a/_pages/index.rst +++ b/_pages/index.rst @@ -502,10 +502,10 @@ Exploiting - `AttackSurfaceAnalyzer `_ - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - `Bashfuscator `_ - A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team. - `BeEF `_ - The Browser Exploitation Framework Project. -- `Bowcaster Exploit Development Framework `_ - This framework, implemented in Python, is intended to aid those developing -exploits by providing useful set of tools and modules, such as payloads, -encoders, connect-back servers, etc. Currently the framework is focused on the -MIPS CPU architecture, but the design is intended to be modular enough to +- `Bowcaster Exploit Development Framework `_ - This framework, implemented in Python, is intended to aid those developing +exploits by providing useful set of tools and modules, such as payloads, +encoders, connect-back servers, etc. Currently the framework is focused on the +MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures. - `BugId `_ - Detect, analyze and uniquely identify crashes in Windows applications. - `CALDERA `_ - A cyber security framework designed to easily automate adversary emulation, assist manual red-teams, and automate incident response. @@ -525,6 +525,7 @@ support arbitrary architectures. - `Gorsair `_ - Gorsair hacks its way into remote docker containers that expose their APIs. - `Infection Monkey `_ - An open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. - `Inveigh `_ - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. +- `operant-mcp `_ - Open-source MCP server providing 51 security testing tools across 19 modules including SQL injection, XSS, command injection, SSRF, path traversal, PCAP/network forensics, reconnaissance, memory forensics, and malware document analysis. - `Jir-thief `_ - A Red Team tool for exfiltrating sensitive data from Jira tickets. - `Kube-hunter `_ - Hunt for security weaknesses in Kubernetes clusters. - `LAVA `_ - Large-scale Automated Vulnerability Addition. @@ -873,7 +874,7 @@ Reporting - `DefectDojo `_ - An open-source application vulnerability correlation and security orchestration tool. - `Dradis `_ - Colllaboration and reporting for IT Security teams. - `Faraday `_ - Collaborative Penetration Test and Vulnerability Management Platform. -- `PwnDoc `_ - A pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. +- `PwnDoc `_ - A pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. - `VECTR `_ - A tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. - `WriteHat `_ - A reporting tool which removes Microsoft Word (and many hours of suffering) from the reporting process. Markdown --> HTML --> PDF. Created by penetration testers, for penetration testers - but can be used to generate any kind of report. @@ -1157,7 +1158,7 @@ Cloud Security - `Security Monkey `_ - Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time. - `SyntheticSun `_ - A defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. - `ThreatMapper `_ - Hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. -- `Varna `_ - Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL) +- `Varna `_ - Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL) Resources - `s3cr3t `_ - Serve files securely from an S3 bucket with expiring links and other restrictions.