Alternatives and similar repositories for cis-benchmarks

Users that are interested in cis-benchmarks are comparing it to the libraries listed below

• nccgroup / ccs
  ☆114Updated 2 years ago
• vmware-labs / attack-surface-framework
  Tool to discover external and internal network attack surface
  ☆204Updated last year
• softrams / bulwark
  An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
  ☆183Updated last week
• grines / scour
  ☆126Updated last year
• matiassequeira / docker_explorer
  Scan DockerHub images that match a keyword to find secrets.
  ☆61Updated 4 years ago
• righettod / log4shell-analysis
  Contains all my research and content produced regarding the log4shell vulnerability
  ☆31Updated 3 years ago
• mhaskar / Bughound
  Static code analysis tool based on Elasticsearch
  ☆129Updated 4 years ago
• reconmap / web-client
  Reconmap's web client written in React. Manage all your pentest projects from a single place.
  ☆51Updated this week
• nccgroup / whalescan
  Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulner…
  ☆156Updated 2 years ago
• PortSwigger / nuclei-burp-integration
  Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.
  ☆30Updated 2 years ago
• GovTech-CSG / Autowasp
  BurpSuite Extension: A one-stop pen testing checklist and logger tool
  ☆76Updated 3 years ago
• Patrowl / PatrowlHears
  PatrowlHears - Vulnerability Intelligence Center / Exploits
  ☆165Updated this week
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆69Updated 6 months ago
• nccgroup / cloud_ip_ranges
  Identify IP addresses owned by public cloud providers
  ☆127Updated last year
• prjblk / nessus-database-export
  Script to export Nessus results to a relational database for use in reports, analysis, or whatever else.
  ☆70Updated 7 months ago
• NotSoSecure / cloud-sec-wiki
  Jekyll Files for cloudsecwiki.com
  ☆49Updated 4 years ago
• trinitor / CVE-Vulnerability-Information-Downloader
  Downloads Information from NIST (CVSS), first.org (EPSS), and CISA (Exploited Vulnerabilities) and combines them into one list. Reports f…
  ☆142Updated 2 years ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆69Updated last year
• RossGeerlings / webstor
  WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted se…
  ☆157Updated last year
• trickest / find-gh-poc
  Find CVE PoCs on GitHub
  ☆156Updated 4 months ago
• noperator / panos-scanner
  Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
  ☆128Updated last year
• FA-PengFei / NGWAF
  First iteration of ML based Feedback WAF
  ☆59Updated last year
• mandiant / heyserial
  Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…
  ☆144Updated 2 years ago
• darkarnium / Log4j-CVE-Detect
  Detections for CVE-2021-44228 inside of nested binaries
  ☆35Updated 3 years ago
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆89Updated 6 months ago
• A3h1nt / Dnsrr
  DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS.
  ☆121Updated 3 years ago
• ne0z / DamnVulnerableMicroServices
  This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)
  ☆45Updated 2 years ago
• doyensec / PESD-Exporter-Extension
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
  ☆106Updated 10 months ago
• telekom-security / cve-2023-3519-citrix-scanner
  Citrix Scanner for CVE-2023-3519
  ☆53Updated 2 years ago
• OWASP / owasp-cstg
  ☆36Updated 5 years ago