Alternatives and similar repositories for cis-benchmarks

Users that are interested in cis-benchmarks are comparing it to the libraries listed below

• vmware-labs / attack-surface-framework
  Tool to discover external and internal network attack surface
  ☆200Updated last year
• softrams / bulwark
  An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
  ☆182Updated last week
• mhaskar / Bughound
  Static code analysis tool based on Elasticsearch
  ☆129Updated 4 years ago
• nccgroup / ccs
  ☆112Updated 2 years ago
• grines / scour
  ☆127Updated last year
• RossGeerlings / webstor
  WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted se…
  ☆157Updated last year
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆89Updated 2 months ago
• trickest / find-gh-poc
  Find CVE PoCs on GitHub
  ☆148Updated last week
• matiassequeira / docker_explorer
  Scan DockerHub images that match a keyword to find secrets.
  ☆60Updated 4 years ago
• reconmap / web-client
  Reconmap's web client written in React. Manage all your pentest projects from a single place.
  ☆51Updated this week
• g3rzi / HackingKubernetes
  This repository contain any information that can be used to hack Kubernetes
  ☆108Updated 3 years ago
• GovTech-CSG / Autowasp
  BurpSuite Extension: A one-stop pen testing checklist and logger tool
  ☆75Updated 2 years ago
• Orange-Cyberdefense / CVE-repository
  Repository of CVE found by OCD people
  ☆77Updated last month
• PortSwigger / nuclei-burp-integration
  Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.
  ☆30Updated 2 years ago
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆64Updated 2 months ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆69Updated 11 months ago
• The-Login / DNS-Reset-Checker
  Tools to assess the DNS security of web applications
  ☆128Updated 2 years ago
• righettod / log4shell-analysis
  Contains all my research and content produced regarding the log4shell vulnerability
  ☆31Updated 3 years ago
• nccgroup / cloud_ip_ranges
  Identify IP addresses owned by public cloud providers
  ☆125Updated last year
• A3h1nt / Dnsrr
  DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS.
  ☆121Updated 3 years ago
• The-Login / DNS-Analysis-Server
  Tools to assess DNS security.
  ☆152Updated last year
• projectdiscovery / openrisk
  openrisk is a tool that generates a risk score based on the results of a Nuclei scan.
  ☆172Updated 6 months ago
• Secure-Compliance-Solutions-LLC / OpenVAS-Docker
  A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
  ☆20Updated last year
• FA-PengFei / NGWAF
  First iteration of ML based Feedback WAF
  ☆59Updated last year
• nccgroup / whalescan
  Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulner…
  ☆155Updated 2 years ago
• bcoles / jira_scan
  A simple remote scanner for Atlassian Jira
  ☆121Updated 2 years ago
• DevSecOpsDocs / nuclearpond
  Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.
  ☆184Updated last year
• prjblk / nessus-database-export
  Script to export Nessus results to a relational database for use in reports, analysis, or whatever else.
  ☆69Updated 3 months ago
• RUB-NDS / REST-Attacker
  REST-Attacker is designed as a proof-of-concept for the feasibility of testing generic real-world REST implementations. Its goal is to pr…
  ☆80Updated 2 years ago
• Anof-cyber / Pentest-Mapper
  A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabiliti…
  ☆116Updated 2 years ago