Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom
The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the security of mobile applications. It provides a standardized reference for identifying and validating common software security weaknesses and performing reverse engineering based on industry standards. The project provides a structured set of technical processes and checklists used to audit applications against established security weakness enumerations. It encompasses guidance for analyzing application binaries and runtime behavior to identify hidden functionality and security ga
This project is a comprehensive set of guides and frameworks designed to secure software-as-a-service infrastructure and company operations. It provides a collection of technical checklists, architectural patterns, and best practices for hardening cloud applications against cyber attacks. The project differentiates itself by providing specialized manuals for risk management and compliance readiness. It offers structured approaches to threat modeling, incident response planning, and the preparation of audit evidence required to meet industry security certifications and enterprise customer requ
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Este proyecto es una herramienta de auditoría de seguridad SSH diseñada para analizar configuraciones de servidores y clientes. Funciona como un analizador criptográfico que evalúa algoritmos de intercambio de claves, MAC y cifrado para identificar primitivas débiles o heredadas y asegurar el cumplimiento de la seguridad.
Las características principales de jtesta/ssh-audit son: Cryptographic Configuration Analyzers, SSH Server Auditing, Vulnerability Mapping, Cryptographic Primitive Validation, Security and Compliance, Configuration Policy Validation, Cryptographic Algorithm Auditing, Security Auditing Tools.
Las alternativas de código abierto para jtesta/ssh-audit incluyen: cisofy/lynis — Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It… owasp/owasp-mstg — The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the… forter/security-101-for-saas-startups — This project is a comprehensive set of guides and frameworks designed to secure software-as-a-service infrastructure… andresriancho/w3af — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities… carlospolop/peass-ng — PEASS-ng is a Linux privilege escalation scanner and post-exploitation enumeration tool. It identifies security… dev-sec/ansible-collection-hardening — This is an Ansible collection that automates security hardening for Linux operating systems, databases, web servers,…