Nikto
Open source tool used to scan web servers; Vulnerability scans for known issues; Checks for configuration errors;
TruffleHog
Scans for exposed secrets such as API Keys, Passwords and Token; Identifies sensitive information;
Grype
Open Source; Scans container images; Identifies known vulnerabilities; Scan file systems;
kube-hunter
Specialised tool to scan Kubernetes Clusters for potential vulnerabilities and configuration issues; Can run on any machine in a cluster; Can run in a pod within the cluster (Internal Scanning);
Greenbone OpenVAS
Full featured vulnerability scanner; Authenticated and unauthenticated testing; Internet and industrial protocols; Diverse infrastructures; Performance tuning features; Internal programming language;
BloodhoundAD/Sharphound
Mapping out Active Directory Environments and potential attack paths; Sharphound gathers data about users which bloodhound visualises;
AD Explorer – Active Directory Structure
AD Recon – Deep enumeration on AD Environments; Users and Groups;
Ping Castle – Assesses Security Health of AD Environments; Risk assessment mode;
Grouper – Enumerates AD Groups; Privilege escalation risks
Leave a Reply