Narzędzia

Testy bezpieczeństwa

OWASP Top Ten:
https://owasp.org/Top10/

OWASP Web Security Testing Guide:
https://owasp.org/www-project-web-security-testing-guide/stable/

OWASP Application Security Verification Standard:
https://github.com/OWASP/ASVS

OWASP ZAP:
https://www.zaproxy.org/

Burp Suite Community Edition:
https://portswigger.net/burp/communitydownload/

OWASP WebGoat:
https://hub.docker.com/r/webgoat/goatandwolf

OWASP Broken Apps (stare ale jare):
https://sourceforge.net/projects/owaspbwa/

OWASP DirBuster:
https://sourceforge.net/projects/dirbuster/

Have I Been Pwned?
https://haveibeenpwned.com/

How secure is your browser?
https://browseraudit.com/

Digital Attack Map:
https://www.digitalattackmap.com/

PrivacyTools:
https://www.privacytools.io/

PRISM-Break:
https://prism-break.org/pl/

„Cover Your Tracks”
Test your browser to see how well you are protected from tracking and fingerprinting.
https://coveryourtracks.eff.org/

Unique machine:
http://uniquemachine.org/

Yasni - wyszukiwarka informacji o osobach:
http://www.yasni.com/

Shodan - wyszukiwarka niezabezpieczonych urządzeń IoT:
https://www.shodan.io/

Kali Linux - „kombajn” do testów bezpieczeństwa:
https://www.kali.org/downloads/

Santoku Linux - dystrybucja do testów bezpieczeństwa mobilek, niestety już nie rozwijana:
https://santoku-linux.com/download/

Apktool:
https://bitbucket.org/iBotPeaches/apktool/downloads/

Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers:
https://www.frida.re/docs/installation/

Fiddler Classic:
https://www.telerik.com/download/fiddler

LOKI - darmowy skaner IoC:
https://github.com/Neo23x0/Loki/archive/master.zip

VirtualBox:
https://www.virtualbox.org/wiki/Downloads

Repozytorium ciągów i zapytań, na które wrażliwe są aplikacje:
https://github.com/fuzzdb-project/fuzzdb/

Baza podatności w systemach:
https://www.exploit-db.com/

Vulnerability database:
https://vuldb.com/

Common Weakness Enumeration:
https://cwe.mitre.org/

The Web Application Security Consortium
(dozwolone od 16 lat):
http://projects.webappsec.org/

„Plain text offenders”
Blog gromadzący strony, które przechowują hasła użytkowników:
https://plaintextoffenders.com/

Rekonesans w KRS:
http://www.osoby-krs.pl/
https://rejestr.io/

Whois & checkhost:
https://whois.com
https://www.dns.pl/cgi-bin/whois.pl
https://whois.intensys.pl/
https://check-host.net/
https://hostingchecker.com/

FOCA is a tool used mainly to find metadata and hidden information in the documents it scans:
https://github.com/ElevenPaths/FOCA

Zerodium Exploit Acquisition Program:
https://zerodium.com/program.html

Testy aplikacji mobilnych

Biblioteki programistyczne

Kivy:
https://kivy.org/#home

Volkswagen detects when your tests are being run in a CI server, and makes them pass:
https://github.com/auchenberg/volkswagen

Biblioteka OpenCV do rozpoznawania obrazu:
https://github.com/opencv/opencv/

Biblioteka Pythona do obrabiania PDF:
https://pypi.org/project/pyPdf/

Beautiful Soup is a library that makes it easy to scrape information from web pages:
https://launchpad.net/beautifulsoup/