Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Stars: ✭ 419 (+721.57%)

Mutual labels: security-tools, security-audit

Inql

InQL - A Burp Extension for GraphQL Security Testing

Stars: ✭ 715 (+1301.96%)

Mutual labels: security-tools, security-audit

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

Stars: ✭ 367 (+619.61%)

Mutual labels: security-tools, security-audit

Vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Stars: ✭ 767 (+1403.92%)

Mutual labels: security-tools, security-audit

Graudit

grep rough audit - source code auditing tool

Stars: ✭ 747 (+1364.71%)

Mutual labels: security-tools, security-audit

Hellraiser

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Stars: ✭ 413 (+709.8%)

Mutual labels: security-tools, security-audit

Marsnake

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Stars: ✭ 16 (-68.63%)

Mutual labels: security-tools, security-audit

Fwanalyzer

a tool to analyze filesystem images for security

Stars: ✭ 382 (+649.02%)

Mutual labels: security-tools, security-audit

Npq

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Stars: ✭ 513 (+905.88%)

Mutual labels: security-tools, security-audit

Apkanalyser

一键提取安卓应用中可能存在的敏感信息。

Stars: ✭ 378 (+641.18%)

Mutual labels: security-tools, security-audit

Jok3r

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Stars: ✭ 645 (+1164.71%)

Mutual labels: security-tools, security-audit

Impost3r

👻Impost3r -- A linux password thief

Stars: ✭ 355 (+596.08%)

Mutual labels: security-tools, keylogger

Taipan

Web application vulnerability scanner

Stars: ✭ 359 (+603.92%)

Mutual labels: security-tools, security-audit

Brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

Stars: ✭ 6,281 (+12215.69%)

Mutual labels: security-tools, security-audit

Cs Suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Stars: ✭ 815 (+1498.04%)

Mutual labels: security-tools, security-audit

View All Similar Projects ➔

关于我们

Website：https://security.immomo.com

WeChat:

项目介绍

准备

安装并启用syslog服务，做好对应日志级别（根据LOGGER函数中所使用的facility.severity）及权限的配置。

安装

将momosec_bashrc放在/etc/下，权限修改为644，属组为root
在/etc/bashrc中加载该文件，如[ -f /etc/momosec_bashrc ] && . /etc/momosec_bashrc

效果

收集到的每条日志格式如下：

[syslog_part]: [ssh_client_ip] [server_name] [server_ip] [login_time] [ssh_pid] [tty] [login_user] [sudo_user] [pwd] [cmd]

syslog_part：syslog服务添加的部分，具体内容由syslog配置决定
ssh_client_ip：登录者IP，如从服务器A ssh登录到服务器B，则该项表示服务器A的IP
server_name：命令执行时所在的服务器主机名
server_ip：命令执行时所在的服务器IP
login_time：命令执行者的登录时间
ssh_pid：命令执行者的ssh进程号
tty：命令执行者所处会话的tty
login_user：命令执行者的ssh登录身份
sudo_user：命令执行者的当前身份
pwd：命令执行时所在的目录
cmd：执行的命令，具体内容由history的格式决定

覆盖功能

功能项	命令记录转发
身份识别	✔︎
记录非交互式shell命令	✔︎
实时记录	✔︎
记录无tty下的命令	✔︎
记录sh命令	✔︎
记录脚本文件内执行的命令	✔︎
记录norc启动的shell命令	✔︎
是否方便数据的后续处理	✔︎
是否可以控制命令的执行	✘
非bash shell上执行的命令	✘

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 51

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (1) 🔗