Focused crawls are collections of frequently-updated webcrawl data from narrow (as opposed to broad or wide) web crawls, often focused on a single domain or subdomain.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
.well-known (RFC) is becoming an increasingly popular destination for stashing site-wide metadata. Some of that metadata is relevant to site security or may unintentionally leak information, so we should scan it.
Some starting points:
Presence of/interesting things in an MTA-STS policy (RFC)
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
The same way we have flags for avoiding indexing and scanning forks or repositories on personal namespaces, we should add one for ignoring repositories that are marked as private, in both GitLab and GitHub.
The https://github.com/nccgroup/ScoutSuite/blob/master/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json finding should only flag
USER_MANAGEDkeys (https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys), asSYSTEM_MANAGEDkeys are "managed and rotated by Google"