It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts:

• Expired or soon to expire passwords (passwd -e)
• Locked accounts (passwd -S )
• Expired accounts (chage -E / chage -l )

Thanks for this great tool!

Hoping to get some clarification here surrounding commits. I've setup automation around Gitleaks to scan commits as they happen on a few repositories, however, the tool is alerting when the secret is first committed, and then alerting a second time when it's removed (not a file deletion, but a line removal).

Is there any configuration options to disable alerts w

The email address provided in the "Commercial Uses" section in LICENSE.md is invalid. Emails send to that address return with "User unknown" notice.

On hold

please wait before starting anything. There will be a major update to Hinty to tackle type hinting of the core (at least fields & packet). This will allow contributors to tackle smaller parts (the layers). In the meantime, have a look at the other contributions wanted page: secdev/scapy#399 - thanks

Project "Hinty" aims at adding **Type hi

Eg: norestored.

And until then, change the man page to say that it is incomplete, and to look in examples and the changelog. Are there configuration settings that are only documented in code?

In a server / client setup it would be great if Trivy would expose some metrics about the scans happen with the central server.
Some useful metrics for my implementation:

• Last DB Update (timestamp)
• Last DB Update Attempt (timestamp)
• Sum of Issues found
• Sum of Issues found splited up in SEVERITY
• Sum of Issues found splited up in sources (OS, Python, Node etc)

As Trivy is build to

The Chinese translated version of the README is well out of date, last updated 2 years ago.
The current English README needs to be translated to replace this old one, or to be removed.
.github\.translations\README-zh.md

Summary

Get URLs that have parameters, whether http or https, leak sensitive information when they capture parameters such as API-Keys, usernames, and passwords. Browser extensions, bookmarks, history, and server log files capture these, even when operating in anonymous mode. Browser providers could share the information and log files need to mask the sensitive information. Refer: https://ww

Is your feature request related to a problem? Please describe.
Monkey Island should listen to port 80 and 443 (if not taken) and redirect clients to the correct Island port.

Describe alternatives you've considered
We don't want to move the Island to port 443 because that loses us a ATT&CK technique for uncommon port, but many users accidentally browse to default http/https.

The dashboard app doesn't have much documentation - it took me a while to figure out I needed to install the Google Cloud SDK to do anything with it. It would be nice to have some basic setup instructions documented.

It'd be helpful if there was a check for ELB and ALBs that have either no listeners or no instances in their target pool. The check is similar to an unused security group although their are more financial penalties for having idle ELB and ALBs.

There are several issues open that suggest that it is unclear how Bandit is meant to be executed. In fact, there are no usage instructions at all in the Bandit docs.

Describe the solution you'd like

There should be simple, crisp, usage instructions in the Bandit docs, e.g.

Install Bandit:

pip install bandit

Run Bandit o

Environment

Cobra version: 2.0.0-alpha.5
Python version: 2.7.10
Operating system: Darwin-15.5.0-x86_64-i386-64bit
Command line: cobra.py -t tests/vulnerabilities/ -r CVI-167001.xml

Traceback

Traceback (most recent call last):
  File "/Users/Viarus/Documents/cobra/cobra/__init__.py", line 82, in main
    cli.start(args.target, args.format, args.output, args.special_rules, a_sid)
 

Many users of Cameradar are not english-speakers but Chinese and Russian speakers. I saw already that @wxylssy started translating the README to Simplified Chinese on his fork.

It would be nice to have official translations to help new users that are not english-speakers understand the project, so @wxylssy if you'd like to contribute you are more than wel

What would you like to be added

I would love to have a MongoDB database connector.

Why this is needed

All our other services use MongoDB and I would love to keep everything unified in one database system.

Failing that, is it possible to provide a pluggable webhook that we can have and then enter into our own database?

Calling all pentesters and/or people like myself who find infosec pretty neat!

Do you have any cool Shodan.io queries that you've come across — cool, funny, interesting, scary, facepalm-inducing, or otherwise? Some examples of IOT gems we've already found are electronic billboards with banks advertising free donuts, gas station pumps around the country, X-ray machines, 3D p