top of page

Open Source Application Security arsenal

Application Security

While building Security Phoenix we had a thought on sharing some of the component (open source) to enable to build a custom arsenal of open source vulnerabilities

Various Phases

it all starts on pen and paper

I always like to start with a mindmap of the various component, might be old school but hey it works and helps to focus

What are the components of the framework:

*) Enumeration/Reconnaissance In this phase you list the various component of an application, web source, API etc...

Then you start the merry go round

  1. Static code analyser - you look at code and identify with regular expression what's good and bad

  2. Dependency-Check - this enables to create a software composition

  3. Code relationships - again this is related to how the code and libraries interdepend with each other

  4. Cloud Assessment - this is an extra component if you have a cloud deployment

  5. Network assessment - there are multiple one (from Nmap to nettacker) depends really hwo deep you want to go

  6. Web/API assessment - in this case, you want to test with script or interjection the code quality that you send to a web frontend (burp, zap are name in this case)

  7. Vulnerability Managers not many aggregators, that's why we've created Security Phoenix

  8. Intelligence framework - This is an extra step if you want to integrate a threat feed/scanner in the project

The core arsenal

*) Enumeration/Reconnasance

3) Cloud Assessment - Prowler -

4) Network assessment - Nettacker -

*) Vulnerability Scanner/Management - Security Phoenix -

Some of the tool available

Network Vuln assessment

Website Crawelers


Network Vuln Build:

This could be a set of tools you could launch from a central location with a VM/docker images

Idea of the build:

h4cker -

3) Cloud Assessment - Prowler - you can script the launch/scanresults

4) Network assessment - Nettacker -

Specialisation Code analysis (sub section)

There are many open-source analyser in the wild but most of them are specialized on one or two language

Good reference: - Indext to other Code analysers

- Python - Bandit - Bandit is a comprehensive source vulnerability scanner for Python

- Ruby - Brakeman - Brakeman is an open-source vulnerability scanner specifically designed for Ruby on Rails applications

Dawnscanner - Dawnscanner is an open source security source code analyzer for Ruby, supporting major MVC frameworks like Ruby on Rails, Padrino, and Sinatra. It also works on non-web applications written in Ruby.

- Java -

- C - Flawfinder Flawfinder - Scans C and C++.

- PHP - RIPS - A static source code analyzer for vulnerabilities in PHP web applications.

- SonarQube - Scans source code for 15 languages for Bugs, Vulnerabilities, and Code Smells. SonarQube IDE plugins for Eclipse, Visual Studio, and IntelliJ provided by SonarLint.

HCL AppScan CodeSweep - This is the first Community edition version of AppScan. It is delivered as a VS Code plugin and scans files upon saving them. The results show the location of a finding, type and remediation advice. The tool currently supports Python, Ruby, JS (Node, Angular, JQuery, etc) , PHP, Perl, COBOL, APEX & a few more.

OWASP Tools for code analysis

Software Language(s)

OWASP Code Crawler .NET, Java

OWASP Orizon Project Java

OWASP LAPSE Project Java

OWASP O2 Platform

OWASP WAP-Web Application Protection PHP

- Also Full list here:

- Full list of open code analyser :

Specialisation - AWS Specific assessments -

A list of different tools that you can deploy to test AWS infrastructure. Remember to fill out the form if doing testing like this.

1. prowler - Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark (

2. nccgroup/Scout2 - Security auditing tool for AWS environments

3. cloudsploit/scans - AWS security scanning checks

4. The amazon inspector‍ -

5. Netflix/security_monkey - Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations

6. Aardvark - Aardvark is a multi-account AWS IAM Access Advisor API

7. Repokid - AWS Least Privilege for Distributed, High-Velocity Deployment

8. DenizParlak/Zeus - AWS Auditing & Hardening Tool

9. Nimbostratus - Tools for fingerprinting and exploiting Amazon cloud infrastructures + video presentation and intro blog post

10. Bucket finder - This is a fairly simple tool to run, all it requires is a wordlist and it will go off and check each word to see if that bucket name exists in the Amazon's S3 system. Any that it finds it will check to see if the bucket is public, private or a redirect.

11. Tony's mega AWS Tools:


This concludes the list for now but i'll continue updating this list

207 views0 comments

Recent Posts

See All


bottom of page