Open-source Research tools and vulnerability scanners

To keep one’s business on the market, data integrity and research plays a vital roles. There are many cloud and enterprise solutions of nowadays insists on the protection of the system from vulnerability. Here are some of the open-source projects concentrating on the research and vulnerability management.

The Radare project is a Unix-like reverse engineering framework and command-line tool for Android, Linux, BSD, iOS, OS X, Solaris, Haiku, FirefoxOS, and QNX, as well as both 32- and 64-bit Windows. The project started as a forensics tool and a scriptable command-line hexadecimal editor, but has since added libraries and tools for analyzing binaries, disassembling code, debugging programs, and attaching to remote gdb servers. Radare supports a broad range of architectures -- Intel-based, ARM, Sparc, and PowerPC, to name a few.

 Brakeman is a vulnerability scanner for Ruby on Rails apps that lets infosec pros analyze data flow from one part of the application to another. Brakeman helps administrators uncover problems in Web applications such as SQL injection, SSL verification bypass, and information disclosure vulnerabilities. Brakeman should be used with a website security scanner.

Quick Android Review Kit (Qark) looks for security vulnerabilities in Android applications, either in the source code or packaged APKs. The tool looks for issues such as inadvertently exported components, improper x.509 certificate validation, data leakage, private keys embedded in the source code, weak or improperly used cryptography, and tap-jacking, to name a few. Qark provides information about the nature of security vulnerabilities found, as well as the ability to create proof-of-concept APKs that could exploit them.

 For malware analysis, there's Cuckoo Sandbox, an automated dynamic malware analysis system that originated in 2010 as a Google Summer of Code project. Cuckoo lets security teams detonate suspicious files and monitor the resulting behavior in an isolated virtual environment. Cuckoo dumps the memory and analyzes the data -- such as tracing API calls and logging all files created and deleted -- to determine exactly what a suspicious file is doing on the system.

 Jupyter is not a security-specific project, but the shareable notebooks are a must-have for any security toolkit. Security professionals can share live code, visualizations, and explanatory text with individual notebooks, which come with an embedded shell. There are additional tools to enhance the project, including Jupyterhub, a multiuser server, a diff tool, a Docker stack, and an OAuth package.