Readme Overhall

acunetix/README.md

@@ -0,0 +1,5 @@
+-Acunetix-
+
+Acunetix is a global web security leader. As the first company to build a fully dedicated and fully automated web vulnerability scanner, Acunetix carries unparalleled experience in the field. The Acunetix web vulnerability scanner has been recognized as a leading solution multiple times. It is also trusted by customers from the most demanding sectors including many fortune 500 companies.
+
+Website: https://www.acunetix.com/

anchore_engine/README.md

@@ -0,0 +1,6 @@
+-Anchore Engine-
+
+The Anchore Engine is an open source project that provides a centralized service for performing detailed analysis on container images, running queries, producing reports and defining policies that can be used in CI/CD pipelines.
+
+Website: https://anchore.com/engine/
+Github: https://github.com/anchore/anchore-engine

appscan/README.md

@@ -0,0 +1,5 @@
+-AppScan-
+
+IBM AppScan solutions provide preemptive protection for mobile, web and cloud applications. They secure apps against malicious use today and help you remediate potential attacks in the future.
+
+Website: https://www.ibm.com/security/application-security/appscan

appspider/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-AppSpider-
 
-Repository for sample scan files.
+Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.rapid7.com/products/appspider/

arachni/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Arachni-
 
-Repository for sample scan files.
+Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.arachni-scanner.com/
+Github: https://github.com/Arachni/arachni 

aws_prowler/README.md

@@ -0,0 +1,7 @@
+-AWS Prowler-
+
+Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
+It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has 40 additional checks including related to GDPR and HIPAA.
+
+Website: https://blog.savagesec.com/securing-your-aws-infrastructure-using-prowler-ec6e6b97513
+Github: https://github.com/toniblyx/prowler

aws_scout2/README.md

@@ -1,11 +1,3 @@
-# Sample Scan Files
+AWS Scout2 is no longer under development. The latest (and final) version of Scout2 can be found in https://github.com/nccgroup/Scout2/releases and https://pypi.org/project/AWSScout2.
 
-Repository for sample scan files.
-
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+The project has migrated to https://github.com/nccgroup/ScoutSuite.

bandit/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Bandit-
 
-Repository for sample scan files.
+Bandit is a tool designed to find common security issues in Python code. 
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Github: https://github.com/PyCQA/bandit

blackduck/README.md

@@ -0,0 +1,5 @@
+-Blackduck-
+
+For over 15 years, security, development, and legal teams around the globe have relied on Black Duck to help them manage the risks that come with the use of open source.Built on the Black Duck KnowledgeBase™—the most comprehensive database of open source component, vulnerability, and license information—Black Duck software composition analysis solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
+
+Website: https://www.blackducksoftware.com/

brakeman/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Brakeman-
 
-Repository for sample scan files.
+Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://brakemanscanner.org/
+Github: https://github.com/presidentbeef/brakeman

bundler_audit/README.md

@@ -0,0 +1,6 @@
+-Bundler Audit-
+
+bundler-audit provides patch-level verification for Bundled apps.
+
+Website: bundler-audit provides patch-level verification for Bundled apps.
+Github: https://github.com/rubysec/bundler-audit

burp/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Burp-
 
-Repository for sample scan files.
+Burp includes coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://portswigger.net/burp

checkmarx/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Checkmarx-
 
-Repository for sample scan files.
+Taking a holistic, platform-centric approach, the Software Exposure Platform builds security in from the start of the SDLC, continuously supporting all stages of the DevOps cycle.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.checkmarx.com

clair/README.md

@@ -1,3 +1,7 @@
-# Clair scan
+-Clair-
 
-Sample scan from vulnerables/web-dvwa (see also: https://hub.docker.com/r/vulnerables/web-dvwa/) with the client `clair-scanner`.
+Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.
+Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten a container. When vulnerability data changes upstream, the previous state and new state of the vulnerability along with the images they affect can be sent via webhook to a configured endpoint. All major components can be customized programmatically at compile-time without forking the project.
+
+Website: https://coreos.com/clair/docs/latest/
+Github: https://github.com/coreos/clair

clair_klar/README.md

@@ -0,0 +1,5 @@
+-Clair Klar-
+
+Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relies on enviroment variables. It's a single binary which requires no dependencies.
+
+Github: https://github.com/optiopay/klar

cobalt/README.md

@@ -0,0 +1,5 @@
+-Cobalt-
+
+Cobalt is redefining the modern pentest for companies who want serious hacker-like testing built into their development cycle.
+
+Website: https://cobalt.io/

contrast/README.md

@@ -1,11 +1,9 @@
-# Sample Scan Files
+-Contrast-
 
-Repository for sample scan files.
+Every business is a software business. Yet software remains the leading source of data breaches. The stakes are too costly to leave it
+unprotected and the old methods just don't work anymore.
 
-## Getting Started
+Contrast Security makes software self-protecting so it can defend itself from vulnerabilities & attacks.
+Contrast eliminates risk to software applications and their data.
 
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.contrastsecurity.com/

crashtest_security/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Crashtest Security-
 
-Repository for sample scan files.
+The Crashtest Security Suite fits the needs of agile development teams programming web applications and APIs. With the black-box approach it checks for common web app vulnerabilities, e.g. the OWASP Top 10.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://crashtest-security.com/product
+Github: https://github.com/crashtest-security/gist

dawnscanner/README.md

@@ -0,0 +1,6 @@
+-Dawnscanner-
+
+Dawnscanner is a source code scanner designed to review your ruby code for security issues. Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. It supports major MVC (Model View Controller) frameworks, out of the box: 
+
+Website: https://dawnscanner.org/
+Github: https://github.com/thesp0nge/dawnscanner

defect_dojo/README.md

@@ -0,0 +1,3 @@
+-Defect Dojo-
+
+This is a sample Defect Dojo instance that can be loaded via loaddata into an instance of a defectdojo server. 

dependency_check/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Dependency Check-
 
-Repository for sample scan files.
+Dependency-Check is a software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10 2017 A9-Using Components with Known Vulnerabilities previously known as OWASP Top 10 2013 A9-Using Components with Known Vulnerabilities. 
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.owasp.org/index.php/OWASP_Dependency_Check
+Github: https://github.com/jeremylong/DependencyCheck

fortify/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Fortify-
 
-Repository for sample scan files.
+Micro Focus Fortify Static Code Analyzer reduces software risk by identifying security vulnerabilities that pose the biggest threats to your organization. It pinpoints the root cause of the vulnerability, correlates and prioritizes results, and provides best practices so developers can develop code more securely.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.microfocus.com/en-us/products/static-code-analysis-sast/how-it-works

generic/README.md

@@ -1,11 +1,3 @@
-# Sample Scan Files
+-Generic-
 
-Repository for sample scan files.
-
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Generic uses a csv file with columns corresponding to findings and their data.

gosec/README.md

@@ -1,15 +1,5 @@
-# Sample Scan Files
+-Gosec-
 
-Repository for sample scan files.
+Inspects source code for security problems by scanning the Go AST.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-## References
-gosec - golang security checker: https://github.com/securego/gosec
-Golang Vulnerable App: https://github.com/0c34/govwa
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Github: https://github.com/securego/gosec

immuniweb/README.md

@@ -0,0 +1,7 @@
+-ImmuniWeb-
+
+ImmuniWeb® AI Platform leverages Machine Learning and AI for intelligent automation and acceleration of
+threat-aware penetration testing. Driven by human intelligence, it rapidly detects even the
+most sophisticated vulnerabilities and comes with a zero false-positives SLA.
+
+Website: https://www.immuniweb.com/technology/

kiuwan/README.md

@@ -0,0 +1,5 @@
+-Kiuwan-
+
+Automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools.
+
+Website: https://www.kiuwan.com/code-security-sast/

microfocus_webinspect/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Microfocus Webinspect-
 
-Repository for sample scan files.
+Micro Focus WebInspect is an automated dynamic testing solution that discovers configuration issues, and identifies and prioritizes security vulnerabilities in running applications. It mimics real-world hacking techniques and provides comprehensive dynamic analysis of complex web applications and services. WebInspect dashboards and reports provide organizations with visibility and an accurate risk posture of your applications.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.microfocus.com/en-us/products/webinspect-dynamic-analysis-dast/how-it-works

mobsf/README.md

@@ -1,11 +1,7 @@
-# Sample Scan Files
+-Mobsf-
 
-Repository for sample scan files.
+Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.
 
-## Getting Started
+-NO SAMPLE SCAN FILES ARE AVAILABLE AT THIS TIME-
 
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Github: https://github.com/MobSF/Mobile-Security-Framework-MobSF

mozilla_observatory/README.md

@@ -0,0 +1,6 @@
+-Mozilla Observatory-
+
+The Mozilla Observatory has helped over 170,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely. 
+
+Website: https://observatory.mozilla.org/
+Github: https://github.com/mozilla/http-observatory

nessus/README.md

@@ -1,11 +1,5 @@
-# Sample Scan Files
+-Nessus-
 
-Repository for sample scan files.
+Nessus was built from the ground-up with a deep understanding of how security practitioners work. Every feature in Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues. 
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.tenable.com/products/nessus

netsparker/README.md

@@ -0,0 +1,5 @@
+-Netsparker-
+
+Netsparker is an easy to use and fully automated web application security scanner that uses the advanced Proof-Based ScanningTM technology to identify SQL Injection, Cross-site Scripting (XSS) and thousands of other vulnerabilities in web applications, web services and web APIs. The Netsparker web vulnerability scanner also has built-in security testing tools, reports generator, and can be easily integrated in your SDLC, DevOps and other environments.
+
+Website: https://www.netsparker.com/web-vulnerability-scanner/

nexpose/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Nexpose-
 
-Repository for sample scan files.
+Nexpose, Rapid7’s on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://www.rapid7.com/products/nexpose/
+Github: https://github.com/rapid7/nexpose-client/releases/tag/v7.2.1

nikto/README.md

@@ -1,11 +1,6 @@
-# Sample Scan Files
+-Nikto-
 
-Repository for sample scan files.
+Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
 
-## Getting Started
-
-Upload the sample file to the folder of the scanner. If the scanner folder is not there then please create it with the submission. The file should be in the format, <scanner_name>\_v<x.x>.ext
-
-### Notice
-
-Please do not upload any production data as the scan files are intended to be scrubbed or against demo systems.
+Website: https://cirt.net/Nikto2
+Github: https://github.com/sullo/nikto