SharePointDumper is a PowerShell utility that extracts and audits SharePoint sites using Microsoft Graph. It requires an OAuth2 access token and provides detailed reports of accessed sites and downloaded files, making it useful for security assessments.

Lynis is a security auditing tool for UNIX-based systems like Linux and macOS. It scans for vulnerabilities, configuration issues, and compliance with standards such as ISO27001 and PCI-DSS. System administrators and security professionals use it to enhance system defenses.

EvilMist is a set of scripts for auditing cloud security, focusing on Azure Entra ID. It helps identify misconfigurations, assess user access, and simulate attack techniques, all without needing authentication tokens. The toolkit includes features for user enumeration, risk assessment, and export options for analysis.

Spektrum integrates with your existing cybersecurity tools to continuously validate that your safeguards are operational and compliant. It provides real-time cryptographic proof of performance, helping you streamline audits, insurance claims, and board reporting.

Tailsnitch audits Tailscale networks for misconfigurations and security issues. It checks for over 50 potential problems, including access control flaws and best practice violations, and provides options to fix issues directly through the Tailscale API. Users can customize reports and ignore known risks.

This article outlines how to use Google's Antigravity with AI to perform SEO audits based on the Quality Raters Guidelines. It details a process for assessing web pages against specific criteria and generating actionable reports. The approach aims to provide clear insights into what Google values in search results.

SecureMCP is a security auditing tool designed to identify vulnerabilities in applications utilizing the Model Context Protocol (MCP). It offers comprehensive scanning capabilities for threats such as OAuth token leakage and prompt injection vulnerabilities, providing detailed reports with remediation suggestions. The tool is suitable for AI developers, security teams, and auditors looking to enhance application security.

Explore how AI is revolutionizing traditional auditing and compliance processes in governance, risk, and compliance (GRC). The webinar covers best practices for integrating AI tools and highlights the benefits of automation in streamlining compliance efforts.

Petri is a tool designed for alignment auditing that facilitates rapid hypothesis testing by autonomously creating environments and conducting multi-turn audits using human-like messages. It allows researchers to evaluate models quickly and efficiently, surfacing concerning behaviors while emphasizing responsible usage to avoid harmful content generation. The tool supports local development and customization through API keys and offers command-line interface options for various model roles.

Auditing a Design System for accessibility is crucial to ensure that every product built upon it is inclusive and compliant with standards. The process involves setting an audit scope, selecting appropriate tools, and following a structured approach to identify and remediate accessibility issues at the system level, ultimately fostering a more accessible user experience.

Commit Stomping is a technique used to manipulate Git commit timestamps, misleading observers about when changes were made. This method can obscure the true timeline of code changes, complicating audits and incident investigations, and poses significant risks in software supply chain security. The article discusses how to execute this technique, its implications, and strategies for detection and prevention.

npq is a tool designed to audit npm packages before installation, enhancing security by checking for vulnerabilities, package age, download counts, and other criteria. It integrates seamlessly with npm and can be used with other package managers by specifying environment variables, thus ensuring a safer installation process for developers. However, it is important to note that no tool can guarantee absolute safety from malicious packages.

The article presents a new method for auditing usage, focusing on improving the efficiency and accuracy of usage audits. It emphasizes the importance of leveraging modern tools and techniques to gain better insights into user behavior and resource utilization. By implementing this approach, organizations can enhance their operational effectiveness and decision-making processes.

Verified Entity Identity Lock is a tool that identifies IAM principals in an AWS account that can assume specific permissions, facilitating the auditing of trust relationships. It outputs results in JSON format, allowing users to see who has access and to compare account IDs against a trusted list. The tool can be installed via the Go toolchain or by downloading a pre-built binary.

The article discusses the often-overlooked vulnerabilities associated with SCIM (System for Cross-domain Identity Management) implementations, emphasizing the need for comprehensive security audits beyond traditional Single Sign-On (SSO) concerns. It highlights common bugs, such as authentication bypasses and internal attribute manipulation, that can arise due to the complexities of integrating SCIM with various platforms. The author provides insights into potential attack vectors and best practices for securing SCIM systems.

A PowerShell tool for managing and auditing Role-Based Access Control (RBAC) in Microsoft Intune offers detailed insights into RBAC configurations, including role assignments and permissions. It features an interactive HTML report with security analysis, a permissions matrix, and a new security review dashboard to assess risk levels and security posture. Utility scripts facilitate specific RBAC management tasks such as exporting roles and assigning scope tags.

Delegations is a versatile tool designed for managing various types of Kerberos delegations in Active Directory, including auditing, adding, finding, clearing, and removing delegations. It supports multiple modes such as audit, add, clear, find, remove, and monitor, allowing users to efficiently manage both constrained and unconstrained delegations, as well as resource-based constrained delegations. The tool can be installed via GitHub or through a Go command, making it accessible for users needing to streamline delegation management.

WPAUDIT is a comprehensive WordPress security audit tool aimed at ethical hackers and security professionals, offering advanced features for vulnerability scanning and penetration testing. Its modular architecture allows for customizable scan profiles and integration with various security tools, making it an essential resource for thorough security assessments of WordPress installations. The documentation provides detailed guidance on setup, usage, and extending its functionalities.

The GitHub repository provides a collection of potentially dangerous API calls, known as "scary strings," that can assist in security auditing of source code. By identifying these strings, developers can spot vulnerabilities, verify safe handling practices, and enhance the overall security of their applications. The repository includes technology-specific wordlists and comments that could indicate areas for further investigation or potential security risks.

Hard-coded secrets in Docker images pose significant security risks, as they can be inadvertently leaked and exploited by attackers. A recent analysis of 15 million Docker images on DockerHub revealed over 100,000 valid secrets, many of which date back years, highlighting the need for organizations to regularly audit their Docker images to prevent potential breaches.

The resource provides a comprehensive guide on conducting audits and implementing linting for design system components within Figma. It emphasizes the importance of maintaining consistency and quality in design systems through systematic evaluations and automated checks. Users can utilize the provided tools and techniques to streamline the auditing process and enhance their design practices.

Go-over is a tool designed for auditing Erlang and Elixir dependencies in gleam projects, ensuring they are secure and up to date. While it supports various output formats and integrates with tools like Git and JavaScript, it currently does not monitor security advisories due to the newness of the gleam language. Users can configure caching, output formats, and ignore specific dependencies in their project's configuration file.

IAM Lens is a tool that enables users to analyze and audit IAM permissions across AWS accounts using collected IAM policies. It provides features to simulate requests, discover who can access resources, and evaluate effective permissions for principals. The tool enhances visibility into IAM configurations, allowing for better security and compliance management.

ssh-audit is a tool designed for auditing SSH server and client configurations, allowing users to assess security settings, recognize software and operating systems, and identify weaknesses in algorithms. It supports various features such as policy scans, key exchange analysis, and compatibility checks, and can be run on both Linux and Windows without dependencies. The tool includes built-in hardening guides and maintains compatibility with Python versions 3.9 to 3.13.