
Criminal IP's Attack Surface Management (ASM) is an intelligence-driven platform designed to continuously identify, catalog, and oversee all internet-connected assets linked to an organization, including overlooked and shadow resources, enabling teams to understand their actual external exposure from the perspective of potential attackers. This solution integrates automated asset detection with open-source intelligence (OSINT) methods, artificial intelligence enhancements, and sophisticated threat intelligence to reveal exposed hosts, domains, cloud services, IoT devices, and other internet-facing entry points, while also collecting evidence such as screenshots and metadata, and linking findings to known vulnerabilities and attacker techniques. By evaluating exposures through the lens of business relevance and risk, ASM emphasizes vulnerable elements and misconfigurations, providing instantaneous alerts and interactive dashboards that facilitate quicker investigations and remediation efforts. Furthermore, this comprehensive tool empowers organizations to proactively manage their security posture, ensuring that they remain vigilant against emerging threats.
Learn more
Aikido is the all-in-one security platform for development teams to secure their complete stack, from code to cloud. Aikido centralizes all code and cloud security scanners in one place.
Aikido offers a range of powerful scanners including static code analysis (SAST), dynamic application security testing (DAST), container image scanning, and infrastructure-as-code (IaC) scanning.
Aikido integrates AI-powered auto-fixing features, reducing manual work by automatically generating pull requests to resolve vulnerabilities and security issues. It also provides customizable alerts, real-time vulnerability monitoring, and runtime protection, enabling teams to secure their applications and infrastructure seamlessly.
Learn more
Crashtest Security
Crashtest Security, a SaaS-based security vulnerability scanner, allows agile development teams to ensure continuous security even before reaching Production.
Our state-of the-art dynamic application security test (DAST), integrates seamlessly into your development environment and protects multipage and JavaScript applications, as well microservices and APIs.
Crashtest Security Suite can be set up in minutes. You will also have advanced crawling options and the ability to automate your security. Crashtest Security can help you keep your code and customers safe by allowing you to see vulnerabilities in the OWASP Top 10.
Learn more
Scapy
Scapy is an advanced, interactive tool designed for packet manipulation. It excels in crafting and interpreting packets across a multitude of protocols, facilitating their transmission, capturing data, and correlating requests with responses, among various other functionalities. This versatile program can efficiently perform traditional tasks such as scanning, tracerouting, probing, unit testing, executing attacks, and discovering networks, effectively replacing tools like hping, a significant portion of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, and p0f. Furthermore, Scapy stands out in executing specialized tasks that other utilities struggle with, including the transmission of invalid frames and the injection of custom 802.11 frames, as well as employing techniques like VLAN hopping combined with ARP cache poisoning or VOIP decoding over WEP-encrypted channels. It is compatible with various operating systems, including Linux, Windows, OSX, and most Unix variants that utilize libpcap. Notably, the same codebase supports both Python 2 and Python 3, showcasing its versatility. The development of Scapy is managed through the Git version control system, with its primary repository available on GitHub, allowing for collaborative improvements and updates. As a result, users benefit from continuous enhancements that keep pace with the evolving landscape of network security and analysis.
Learn more