OP-Sec: The domain with the operational security scope, looking retroactively to security throughout operations within a process.
Nessus
"Take advantage of the industry's most trusted vulnerability assessment solution to assess the modern attack surface. Extend beyond your traditional IT assets -- secure cloud infrastructure and gain visibility into your internet-connected attack surface." 1
Non-Affiliate link: https://www.tenable.com/products/nessus
Atera
Yes you heard right, Atera...
"Atera's Network Discovery lets you scan for open ports on your customers' networks so you can discover and take action on these security vulnerabilities." 1
Burp Suite:
Burp Sanner
"Burp Suite's web vulnerability scanner
Built on years of leading research, Burp Scanner finds the vulnerabilities you need to eliminate." 1
Non-Affiliate link: https://portswigger.net/burp/vulnerability-scanner
Nmap
Do I really need to explain. This is the good-ole manual approach.
Load your favorite Linux distro and get to port scanning with or without built-in scripts, leveraging SearchSploit or Exploit Database to find known vulnerabilities.
Non-Affiliate link: https://nmap.org/
ConnectSecure
"One complete tool for client protection and compliance.
Why use several tools when one will get the job done? Purpose-built in collaboration with MSPs, our intuitive, multi-tenant, all-in-one B2B cybersecurity platform was designed for your ease of use. Whether you aim to run a vulnerability assessment, conduct vulnerability remediation, or ensure regulatory compliance, here’s your opportunity to exceed client expectations." 1
Non-Affiliate link: https://connectsecure.com/
PhishTool
"Forensic email analysis & incident response." 1
Non-Affiliate link: https://app.phishtool.com/sign-up/community
Microsoft Defender for Office 365
"Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats to email and collaboration tools, like phishing, business email compromise, and malware attacks." 1
Non-Affiliate link: Microsoft Defender for Office 365
ESET:
ESET Protect MDR
"Continuous protection for your evolving IT environment, superior multiplatform cyber risk management and world-class 24/7 ESET expertise on call." 1
Non-Affiliate link: https://www.eset.com/au/business/mdr-protection/
SentinelOne: Vigilance Response
"Vigilance Respond augments security teams with 24/7/365 Managed Detection
& Response." 1
Non-Affiliate link: https://www.sentinelone.com/global-services/vigilance-respond/
Huntress
"Huntress delivers a powerful suite of managed endpoint detection and response (EDR) capabilities—backed by a team of 24/7 threat hunters—to protect your business from today’s determined cybercriminals." 1
Non-Affiliate link: https://www.huntress.com/
TODYL - MXDR
"Our MXDR services leverage an interactive, risk-focused methodology across the entire security lifecycle—from prevention to detection to response—to keep you one step ahead of the latest threats." 1
Non-Affiliate link: https://www.todyl.com/managed-extended-detection-response
Elastic Stack:
Kibana
"Run data analytics at speed and scale for observability, security, and search with Kibana. Powerful analysis on any data from any source, from threat intelligence to search analytics, logs to application monitoring, and much more." 1
Non-Affiliate link: https://www.elastic.co/kibana/
Splunk
"Fend off threat actors. Diminish downtime. Fix issues faster. Do it all with Splunk, the key to enterprise resilience." 1
Non-Affiliate link: https://www.splunk.com/
TheHive
"A scalable and collaborative Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly." 1
Non-Affiliate link: https://www.strangebee.com/thehive
Wazuh
"Wazuh unifies historically separate functions into a single agent and platform architecture. Protection is provided for public clouds, private clouds, and on-premise data centers."1
TODYL - SIEM
"Todyl's SIEM module is cloud-first, delivering a single pane of glass for comprehensive visibility. Ingest endpoint and network data from the Todyl Security Platform with a few clicks. Over 250 pre-built integrations enable ingestion from data sources across your environment, including endpoint, network, hardware, cloud services, and more. Data is analyzed using Todyl's powerful detection and analysis engine, delivering actionable insights for known and unknown threats." 1
Non-Affiliate link: https://www.todyl.com/security-information-event-management
';--have i been pwned?
"Check if your email or phone is in a data breach" 1
Non-Affiliate link: https://haveibeenpwned.com/
CVE
"The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. " 1
Non-Affiliate link: https://www.cve.org/
NVD
"National Vulnerability Database
Only vulnerabilities that match ALL keywords will be returned, Linux kernel vulnerabilities are categorized separately from vulnerabilities in specific Linux distributions.
Search results will only be returned for data that is populated by NIST or from source of Acceptance Level "Provider." 1
Non-Affiliate link: https://nvd.nist.gov/vuln/search
Exploit-DB
"The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec...
​
The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away." 1
Non-Affiliate link: https://www.exploit-db.com/
SearchSploit
"Included in our Exploit Database repository on GitLab is searchsploit, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access." 1
Non-Affiliate link: https://www.exploit-db.com/searchsploit
Synk
"Snyk gives you the visibility, context, and control you need to work alongside developers on reducing application risk." 1
Non-Affiliate link: https://snyk.io/
= FREE OPT
= LOW COST
= MED COST
= HIGH COST
= CLOUD
= ON-PREM
Terms or Use