Automation to assess the state of your M365 tenant against CISA's baselines

A DFIR tool written in Python.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace

A daily updated summary of the most frequent types of security advisories currently being reported from different sources.

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

This repository contains curated ISACA CISA (Certified Information Systems Auditor) exam dump questions and study material. It is designed to help candidates prepare for the CISA certification exam by providing access to a wide range of practice questions and learning resources.

Daily archiver & triage issue creator for new releases of CISA's Known Exploited Vulnerabilities list

Native cloud infrastructure for automatically running ScubaGear/ScubaGoggles

KEV EPSS Data

Build a CVE library with aggregated CISA, EPSS and CVSS data

Detection for CVE-2025-8875 & CVE-2025-8876

CISA Known Exploited Vulnerabilities Catalog Enrichment

Crosswalk Nessus findings with the CISA Known and Exploited Vulnerabilities (KEV) catalog.

CISA Study Material

Terminal UI for searching CISA Known Exploited Vulnerabilities (KEV) catalog with EPSS exploit probability scores.

Scraper for daily renewal of the Known Exploited Vulnerabilities Catalog by CISA

An Ansible role for installing and configuring the Nessus Agent for the CISA CDM environment.

Unified vulnerability intelligence platform - CVE data, CVSS scores, EPSS predictions, CISA KEV, exploit tracking, and risk scoring in one place.

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.