IT Security Audit. Open Source Solutions

Vulnerability Scanning & Penetration Testing

Cybersecurity (IT security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

Legal basis of the Republic of Moldova
Law no. 48/2023 on cyber security
Law no. 124/2022 on electronic identification and trust services
Law no. 142/2018 regarding data exchange and interoperability
Parliament decision no. 257/2018 on the approval of the Information Security Strategy of the Republic of Moldova for the years 2019–2024 and the Action Plan for its implementation to Law
Law no. 241/2007 on electronic communications
Law no. 133/2011 on the protection of personal data
Law no. 71/2007 regarding registers
Law no. 467/2003 regarding computerization and state information resources
Law no. 1069/2000 regarding IT

Legal basis of EU
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union

If any of the solutions interests you, or you think that it has a good perspective for development, or you can adapt the software to the needs of citizens, authorities, businesses or NGO-s in Moldova, then you can:

1. International Solutions

# Open Source Solution Web Licence
1 Google / OSV-Scanner
Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies.
OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners. BSD-3
2 Hack-with-Github / Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers.
no website CC0-1.0
3 sqlmapproject / sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections. GNU
4 sullo / nikto
Nikto web server scanner. GPL-2.0
5 aquasecurity / cloudsploit
CloudSploit by Aqua – Cloud Security Scans.
CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks. GPL-3.0
6 OWASP / Nettacker
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. Apache-2.0
7 OWASP / www-project-zap
OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Great for pentesters, devs, QA, and CI/CD integration. Apache-2.0
8 greenbone / openvas-scanner
This repository contains the scanner component for Greenbone Community Edition.…/openvas-scanner GPL-2.0
9 OpenSCAP / openscap
Open Source Security Compliance Solution.
The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. LGPL-2.1
10 wapiti-scanner / wapiti
Web vulnerability scanner written in Python3. GPL-2.0

2. Outdated solutions

The Open Source Solutions that does not update more than 1 year, but potentially could be interesting to End Users.
We don’t make any recommendations to use or not to use the solutions listed below. Your decision is fully up to you.

# Open Source Solution Web Licence
1 craigz28 / firmwalker
A simple bash script for searching the extracted or mounted firmware file system.
It will search through the extracted or mounted firmware file system for things of interest.
No website GPL-3.0