- Set NOPASSWD for passwd command only instead of all commands
These tools need manual execution tests and afterward added to the final image:
- etckeeper
- vim, nano
- yq, xq
- clairvoyance
- cherrybomb [firecracker renamed to cherrybomb, needs testing]
- List all tools not found in path
- Fix tools with
"path": null
These tools are included in the 'api-security-toolbox' image
- Ciphey, that automatically decrypt's encryptions without knowing the key or cipher, decode encodings, and crack hashes.
- openapi_security_scanner - fix RUN lines for openapi_security_scanner
- restler-fuzzer
- fix RUN lines for restler-fuzzer
- sslscan2
- dependencies alpine-sdk, perl, zlib-dev, linux-headers, openssl, curl, unzip, git
- sslscan docker image layers
- httpX
- proxify
- jq
- yq
- git
- strace and gdb
These following tools are only available through docker-compose in utils folder
- hoppscotch, an Open source API development ecosystem called.
- CyberChef, the Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
- reconmap, a VAPT (vulnerability assessment and penetration testing) automation and reporting platform.
- zaproxy, the OWASP Zed Attack Proxy (ZAP) can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
Task related with image tools report
- Enumerate the tools installed in 'apisec-toolbox' in a file ? - txt
- evaluate the proper output for tools report (CSV, JSON) ? - JSON
- evaluate appropriate languange for building the report (Python, Golang, Other) ? - Python
- Add name, path and sha256sum os each tool to a report file
- verify if tools binaries or scripts are in the image path
- create a github workflow for checking if tools inside container image