Search Results for "exploit"
Sort By:
Showing 172 open source projects for "exploit"
View related business solutions-
Whether natural disaster, cyberattack, or plain-old human error, data can disappear in the blink of an eye. ConnectWise BCDR (formerly Recover) delivers reliable and secure backup and disaster recovery backed by powerful automation and a 24/7 NOC to get your clients back to work in minutes, not days.
-
Chat with your business data with Looker. More than just a modern business intelligence platform, you can turn to Looker for self-service or governed BI, build your own custom applications with trusted metrics, or even bring Looker modeling to your existing BI environment.
-
1
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission. Here you will find... -
2
Infection Monkey
Infection Monkey is a automated security testing tool for networks
Infection Monkey is a open source automated security testing tool for testing a network's security baseline. Monkey is a tool that infects machines and propagates and Monkey Island is the server for an administrator to control and visualize progress of Infection Monkey. -
3
pwndbg
Exploit Development and Reverse Engineering with GDB Made Easy
Pwndbg is a fast, simple and lightweight tool for modern debugging. It improves debugging experience with the strength of GDB for low-level software developers, hardware hackers, reverse engineers, and exploit developers. It provides features crucial for efficient debugging in the world of low-level programming. Vanilla GDB is terrible to use for reverse engineering and exploit development. Typing x/g30x $esp is not fun, and does not confer much information. The year is 2024 and GDB still lacks... -
4
Pwntools
CTF framework and exploit development library
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Whether you’re using it to write exploits, or as part of another software project will dictate how you use it. Historically pwntools was used as a sort of exploit-writing DSL. Simply doing from pwn import in a previous version of pwntools would bring all sorts of nice side-effects. This version imports... -
Dialogflow can analyze multiple types of input from your customers, including text or audio inputs (like from a phone or voice recording). It can also respond to your customers in a couple of ways, either through text or with synthetic speech. Dialogflow CX and ES provide virtual agent services for chatbots and contact centers. If you have a contact center that employs human agents, you can use Agent Assist to help your human agents. Agent Assist provides real-time suggestions for human agents while they are in conversations with end-user customers.
-
5
DwarFS
A fast high compression read-only file system for Linux, Windows
The Deduplicating Warp-speed Advanced Read-only File System. A fast high compression read-only file system for Linux and Windows. DwarFS is a read-only file system with a focus on achieving very high compression ratios in particular for very redundant data. This probably doesn't sound very exciting, because if it's redundant, it should compress well. However, I found that other read-only, compressed file systems don't do a very good job at making use of this redundancy. See here for a... -
6
Payloads All The Things
A list of useful payloads and bypass for Web Application Security
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares. -
7
SecretScanner
Find secrets and passwords in container images and file systems
Deepfence SecretScanner can find unprotected secrets in container images or file systems. Secrets are any kind of sensitive or private data that gives authorized users permission to access critical IT infrastructure (such as accounts, devices, networks, cloud based services), applications, storage, databases, and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key etc. are secrets. Secrets should be strictly kept... -
8
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
... to exploit the underlying vulnerabilities. The hacking progress is tracked on a scoreboard. Finding this scoreboard is actually one of the (easy) challenges! Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs. -
9
GEF
Modern experience for GDB with advanced debugging capabilities
GEF is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old-school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. Application developers will also benefit from it, as GEF lifts a great part of regular GDB obscurity, avoiding repeating traditional commands or bringing out the relevant information from the debugging runtime. -
Save time, money and your sanity. Deluxe Payment Exchange+ (DPX+) is our integrated payments solution that streamlines and automates your accounts payable (AP) disbursements. DPX+ ensures secure payments and offers suppliers alternate ways to receive funds, including mailed checks, ACH, virtual credit cards, debit cards, or eCheck payments. By simply integrating with your existing accounting software like QuickBooks®, you’ll implement efficient payment solutions for AP with ease—without costly development fees or untimely delays.
-
10
ThreatMapper
Open source cloud native security observability platform
Thousands of companies trust Deepfence to secure their most critical cloud workloads and applications with a unified platform. Experience rapid threat detection and remediation, while significantly reducing non-critical security alerts by 90%. Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk of exploit. It uncovers vulnerable software components, exposed secrets, and deviations from good security practices. ThreatMapper uses... -
11
PowerSimulationsDynamics.jl
Julia package to run Dynamic Power System simulations
PowerSimulationsDynamics.jl is a Julia package for power system modeling and simulation of Power Systems dynamics. -
12
Kubernetes Goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment
Learn to attack or find security issues, misconfigurations, and real-world hacks within containers, Kubernetes, and cloud-native environments. Enumerate, exploit, and gain access to the workloads right from your browser. Understand how attackers think, work, and exploit security issues, and apply these learnings to detect and defend them. Also, learn best practices, defenses, and tools to mitigate, and detect in the real world. Learn the hacks, defenses, and tools. So that you can think like... -
13
PowerSimulations.jl
Julia for optimization simulation and modeling of PowerSystems
PowerSimulations.jl is a Julia package for power system modeling and simulation of Power Systems operations. Provide a flexible modeling framework that can accommodate problems of different complexity and at different time scales. Streamline the construction of large-scale optimization problems to avoid repetition of work when adding/modifying model details. Exploit Julia's capabilities to improve computational performance of large-scale power system quasi-static simulations. The flexible... -
14
Skytable
Skytable is a fast, secure and reliable realtime NoSQL database
... to exploit all CPU cores which helps lower your TCO. Written in Rust with expert analyzed unsafe code for memory safety and TLS for encrypted connections. Have 1MB memory? That's all Skytable needs. With no platform-specific dependencies, Skytable can virtually run on anything that has an OS. Features like keyspaces, tables, data types, authn+authz, snapshots and more are ready for you to use while we're working on several new data models and features. -
15
The Operator Splitting QP Solver
The Operator Splitting QP Solver
OSQP uses a specialized ADMM-based first-order method with custom sparse linear algebra routines that exploit structure in problem data. The algorithm is absolutely division-free after the setup and it requires no assumptions on problem data (the problem only needs to be convex). It just works. OSQP has an easy interface to generate customized embeddable C code with no memory manager required. OSQP supports many interfaces including C/C++, Fortran, Matlab, Python, R, Julia, Rust. -
16
KubiScan
A tool to scan Kubernetes cluster for risky permissions
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track. KubiScan gathers information about risky roles\clusterroles, rolebindings\clusterrolebindings, users and pods... -
17
ProxSDP.jl
Semidefinite programming optimization solver
ProxSDP is an open-source semidefinite programming (SDP) solver based on the paper "Exploiting Low-Rank Structure in Semidefinite Programming by Approximate Operator Splitting". The main advantage of ProxSDP over other state-of-the-art solvers is the ability to exploit the low-rank structure inherent to several SDP problems. -
18
LaTeXStrings.jl
convenient input and display of LaTeX equation strings for Julia
This is a small package to make it easier to type LaTeX equations in string literals in the Julia language, written by Steven G. Johnson. With ordinary strings in Julia, to enter a string literal with embedded LaTeX equations you need to manually escape all backslashes and dollar signs: for example, $\alpha^2$ is written \$\\alpha^2\$. Also, even though IJulia is capable of displaying formatted LaTeX equations (via MathJax), an ordinary string will not exploit this. -
19
Q4OS
Efficient, Rock Stable Operating System
... to unique Q4OS tools a user can rather easily achieve setup of a fitted system eliminating superfluous packages and libraries. Therefore Q4OS performs faster and more efficient, doesn't exploit memory and computing resources with useless tasks and processes. Another exclusive Q4OS feature is an optimized support for setting up Trinity desktop environment alongside the default Plasma desktop. Installed side by side, carefully separated, both ready to run as needed. Just select one at login. -
20
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
.... The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a score board. Finding this score board is actually one of the (easy) challenges! Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs. -
21
... to the machine ssh test@<ip.seen.from.console> 4. If you get a prompt of SSH keys being accepted, you are in a good shape to continue. 5. Perform an NMAP scan like how Trinity did to hack the grid! try all ports :) 6. Good luck and enjoy the CTF! Learning Pre-Requisites - This VM does not require exploiting a CVE, or use of MetaSploit/Commercial exploit tools. - Requires intermediary knowlege of linux as it is based on Alpine.
-
22
Linux out of the box VM images
Linux Open Virtual Appliance (OVA) images for virtual machines (VMs)
... in a virtual machine (VirtualBox, VMware, etc.). You will have Linux running in under 1 minute, after which you can exploit the full range of possible uses. Regardless of whether you use it privately on your computer or even operate it with a cloud computing provider. Immerse yourself immediately in the Linux world and explore its possibilities and grow with your tasks. If you like this project consider donating. https://linux-out-of-the-box-vm-images.sourceforge.io/donate/ -
23
Kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is important... -
24
Stars! Nova is a clone of the classic 4X space strategy game Stars!. While nowhere near the functionality of Stars! quite a few features have been implemented so far. See the Nova web page for details.
-
25
FormaVid
Small Business Appliance
The FormaVid Small Business Appliance https://formavid.org is designed to integrate a content management system (CMS), an issues tracker and an invoicing application into a single, well constructed, offering. It is an excellent starting point for any developer(s) wishing to support the CMS or any of the other components, including the appliance itself. All components are stable, open source and well supported. The appliance is built using scripts so no hidden "monkey business" and you can...