Showing 58 open source projects for "attack detection"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 1
    AzureAD Attack Defense

    AzureAD Attack Defense

    This publication is a collection of various common attack scenarios

    AzureAD-Attack-Defense is a community-maintained playbook that collects common attack scenarios against Microsoft Entra ID (formerly Azure Active Directory) together with detection and mitigation guidance. The repository is organized into focused chapters — for example: Password Spray, Consent Grant, Service Principals in Azure DevOps, Entra Connect Sync Service Account, Replay of Primary Refresh Token (PRT), Entra ID Security Config Analyzer, and Adversary-in-the-Middle — each written to explain the attack, show detection approaches, and recommend mitigation steps. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 2
    Splunk Attack Range

    Splunk Attack Range

    A tool that allows you to create vulnerable environments

    The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 3
    AUR Malware Check

    AUR Malware Check

    Detection tools for the June 2026 atomic-lockfile AUR supply-chain

    AUR Malware Check is a community repository for detecting exposure to the June 2026 atomic-lockfile supply-chain attack against the Arch User Repository. It collects scattered indicators, affected package lists, and detection scripts into one place for easier review and contribution. The project helps users compare installed AUR packages against known compromised package lists. It also includes checks for related package-manager cache artifacts and supports broader historical scans through pacman logs. ...
    Downloads: 11 This Week
    Last Update:
    See Project
  • 4
    RedAmon

    RedAmon

    AI-powered framework for automated penetration testing and red teaming

    RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting...
    Downloads: 9 This Week
    Last Update:
    See Project
  • Train ML Models With SQL You Already Know Icon
    Train ML Models With SQL You Already Know

    BigQuery automates data prep, analysis, and predictions with built-in AI assistance.

    Build and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
    Try Free
  • 5
    Web-Check

    Web-Check

    All-in-one OSINT tool for analysing any website

    Comprehensive, on-demand open source intelligence for any website. Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance,...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 6
    Arcjet

    Arcjet

    Arcjet JS SDKs. Rate limiting, bot protection, email verification

    Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, and defense against common attacks. Native security for Bun, Next.js, Node.js, SvelteKit, Vercel, Netlify, Fly.io, and other modern platforms. Customizable protection for signup forms, login pages, API routes, and your whole app. Test security rules locally. Protection that works in every environment. No agent is required.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 7
    tirith

    tirith

    Your browser catches homograph attacks

    Tirith is a terminal security guardrail that inspects what you paste or run in your shell and blocks or warns on suspicious patterns before execution, addressing an area where terminals traditionally provide almost no protection. It targets real-world attack classes like Unicode homograph URLs (lookalike domains), terminal injection tricks (ANSI escape sequences and bidi overrides), and “pipe-to-shell” installation patterns such as curl | bash that attackers frequently abuse. The project...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 8
    GOAD (Game of Active Directory)

    GOAD (Game of Active Directory)

    game of active directory

    GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 9
    Claw Hunter

    Claw Hunter

    MDM-ready scripts for detecting and monitoring OpenClaw

    Claw Hunter is an open-source security tool designed to detect, analyze, and mitigate risks associated with autonomous AI agents, specifically those built on platforms like OpenClaw. As agentic AI systems gain popularity, they introduce a new class of security challenges because they can execute commands, access files, and interact with external systems with minimal human oversight. Claw-Hunter addresses this emerging threat landscape by providing visibility into these agents, helping...
    Downloads: 0 This Week
    Last Update:
    See Project
  • Build Agents and Models on One Platform Icon
    Build Agents and Models on One Platform

    Everything you need to build production-ready agents and models. Access 200+ Google and third-party AI models and tools.

    Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
    Try It Free
  • 10
    Coraza

    Coraza

    OWASP Coraza WAF is a golang modsecurity compatible firewall library

    ...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 11
    xsrfprobe

    xsrfprobe

    Advanced toolkit for detecting and exploiting CSRF vulnerabilities

    XSRFProbe is an advanced security auditing toolkit designed to detect and analyze Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 12
    SSRFmap

    SSRFmap

    Automatic SSRF fuzzer and exploitation tool

    SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    GmSSL

    GmSSL

    Password toolbox that supports national secret

    GmSSL is an open source library of domestic commercial ciphers independently developed by Peking University. It realizes comprehensive functional coverage of national secret algorithms, standards, and secure communication protocols. It supports mainstream operating systems and processors including mobile terminals, and supports cryptographic keys, Cipher cards and other typical domestic cryptographic hardware provide feature-rich command line tools and multiple compiled language programming...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 14
    sqlmap

    sqlmap

    Automatic SQL injection and database takeover tool

    sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also...
    Downloads: 11 This Week
    Last Update:
    See Project
  • 15
    Hardened Slarpx

    Hardened Slarpx

    Experimental hardened Linux based on Xennytsu,Poison,Silencer engine

    WARNING: EXPERIMENTAL / UNSTABLE RESEARCH PROJECT. NOT INTENDED FOR DAILY USE. Hardened Slarpx is a Debian-based Linux distribution built with a strict security-first approach. It uses a multi-layered defense model with aggressive mitigations and extensive kernel-level hardening. Due to its highly restrictive firewall policy, anonymization tools and certain network protocols are intentionally unsupported. The distribution includes there custom runtime security modules: Poison , Xennytsu...
    Leader badge
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    silverbullet config AdsVictory

    silverbullet config AdsVictory

    A modular SilverBullet configuration for authorized password‑audit

    This SilverBullet configuration provides a lightweight, scriptable environment to perform controlled security assessments on the AdsVictory platform. It integrates directly into SilverBullet’s notebook interface, allowing you to run password‑cracking simulations, dictionary attacks, and login brute‑force tests – all from within your markdown pages. Important: This tool is intended only for ethical security testing on systems you own or have explicit written permission to test....
    Downloads: 2 This Week
    Last Update:
    See Project
  • 17
    Network Flight Simulator

    Network Flight Simulator

    A utility to safely generate malicious network traffic patterns

    flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    Seven Kingdoms: Ambition

    Seven Kingdoms: Ambition

    An enhanced version of 7K:AA (Seven Kingdoms: Ancient Adversaries).

    Seven Kingdoms: Ambition is a real-time game of epic strategy and empire building featuring economy management, warfare, and intrigue. It is an updated and enhanced version of 7kaa (7K: Ancient Adversaries) featuring numerous fixes and improvements. https://discord.gg/xJs99xK38G Begin with a single, modest village under your command, and an entire world to be conquered by force of arms, guile, persuasion, or whatever other means you choose. Wage open warfare on your rivals, or forge...
    Downloads: 38 This Week
    Last Update:
    See Project
  • 19

    RotorCrypt X

    Free offline encryption – Enigma + AES-256-GCM – no cloud

    RotorCrypt X is a free offline hybrid encryption software for Windows 10/11 that protects private messages with six independent cryptographic layers — making interception practically impossible even if all stored files are compromised. Six cryptographic layers: Enigma rotor cipher with up to 50 rotors and 241-digit key combinations. AES-256-GCM military-grade authenticated encryption. HKDF-SHA3-256 key derivation with Perfect Forward Secrecy. Argon2id password hardening — 256 MB RAM per...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Adaptive Intelligence

    Adaptive Intelligence

    Adaptive Intelligence also known as "Artificial General Intelligence"

    Adaptive Intelligence is the implementation of neural science, forensic psychology , behavioral science with machine-learning and artificial intelligence to provide advanced automated software platforms with the ability to adjust and thrive in dynamic environments by combining cognitive flexibility, emotional regulation, resilience, and practical problem-solving skills.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    Darklings FightingGame

    Darklings FightingGame

    DARKLINGS is an accessible F2P 2D fighting game with periodic updates

    Darklings Fighting Game is a 2D fighting game prototype built in Godot Engine, featuring stylized characters, hitboxes, and responsive controls. It serves as a base or learning tool for developers interested in building their own fighting games with modular character systems and mechanics.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 22
    VcenterKit

    VcenterKit

    Vcenter Comprehensive Penetration and Exploitation Toolkit

    VcenterKit is a Python-based toolkit focused on penetration testing and exploitation targeting VMware vCenter environments, giving security researchers and red team professionals a consolidated toolset to assess and exploit known vulnerabilities. The project includes modules that automate the detection and exploitation of specific CVEs (common vulnerabilities and exposures) in vCenter servers, often used to manage virtual infrastructure in enterprise environments. With features tailored toward reconnaissance, vulnerability triggering, and payload generation, the toolkit helps testers simulate real-world attack vectors on vulnerable vCenter instances. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    Infection Monkey

    Infection Monkey

    Infection Monkey is a automated security testing tool for networks

    Infection Monkey is a open source automated security testing tool for testing a network's security baseline. Monkey is a tool that infects machines and propagates and Monkey Island is the server for an administrator to control and visualize progress of Infection Monkey.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 24
    DeepBlueCLI

    DeepBlueCLI

    PowerShell Module for Threat Hunting via Windows Event Logs

    ...The codebase includes helpers for command-line decoding and de-obfuscation (automatic base64/deflate handling), safelisting/hash workflows (DeepBlueHash), and sample EVTX files so teams can test the tool on realistic attack traces.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 25
    BadBlood

    BadBlood

    Flls Microsoft Active Directory Domain with a structure

    ...It intentionally randomizes its output on every run so the created domain, objects, and ACL relationships are different each time, which helps teams exercise tooling and detection logic against varied scenarios. The project is driven by a single entry script (Invoke-BadBlood.ps1) and a collection of modular components that create OUs, seed users and groups, set ACLs, configure LAPS scenarios, and generate other attack/defense artifacts for lab use. Because it modifies a real AD forest, BadBlood requires high privileges (Domain Admin and Schema Admin) to run and the README warns strongly that it is not responsible for cleanup if used in production.
    Downloads: 2 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • Next