Search Results for "command injection"
Sort By:
Showing 98 open source projects for "command injection"
View related business solutions-
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Go from Code to Production URL in SecondsSkip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
1
SafeLine
Serve as a reverse proxy to protect your web services from attacks
...A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. ... -
2
react2shell-scanner
High Fidelity Detection Mechanism for RSC/Next.js RCE
react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. This is especially valuable for projects that mix web UIs with server-side scripting, developer tooling, or plugin ecosystems where untrusted input could enter execution paths. ... -
3
Symfony FrameworkBundle
Provides a tight integration between Symfony components
Symfony Framework Bundle is the core bundle of the Symfony PHP framework, providing the essential components and configuration needed to build robust web applications. It integrates various Symfony components, such as routing, templating, and dependency injection, into a cohesive structure. This bundle serves as the foundation for Symfony applications and enables developers to efficiently manage routes, templates, services, and more. -
4
NoneBot
Asynchronous multi-platform robot framework written in Python
...NoneBot2 provides an easy-to-use, interactive command-line tool -- nb-cli, making it easier to get started with NoneBot2 for the first time. The plug-in system is the core of NoneBot2, through which the modularization and function expansion of the robot can be realized, which is convenient for maintenance and management. -
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
5
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also... -
6
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these... -
7
Sec-Context
AI Code Security Anti-Patterns distilled from 150+ sources
...It compiles insights from over 150 industry and academic sources into structured reference documents that outline real-world security problems such as hardcoded secrets, SQL injection, cross-site scripting, command injection, weak password storage, and other frequent issues that occur when code is auto-generated without context of best practices. Each anti-pattern is paired with a secure coding alternative and explanation, offering educational value for both humans and automated review agents designed to flag or correct unsafe patterns. -
8
dotenvx
A secure dotenv–from the creator of `dotenv`
dotenvx is an enhanced environment variable loader and manager that builds on the original dotenv concept by adding strong encryption and cross-platform tooling, making it safer to work with .env files in development and production environments. Designed by the creator of the classic dotenv library, dotenvx preserves the familiar workflow while adding safeguards against one of the biggest risks with plain environment files: plaintext secrets exposure. It offers CLI commands that can encrypt... -
9
tirith
Your browser catches homograph attacks
Tirith is a terminal security guardrail that inspects what you paste or run in your shell and blocks or warns on suspicious patterns before execution, addressing an area where terminals traditionally provide almost no protection. It targets real-world attack classes like Unicode homograph URLs (lookalike domains), terminal injection tricks (ANSI escape sequences and bidi overrides), and “pipe-to-shell” installation patterns such as curl | bash that attackers frequently abuse. The project emphasizes local-only analysis with no telemetry and no background daemons, so it can run offline and keep sensitive command context on-device. It integrates into popular shells via hooks (zsh, bash, fish, and PowerShell), including paste-aware protections so hidden characters or malicious rewrites get caught at the moment they enter the terminal. -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
Squel
SQL query string builder for Javascript
Squel is a JavaScript library for fluent and safe SQL query string building, usable both in Node.js environments and in the browser. Works in Node.js and in the browser. Supports the standard SQL queries: SELECT, UPDATE, INSERT, and DELETE. Supports non-standard commands for popular DB engines such as MySQL. Supports parameterized queries for safe value escaping. It can be customized to build any query or command of your choosing. Uses method chaining for ease of use. -
11
Nunu
A CLI tool for building Go applications
Nunu is a CLI scaffolding tool for building Go applications; it aggregates and encapsulates popular Go ecosystem libraries to provide a modular, high‑performance, extensible foundation, complete with documentation and test support. Nunu is a scaffolding tool for building Go applications. Its name comes from a game character in League of Legends, a little boy riding on the shoulders of a Yeti. Just like Nunu, this project stands on the shoulders of giants, as it is built upon a combination of... -
12
Laravel Installer
The Laravel application installer
Laravel is a web application framework with expressive, elegant syntax. A web framework provides a structure and starting point for creating your application, allowing you to focus on creating something amazing while we sweat the details. Laravel strives to provide an amazing developer experience while providing powerful features such as thorough dependency injection, an expressive database abstraction layer, queues, and scheduled jobs, unit and integration testing, and more. There are a... -
13
Slim
PHP micro framework that helps you quickly write web applications
...Slim supports dependency injection so you have complete control of your external tools. Use any Container-Interop container. Before you can get up and running with Slim you will need to choose a PSR-7 implementation that best fits your application. -
14
papermill
Parameterize, execute, and analyze notebooks
papermill is a Python library and command-line tool that transforms Jupyter Notebooks into repeatable, parameterized workflows by allowing users to define editable parameters within notebooks and then programmatically execute them with different inputs. Instead of manually opening and running a notebook inside JupyterLab or Notebook every time, Papermill lets you inject new values into a specially tagged parameters cell and execute the entire notebook automatically via a script or automation... -
15
SafeClaw
Chat with it via text and voice
SafeClaw is an open-source, entirely local alternative to cloud-based AI assistants like OpenClaw, enabling users to build a personal assistant that runs on their own machine without incurring API usage charges or exposing data to third-party services. It emphasizes privacy and predictability by using traditional programming, rule-based intent parsing, and established machine learning tools rather than large language models, meaning there are no per-token API costs and deterministic... -
16
garak
The LLM vulnerability scanner
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated periodically. garak has its own dependencies, you can to install garak in its own Conda environment. garak needs to know what model to scan, and by default, it'll try all the probes it knows on that model, using the vulnerability detectors recommended by each probe. ... -
17
Micronaut
Micronaut Application Framework
Micronaut is a modern, JVM-based, full-stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin, and the Groovy language. Micronaut is developed by the creators of the Grails framework and takes inspiration from lessons learned over the years building real-world applications from monoliths to microservices using Spring, Spring Boot, and Grails. Micronaut aims to provide all the tools necessary to build JVM applications. With Micronaut... -
18
AngularFire
The official Angular library for Firebase
AngularFire smooths over the rough edges an Angular developer might encounter when implementing the framework-agnostic Firebase JS SDK & aims to provide a more natural developer experience by conforming to Angular conventions. Provide and Inject Firebase services in your components. Stable zones allow proper functionality of service workers, forms, SSR, and pre-rendering. Utilize RxJS rather than callbacks for realtime streams. Integrate with NgRx using AngularFire's action based APIs.... -
19
Claude Code Security Reviewer
An AI-powered security review GitHub Action using Claude
The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning),... -
20
Activiti
Light-weight workflow and business process management pltaform
Helping businesses solve automation challenges in distributed, highly-scalable and cost effective infrastructures. Activiti is the leading lightweight, java-centric open-source BPMN engine supporting real-world process automation needs. Activiti Cloud is now the new generation of business automation platform offering a set of cloud native building blocks designed to run on distributed infrastructures. Inmutable, scalable & pain free Process & Decision Runtimes designed to integrate with your... -
21
AWS X-Ray SDK for Go
AWS X-Ray SDK for the Go programming language
AWS X-Ray recommends using AWS Distro for OpenTelemetry (ADOT) to instrument your application instead of this X-Ray SDK due to its wider range of features and instrumentations. See the AWS X-Ray docs on Working with Go for more help with choosing between ADOT and X-Ray SDK. Install the SDK using the following command (The SDK's non-testing dependencies will be installed): Use go get to retrieve the SDK to add it to your GOPATH workspace. X-Ray Go SDK will by default generate no-op trace and segment id for unsampled requests and secure random trace and entity id for sampled requests. If customer wants to enable generating secure random trace and entity id for all the (sampled/unsampled) requests (this is applicable for trace id injection into logs use case) then they achieve that by setting AWS_XRAY_NOOP_ID environment variable as False. -
22
waymap
Waymap is a fast and optimized web vulnerability scanner
...Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads. Features Overview Latest Update v5.2.1 New Sql Injection Scanning Module High Accuracy And Less False Positive Access it using: --scan sqli v5.3.1 Added Boolean Based Sqli Testing (OWN LOGIC) High Accuracy, Can Give False Positive Sometimes Access it using: --scan sqli Waymap Features Vulnerability Scanning Modules: SQL Injection (SQLi) Command Injection Server-Side Template Injection (SSTI) Cross-Site Scripting (XSS) with filter bypass payload testing Local File Inclusion (LFI) Open Redirect Carriage Return and Line Feed (CRLF) Cross-Origin Resource Sharing (CORS) Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2) -
23
Hullu Vulnerable System
Pentesting OVA, suits VMware or VirtualBox
...Pre-installed Tools and Services: + Web Stack: - Python3 + Flask - Apache2 with HTTPS - PHP + MySQL (MariaDB) - phpMyAdmin - FlaskVA (Python-based vulnerable app) https://github.com/kaledaljebur/FlaskVA - DVWA (PHP-based vulnerable app) https://github.com/digininja/DVWA + Protocols Simulated: - HTTP / HTTPS - SSH / SFTP - SMB (under constructions) - DNS (under constructions) - FTP / FTPS (under constructions) + In FlaskVA (Python-based): - SQL Injection - Command Injection - File Upload (with SUID exploit vector) - XSS - SSRF - IDOR This is the first version of Hullu, more details are coming. Please contact me if you have any questions or suggestions. Regards, Kaled Aljebur. -
24
Secure Protocol Format
Generic binary protocol library that prevents injection attacks
...In addition to delimiting data by length, it also affords programmers the ability to use text for describing data, just like tags are used in HTML and XML. Thus, SPF provides a simple and practical approach to preventing command injection attacks while allowing text to describe data. -
25
DialogVisitorAvalonia
Using the Visitor Pattern to Maintain MVVM Layering in Avalonia
...This article describes a simplified approach using a modified Visitor Pattern (Gamma, et al, Design Patterns) and dependency injection (DI) to maintain the separation of layers.
