Search Results for "vulnerable web"
Sort By:
Showing 51 open source projects for "vulnerable web"
View related business solutions-
SKUDONET ADC, operates at the application layer, efficiently distributing network load and application load across multiple servers. This not only enhances the performance of your application but also ensures that your web servers can handle more traffic seamlessly.
-
ConnectWise ScreenConnect, formerly ConnectWise Control, is a remote support solution for Managed Service Providers (MSP), Value Added Resellers (VAR), internal IT teams, and managed security providers. Fast, reliable, secure, and simple to use, ConnectWise ScreenConnect helps businesses solve their customers' issues faster from any location. The platform features remote support, remote access, remote meeting, customization, and integrations with leading business tools.
-
1
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty... -
2
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt... -
3
pagodo
Automate Google Hacking Database scraping and searching
pagodo automates Google searching for potentially vulnerable web pages and applications on the Internet. It replaces manually performing Google dork searches with a web GUI browser. There are 2 parts. The first is ghdb_scraper.py that retrieves the latest Google dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py. This version of pagodo also supports native HTTP(S) and SOCKS5 application support, so no more wrapping it in a tool like proxychains4... -
4
FingerprintJS
Browser fingerprinting library
FingerprintJS is a source-available, client-side, browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode and even when browser data is purged. Since FingerprintJS processes and generates the fingerprints from within the browser itself, the accuracy is limited (40% - 60%). For example, when 2 different users send requests using identical (i.e.... -
Yooz provides the smartest, most powerful, and easiest-to-use cloud-based E-invoicing and Purchase-to-Pay automation solution. It delivers unmatched savings, speed, and security with affordable zero-risk subscriptions to more than 5,000 customers and 300,000 users worldwide.
-
5
EMBA
The firmware security analyzer
EMBA is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords... -
6
Luakit
Fast, small, webkit based browser framework extensible by Lua
Luakit is a highly configurable browser framework based on the WebKit web content engine and the GTK+ toolkit. It is very fast, extensible with Lua, and licensed under the GNU GPLv3 license. It is primarily targeted at power users, developers and anyone who wants to have fine-grained control over their web browser’s behavior and interface. While switching to the WebKit 2 API means a vastly improved security situation, not all distributions of Linux package the most up-to-date version... -
7
TypeScript Express Starter
Quick and Easy TypeScript Express Starter
Express consists of JavaScript, which makes it vulnerable to type definitions. That's why we avoid supersets with starter packages that introduce TypeScript. The package is configured to use TypeScript instead of JavaScript. Express is a fast, open and concise web framework and is a Node.js based project. npx is a tool in the JavaScript package management module, npm. This is a tool that allows you to run the npm package on a single run without installing the package. If you do not enter... -
8
Vulnerable Web Apps
Vulnerable Web Apps virtual appliance to learn application security.
... 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab -
9
Metasploitable2-gohack
Customized Metasploitable2 VM for Beginners
This customized version of the open source Metasploitable2 virtual machine is specially modified to make it more user-friendly for beginners and K-12 hacking camps under the GenCyber program and similar middle- and high-school ethical hacking programs. This version was developed by Bryson Payne and is used in the book "Go H*ck Yourself" (Go Hack Yourself), by No Starch Press. Most of the changes are to DVWA, relabeled "Darn Vulnerable Web App" for the K-12 audience. Like the original... -
ManageEngine's Endpoint Central is a Unified Endpoint Management Solution, that takes care of enterprise mobility management (including all features of mobile application management and mobile device management), as well as client management for a diversified range of endpoints - mobile devices, laptops, computers, tablets, server machines etc. With ManageEngine Endpoint Central, users can automate their regular desktop management routines like distributing software, installing patches, managing IT assets, imaging and deploying OS, and more.
-
10
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. List Of All Labs in one VM:- 1. Web-DVWA 2. Mutillidae 3. Webgoat 4. Bwapp 5. Juice-shop 6. Security-ninjas 7... -
11
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script... -
12
Web Security Audit
Passively audits the security posture on current page for your browser
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices. - Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including: - strict-transport-security... -
13
mod_csrf
Apache module to prevent cross-site request forgery.
mod_csrf is a module for the Apache Web server. It prevents cross-site request forgery attacks to vulnerable HTML forms. -
14
ExploitMe REST
A deliberately vulnerable REST API built with PHP and MySQL.
A deliberately vulnerable Representational State Transfer (REST) API built with PHP and MySQL. Version 1.0 is already out with basic features. You can get it from download page. In security testing labs. Using it in a public facing server or production environment is more or less like installing a back-door to your system. -
15
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
16
In this package, it contain compilation of vulnerable web applications and various version of CMS for penetration testing. It is based on XAMPP for Windows OS For detail or updates, please visit http://www.facebook.com/SYWorks
-
17
Vulnerable Operating Systems
deliberately vulnerable operating systems
VulnOS are a series of deliberately vulnerable operating systems packed as virtual machines to teach Offensive IT Security and to enhance penetration testing skills. For educational purposes! -
18
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with Vulnerawa...
-
19
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
-
20
Robocrawl 2.0
Expose web vulnerabilities servers, Acess open FTP & HTTP Dirs & files
This is a forensics tool helping web developers and administrators to assess the presence or absence of vulnerabilities in web & server applications. -
21
XSS-Scanner
Powerful XSS Scanner based on Selenium Web Driver
Are you sure that your application is safe? Cross-site scripting (XSS) is the most prevalent web application security flaw. XSS scanner walks through all reachable pages of your web-site and checks all forms that can be potentially vulnerable. XSS-Scanner is a multi-threading app that works in parallel in several browser windows to save time and improve efficiency. After working, it creates a nice web page with a report of a test result. This app is absolutely free XSS Scanner, based... -
22
SIGVI is a vulnerability manager for enterprise environments. Uses vulnerability sources like NVD, auto-updates its repository and looks for vulnerable products installed on your servers, creating alerts and notifying their administrators.
-
23
Java Remote Terminal
A web browser based terminal for Unix
This is a Java based web application can be deployed in any Servlet container. Once the web application is deployed in the target servlet container, a web browser can be used to issue various Unix commands to the remote machine. This can be used as simple administration tool or this even can be used as an attacking tool in a vulnerable application server. -
24
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability... -
25
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation.