Search Results for "attacks"
Sort By:
131 projects for "attacks" with 1 filter applied:
-
Go from Code to Production URL in SecondsSkip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
Splunk Attack Range
Tool to simulate attacks and collect the data
Attack Range Log The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
2
Beelzebub
A secure low code honeypot framework
Beelzebub is an open-source cybersecurity framework designed to create intelligent honeypot environments for detecting and studying cyber attacks. Honeypots are systems intentionally exposed to attackers in order to capture malicious behavior, and Beelzebub enhances this concept by incorporating artificial intelligence and virtualization techniques. The platform allows organizations and researchers to deploy decoy services that mimic real infrastructure while recording attacker interactions. ... -
3
Username Anarchy
Username generator for penetration testing and user enumeration
Username Anarchy is an open source command line tool designed to generate possible usernames for use in penetration testing and security assessments. It focuses on solving one of the common challenges in authentication attacks: identifying valid usernames before attempting password attacks. It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems. These generated username lists can then be used for activities such as username enumeration, password spraying, or brute force testing during security audits. ... -
4
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs... -
Add Two Lines of Code. Get Full APM.Works out of the box for Rails, Django, Express, Phoenix, and more. Monitoring exceptions and performance in no time.
-
5
anti-distill
Anti-distillation for employee Skills
anti-distill is a research-oriented project focused on protecting machine learning models from knowledge distillation attacks, where smaller models attempt to replicate the behavior of larger proprietary systems. The project explores techniques that make it harder for external models to learn from outputs, thereby preserving intellectual property and model uniqueness. It likely introduces methods such as output perturbation, watermarking, or response shaping to prevent accurate imitation. ... -
6
Node Argon2
Node.js bindings for Argon2 hashing algorithm
A Node.js library for hashing passwords securely using the Argon2 key derivation function, a modern cryptographic algorithm. -
7
LLM Guard
The Security Toolkit for LLM Interactions
LLM Guard is an open-source security toolkit designed to protect large language model applications from various security risks and adversarial attacks. The library acts as a protective layer between users and language models by analyzing inputs and outputs before they reach or leave the model. It includes scanning mechanisms that detect malicious prompts, prompt injection attempts, toxic content, and other harmful inputs that could compromise AI systems. The toolkit also helps prevent sensitive information leaks by identifying secrets such as API keys or credentials before they are processed by the model. ... -
8
Pants Build System
The Pants Build System
...Pants has out-of-the-box support for multiple dependency resolves and their corresponding lockfiles, so you can have hermetic, repeatable builds that are resilient to supply chain attacks, even in complex situations where you have multiple versions of the same dependencies in different parts of the codebase. -
9
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Themis
Easy to use cryptographic framework for data protection
...Secure Message is a simple encrypted messaging solution for the widest scope of applications. Use Secure Message to send encrypted and signed data from one user to another, from client to server, to prevent MITM attacks and avoid single secret leakage. Based on ECC + ECDSA / RSA + PSS + PKCS#7. -
11
RedAmon
AI-powered framework for automated penetration testing and red teaming
...RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
12
Svix
The enterprise-ready webhooks service
...You need to monitor the deliverability of your webhooks to different endpoints, disable failing ones and notify your customers. Webhooks come with a myriad of security implications, such as SSRF, replay attacks and unauthenticated webhook events. You would need to build a UI for your users to add and remove endpoints, inspect logs and get ongoing reports. Offer your users a great developer experience, including the ability to test, inspect and replay their webhooks. -
13
BadUSB
Flipper Zero badusb payload library
This project explores USB device emulation attacks—commonly called BadUSB—by demonstrating how commodity USB hardware can impersonate keyboards, network adapters, or storage devices to perform scripted actions on a host. It typically contains firmware examples, payloads, and explanations showing how a device presenting as a Human Interface Device (HID) can inject keystrokes, open shells, or orchestrate data exfiltration when plugged into a machine. -
14
Lapis
A web framework for Lua and OpenResty written in MoonScript
Lapis is a framework for building web applications in Lua (or MoonScript) that primarily targets OpenResty, a high-performance web platform that runs on a customized version of Nginx. Lapis can also be used in other server environments, being compatible with any modern version of Lua. With OpenResty, Lua is run directly inside of the Nginx worker using LuaJIT, giving you the smallest barrier between the webserver and your code. Have a look at Web Framework Benchmarks just to see how... -
15
AI-Tutorials/Implementations Notebooks
Codes/Notebooks for AI Projects
...The repository contains numerous Jupyter notebooks and code samples that demonstrate modern techniques in machine learning, deep learning, data science, and large language model workflows. It includes implementations for a wide range of AI topics such as computer vision, agent systems, federated learning, distributed systems, adversarial attacks, and generative AI. Many of the tutorials focus on building AI agents, multi-agent systems, and workflows that integrate language models with external tools or APIs. The codebase acts as a hands-on learning resource, allowing users to experiment with new frameworks, architectures, and machine learning workflows through guided examples. -
16
dnstwist
Detects phishing and lookalike domains using DNS fuzzing techniques
...It works by generating a large set of domain name permutations based on a target domain and analyzing whether any of those variants are actively registered or used. These permutations simulate common techniques used in phishing attacks, typosquatting, and brand impersonation campaigns. Security teams can use the tool to discover potential threats where attackers attempt to deceive users with lookalike domains. dnstwist also helps detect phishing activity by comparing web page content and visual similarity between domains using fuzzy hashing and perceptual hashing techniques. ... -
17
In-The-Wild Jailbreak Prompts on LLMs
A dataset consists of 15,140 ChatGPT prompts from Reddit
In-The-Wild Jailbreak Prompts on LLMs is an open-source research repository that provides datasets and analytical tools for studying jailbreak prompts used to bypass safety restrictions in large language models. The project is part of a research effort to understand how users attempt to circumvent alignment and safety mechanisms built into modern AI systems. The repository includes a large collection of prompts gathered from real-world platforms such as Reddit, Discord, prompt-sharing... -
18
SSRFmap
Automatic SSRF fuzzer and exploitation tool
...It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. ... -
19
promptmap2
A security scanner for custom LLM applications
...The repository emphasizes broad coverage, including test rules for prompt stealing, jailbreaks, harmful content generation, hate-related outputs, social bias, and distraction attacks. It also supports multiple providers such as OpenAI, Anthropic, Google, xAI, and open-source models through Ollama, making it flexible for both commercial and local deployments. -
20
HighwayHash
Fast strong hash functions: SipHash/HighwayHash
HighwayHash is a fast, keyed hash function intended for scenarios where you need strong, DoS-resistant hashing without the full overhead of a general-purpose cryptographic hash. It’s designed to defeat hash-flooding attacks by mixing input with wide SIMD operations and a branch-free inner loop, so adversaries can’t cheaply craft many colliding keys. The implementation targets multiple CPU families with vectorized code paths while keeping a portable fallback, yielding high throughput across platforms. It exposes simple one-shot and streaming APIs, so you can hash short keys or long byte streams with the same function. ... -
21
SSHGuard
Intelligently block brute-force attacks by aggregating system logs
SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf. -
22
Encryption plugin for Pidgin, providing up to 4096 bit RSA encryption using the NSS crypto library from Mozilla. Keys are automatically transmitted and stored, making it very easy to use, but also resistant to man-in-the-middle attacks.
-
23
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
24
ufonet
UFONet - Denial of Service Toolkit
UFONet - Is a set of hacktivist tools that allow launching coordinated DDoS and DoS attacks and combine both in a single offensive. It also works as an encrypted DarkNET to publish and receive content by creating a global client/server network based on a direct-connect P2P architecture. + FAQ: https://ufonet.03c8.net/FAQ.html -------------------------------------------- -> UFONet-v1.8 [DPh] "DarK-PhAnT0m!" -
25
PWSLIB3
Password Safe encrypted databases, Java library
Java module to create, read and write Password Safe V3 encrypted databases. The package is a mature offspring from project JPasswords and can be used with Java 1.8. There is an API document available.
