Search Results for "vulnerable"

..."Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt-retire scans your grunt-enabled app for use of vulnerable JavaScript libraries and/or node modules. Scans visited sites for references to insecure libraries and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded. ...

...Written in the Go programming language, it focuses on speed and efficiency when executing advanced search queries across multiple search engines. It allows users to run specialized queries, often referred to as “dorks,” to discover publicly exposed data, misconfigurations, or potentially vulnerable resources. It supports several major search engines and enables users to switch between them depending on the target or query requirements. go-dork can retrieve results from multiple pages of search results and process them sequentially for broader coverage during scans. go-dork also supports custom HTTP headers and proxy configuration, which can help users work around restrictions such as captchas or filtering mechanisms. ...

...It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and request forgery scenarios. It also analyzes the strength and randomness of security tokens using algorithms such as entropy calculations to determine whether tokens can be predicted or forged. When a vulnerability is discovered, it can automatically generate proof-of-concept payloads that demonstrate how the flaw could be exploited in a real attack scenario. ...

...Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices. - Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including: - strict-transport-security - x-xss-protection - content-security-policy - x-frame-options - x-content-type-options It is available for Opera Beta and Developer browser - https://bit.ly/2TvvFw4

SQLiv is a command-line security tool designed to identify SQL injection vulnerabilities in web applications through automated scanning techniques. Written primarily in Python, the project focuses on discovering potentially vulnerable web pages by analyzing URLs that contain database query parameters. It can perform large-scale scanning by using search engine queries known as SQL injection dorks to collect candidate websites and then test them for vulnerabilities. In addition to bulk scanning, SQLiv supports targeted analysis of specific domains or individual URLs, allowing security researchers to focus on particular web applications. ...

A vulnerable toolkit & lab for IT Security Professionals, Hackers and Students. This is a Linux based Operating System & has been developed for those concerned with IT Security. Contains various software, exploits and is vulnerable to attacks. This project is a fork of the project MyLab@Home developed by Huzaib Shafi (http://www.shafihuzaib.com)

...It focuses on demonstrating and testing the flaw rather than being a general-purpose security toolkit, which makes the code approachable for learning and auditing. The project illustrates how a malformed heartbeat request could coax vulnerable servers into leaking memory contents, including potentially sensitive data. Because it’s small and self-contained, it’s often used as a reference to understand the vulnerability mechanics without wading through large codebases. The repo also serves as a historical snapshot of a watershed moment in modern Internet security and the practical lessons it forced the industry to learn. ...

exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured

This project is no longer maintained and may be vulnerable to various exploits. A simple blog engine designed for personal websites. A web interface allows users to manage entries. Visitor comment system with RECAPTCHA and HTML Purifier included.