Search Results for "web attack" - Page 3
Sort By:
Showing 119 open source projects for "web attack"
View related business solutions-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
1
Shuttle
A web proxy in Golang with amazing features
Shuttle is a cross-platform network proxy tool based on Go. -
2
Tiny Alien
Tiny Alien - Micro Serving on a Shoestring
Tiny Alien is presented as a micro web server platform that can deliver dynamic websites securely. Backed by a ultra-light server sided scripting ability Tiny Alien packs a very powerful punch into the smallest of spaces. This rendition allows you to host a tor based web service that is highly resilient and easily deployed thanks to http://www.floodgap.com/httpi/ for their excellent webserver. ;) This is not for the faint of heart as you will be required to understand shell commands throughout to get the best from this Tiny Alien platform. ... -
3
APIthet
An Application to security test RESTful web APIs.
...This helps set a unique value for a specific JSON parameter in an API. The application is available as a Windows exe file.. In progress and planned features: -More test cases to attack target API. -Add APIs and define sequence. -Read APIs from doc link. -Business Logic test. TODO: Build for Linux (and may be OS X). -
4
Injectify
Perform advanced MiTM attacks on websites with ease
Perform advanced MiTM attacks on websites with ease. Injectify is a modern web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It features cross-platform clients (Web, Desktop, Browser extension). Create a reverse Javascript shell between the victim and the attacker. Records keystrokes and logs them to a database. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
pydictor
powerful and useful hacker dictionary builder for a brute-force attack
A powerful and useful hacker dictionary builder for a brute-force attack. You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and unique, count word frequency to filter the wordlist, besides, you also can specify your wordlist and use '-tool handler' to filter your wordlist. -
6
Web Security Basics
Web security concepts
Web Security Basics is a beginner-friendly review of essential web security concepts that equips web developers with foundational knowledge about protecting applications and understanding common threats. The repository focuses on real-world security mechanisms and vulnerabilities, explaining protocols like SSL/TLS for encrypted communications, the principles behind CORS (Cross-Origin Resource Sharing), and widely exploited attack categories such as cross-site scripting (XSS) and cross-site request forgery (CSRF). ... -
7
FoxNuke
A Proffesional Stress-Testing(ddos) tool for pentesters
The FoxNuke program is written in python and uses Firefox in order to complete the distributed denial of service attack feature. Multiple headers are used from the Firefox browser, along with a personal configuration option for the Opera browser. The FoxNuke Program is still underdevelopment as of 8/24/17, full release is set to come out sometime during 2017-2018. If you would like to participate in the TESTING of this program and would like to help report bugs, etc. then please email... -
8
Wi-Fi Ducky
Upload, save and run keystroke injection payloads with an ESP8266
...The ESP will open up a Wi-Fi access point and host a web interface from which you can upload and manage your scripts. When you hit run, it will send the script to the ATmega, which then will execute it on the target machine. -
9
Owasp Zap Live CD
Owasp Zap Live CD
A live CD, live DVD, or live disc is a complete bootable computer installation including operating system which runs in a computer's memory.This live CD contains the Owasp Zap vulnerability test solution, the OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
Mpge
Mpge
Mpge is a wrapper of meterpreter (msfconsole, msfpayload and msfencode) of Metasploit Framework directly integrated with Mac OS X Snow Leopard 10.6.8 and with OS X Mavericks 10.9. With Mpge is possible make trojan horse files for Microsoft Windows, Linux and Mac OS X 10.3 Panther, OS X 10.4 Tiger, OS X 10.5 Leopard and OS X Montain Lion 10.8.1 for all Mac OS X is possible make a trojan horse files contains a reverse shell into files .pkg and files .app. I used three real Mac OS X: Attacker:... -
11
LOIC-0
A NETWORK STRESS TOOL BASED ON PRAETOX LOIC
Low Orbit Ion Cannon - 0 (LOIC-0) The original Low Orbit Ion Cannon with interface improvements. ALSO NOTED VERSION 1.0 OF LOIC-0 IS VERSION 1.2 OF LOIC AND SO ON. DISCLAIMER: USE ON YOUR OWN RISK. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER OR CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR... -
12
Betwixt
Web debugging proxy based on Chrome DevTools network panel
Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. In order to capture traffic, you'll have to direct it to the proxy created by Betwixt in the background. -
13
MVProc FastCGI
MVProc implemented as a FastCGI
...It's based on the stable Apache module MVProc, and all functionality has been tested (and load tested), so it may be "Production Ready" even though it hasn't been implemented in a production environment as yet. Benchmarking indicates it's "nearly as fast" on lighttpd as the MVProc Apache module, though a truly thorough benchmarking with a variety of servers and web applications (outputting the same result) would be more than welcome if anyone is offering... It's fast and runs great on Lighttpd! Supports application/x-www-form-urlencoded and multipart/form-data! Highly configurable! Very fast templating! Designed to be secure, with SQL injection protection, XSS attack protection, and more! ... -
14
r-u-dead-yet
R-U-Dead-Yet? (RUDY) Original source code files
R-U-Dead-Yet, or RUDY for short, implements the generic HTTP DoS attack via long form field submissions. RUDY attack targets web applications by starvation of available sessions on the web server. RUDY keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value. Licensed under the GNU GPL v3 DISCLAIMER: USE ON YOUR OWN RISK. -
15
LOWC
An improved version of LOWC forked from GoogleCode
Low Orbit Web Cannon a version of LOIC-0 for web browsers this version has been forked from the original at https://code.google.com/p/lowc/ for a more professional look. this tool comes released under the GPLv3 See README for Hivemind. DISCLAIMER: USE ON YOUR OWN RISK. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER OR CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR... -
16
OWASP Zed Attack Proxy
Find web application vulnerabilities the easy way!
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Note that this project is no longer used for hosting the ZAP downloads. You should download ZAP via https://github.com/zaproxy/zaproxy/wiki/Downloads Please see the homepage for more information about OWASP ZAP -
17
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks. WS-Attacker is developed by the Chair of Network and Datasecurity, Ruhr-University Bochum (http://nds.rub.de/) and the 3curity GmbH (http://3curity.de/).
-
18
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability... -
19
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation. -
20
wafep
Web Application Firewall Evaluation Project
WAFEP is designed to assess the attack vector support of web application firewalls and application IDS/IPS modules. It operates through an "attacker website" with links, forms, browser controls and other request initiators which send a collection of malicious payloads through the WAF to a target application, which in turn, checks which payloads were blocked and which passed successfully. -
21
DIRB - URL Bruteforcer: DIRB is a Web Content Scanner. It looks for hidden Web Objects. It basically works by launching a dictionary based attack against a web server and analizing the response. DIRB main purpose is to help in web application auditing.
-
22
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
23
-
24
Free Web Application Firewall
Free Web Application Firewall
The FreeWAF provides specialized, layered application threat protection. It protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL injection and cross-site scripting, it helps you prevent identity theft, financial fraud and corporate espionage. -
25
Linset
Linset Is Not a Social Enginering Tool
Linset is a social engineering tool based on MITM to check the security (or ignorance) of the clients in our wireless network.
