Search Results for "web attacks"
Sort By:
Showing 29 open source projects for "web attacks"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Atera - an All-in-one platform for IT managementYour IT essentials, integrated & elevated. Take your IT management from automated to autonomous, download Atera's agent to start your free trial!
-
1
BeEF
The browser exploitation framework project
...BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. -
2
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
3
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs... -
4
go-mitmproxy
mitmproxy implemented with golang
go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. -
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
5
node-rate-limiter-flexible
Count and limit requests by key with atomic increments
rate-limiter-flexible counts and limits number of actions by key and protects from DDoS and brute force attacks at any scale. It works with Redis, process Memory, Cluster or PM2, Memcached, MongoDB, MySQL, PostgreSQL and allows to control of requests rate in single process or distributed environment. All operations in memory or distributed environments use atomic increments against race conditions. Combine limiters, block key for some duration, delay actions, manage failover with insurance... -
6
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script... -
7
Ubuntu Mate + Hacking Tools
Ubuntu Mate Hacking Distro
Ubuntu Mate + FSociety Hacking Tools is a distro with hacking tools which can be downloaded in the following link: https://www.mediafire.com/file/6jo2ln3xjqrk5jn/custom-dist.iso/file FSociety integrates tools used for Information Gathering, Password Attacks, Wireless Testing, Exploitation tools, Sniffing & Spoofing, Web Hacking, Private Web Hacking, Post Exploitation. These tools are integrated in just one command. The distro is useful for those who want a Ubuntu Mate with tools like Katoolin, Tool-X or IntRec, which are compatible. To execute hacking tools in Ubuntu Mate enter Menu>Terminal and write sudo su fsociety To Upgrade your system to the latest version use the following command in Terminal: sudo apt-get upgrade Includes KaliLinux Repositores + ClassicMenu Indicator Recommended Requirements for HD 720p Optimal Setting: Intel Core Processor 8GB RAM 2GB GDDR5 GPU 120GB SSD -
8
Node.js express.js MongoDB JWT REST API
Node.js express.js MongoDB JWT REST API - Basic Project Skeleton
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API) This project is created to help other developers create a basic REST API in an easy way with Node.js. This basic example shows how powerful and simple JavaScript can be. Do you want to contribute? Pull requests are always welcome to show more features. -
9
WebSploit Framework
WebSploit is a high level MITM Framework
WebSploit Advanced MITM Framework [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin Scanner [+]CloudFlare resolver [+]LFI Bypasser [+]Apache Users Scanner [+]Dir Bruter [+]admin finder [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack [+]MFOD Attack Vector [+]ARP Dos Attack [+]Web Killer Attack [+]Fake Update Attack [+]Fake Access point Attack [+]Wifi Honeypot [+]Wifi Jammer [+]Wifi Dos [+]Wifi Mass De-Authentication Attack [+]Bluetooth POD Attack Project In Github : https://github.com/websploit -
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
10
Injectify
Perform advanced MiTM attacks on websites with ease
Perform advanced MiTM attacks on websites with ease. Injectify is a modern web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It features cross-platform clients (Web, Desktop, Browser extension). Create a reverse Javascript shell between the victim and the attacker. Records keystrokes and logs them to a database. -
11
Echo Mirage
Hook into application processes and monitor network interactions
...Echo Mirage aids in thorough security analysis by allowing testers to identify potential weaknesses and simulate attacks on application communication. -
12
Infernal Wireless
Infernal Wireless Penetration Testing Suite
Infernal Wireless – Penetration testers tools Infernal Wireless Penetration testing tool is created to aid the penetration testers during wireless assessment. Having looked around we all see a lot of penetration testing suits which can automate the process of penetration testing easier for us during Web or other kind of audits, but I did not find one for wireless hacking, except some commercial tools. So, I thought how about to create a tool which automate many different type of attacks with a click of button and save us some time. We got to admit that some of the attacks can get complex. Well, I decided to create the suite and make use of publicly available tools to achieve it. ... -
13
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks. WS-Attacker is developed by the Chair of Network and Datasecurity, Ruhr-University Bochum (http://nds.rub.de/) and the 3curity GmbH (http://3curity.de/).
-
14
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
15
IPTC-Attacker
Testing for XSS via IPTC metadata
As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag. Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection. -
16
BHS Debian (Hades Update)
BHS debian (testing) jessie/sid
BHS (Debian) New BHS release Based on Debian jessie/sid Kermel 3.12 KDE 4.11 Debian style and look Custom scripts!! Defcon tools!! New wifi scripts Multiarch support Top tools username: root password: BHS note: Don't forget to run the script located on the desktop to install the missing tools,because without to run it the menu will not be functional,if you not see it just download from here in the file section..sorry for the delay the upload stack for 2... -
17
Wave Framework
Open Source API-centric PHP Micro-framework
Wave is a PHP micro-framework that is built loosely following model-view-control architecture and factory method design pattern. It is made for web services, websites and info-systems and is built to support a native API architecture, caching, user control and smart resource management. Wave is a compact framework that does not include bloated libraries and features and is developed keeping lightweight speed and optimizations in mind. While not necessary for using Wave Framework, it comes by... -
18
HTTP Anti Flood/DoS Security Module
Detect Flooder IPs, Reduce Attack Surface against HTTP Flood Attacks
This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? ... -
19
Etherwall is a free and open source network security tool that prevents Man in The Middle (MITM) through ARP Spoofing/Poisoning attacks. It Also prevent it from various attacks such as Sniffing, Hijacking, Netcut, DHCP Spoofing, DNS Spoofing, WEB Spoofing, and others. Note: For personal computer use only (client security) if you like this program, please give us your vote at http://sourceforge.net/projects/etherwall/reviews/
-
20
Xenophobe
Block countries via iptables and gui menu with country flags.
...I have begun to make a simple web gui, that allows for selecting countries one would like to simply block from reaching one's server. The gui incorporates country flags as a means of selection. Eventually, this project seeks to be able to apply fine tailored restrictions, via port and protocols to firewall rules. With help, I intend to port this to Windows in the near future. -
21
GameOver
Training and educating about the web security
About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection Section 2 is a collection of dileberately insecure Web applications. ... -
22
distributedPHP client
A simple script for distributed computing through PHP:
distributedPHP client is a simple PHP script that can simultaneously activate/send data to as many web scripts as you want. You must open and configure the distributedPHP .php file prior to running it. ditributedPHP client supports activating scripts without data, sending the same data to all scripts, sending unique data to each script or sending user input to each script. Examples of use include: distributed math computation, encryption breaking, SETI@home/folding@home (well, if they made the projects in php..) distributed bruteforce attacks, ddos attacks, distributed processing, etc.. ... -
23
IT security resources
IT security resources for ethical hacking & penetration testing
this collection of most used resources that will help you in ethical hacking and penetration testing. Collection of hacking tools and materials and all major type of attacks and tutorials. -
24
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste
-
25
Java based webapp that utilizes TCP Wrappers to grant an IP access to a ssh server. Brute force attacks can be avoided while still allowing password based ssh access from multiple, changing IP values.
