Search Results for "web security"
Sort By:
Showing 78 open source projects for "web security"
View related business solutions-
Stop Cyber Threats with VM-Series Next-Gen Firewall on AzureGain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
-
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
1
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
2
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. ... -
3
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
4
mitmproxy
A free and open source interactive HTTPS proxy
mitmproxy is an open source, interactive SSL/TLS-capable intercepting HTTP proxy, with a console interface fit for HTTP/1, HTTP/2, and WebSockets. It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. Its web-based interface mitmweb gives you a similar experience as Chrome's DevTools, with the addition of... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws,... -
6
go-mitmproxy
mitmproxy implemented with golang
go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. If the root certificate is already trusted... -
7
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. -
8
Gobuster
Directory/File, DNS and VHost busting tool written in Go
Gobuster is a tool used to brute-force. This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic... -
9
Proxyee
HTTP proxy server,support HTTPS & websocket
Proxyee is a JAVA-written HTTP proxy server library that supports HTTP, HTTPS, and WebSocket protocols, and supports MITM (Man-in-the-middle), which can capture and tamper with HTTP, and HTTPS packets. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to... -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
CTFd
CTFs as you need them
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes. Create your own challenges, categories, hints, and flags from the Admin Interface. Dynamic Scoring Challenges. Unlockable challenge support. Challenge plugin architecture to create your own custom challenges. Static & Regex-based flags. Custom flag plugins. Unlockable hints. File uploads to the server or an Amazon... -
11
Ray Tracing in One Weekend Book Series
The Ray Tracing in One Weekend series of books
The Ray Tracing in One Weekend series of books are now available to the public for free online. They are now released under the CC0 license. This means that they are as close to public domain as we can get. (While that also frees you from the requirement of providing attribution, it would help the overall project if you could point back to this web site as a service to other users.) These books are formatted for printing directly from your browser, where you can also (on most browsers) save... -
12
node-rate-limiter-flexible
Count and limit requests by key with atomic increments
rate-limiter-flexible counts and limits number of actions by key and protects from DDoS and brute force attacks at any scale. It works with Redis, process Memory, Cluster or PM2, Memcached, MongoDB, MySQL, PostgreSQL and allows to control of requests rate in single process or distributed environment. All operations in memory or distributed environments use atomic increments against race conditions. Combine limiters, block key for some duration, delay actions, manage failover with insurance... -
13
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your... -
14
Merlin HTTP/2
Merlin is a cross-platform post-exploitation HTTP/2 Command
Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. The Merlin server is a self-contained command line program that requires no installation. You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project. -
15
Digna Web Scanner
A tool to check web apps for vulnerabilty
This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. ... -
16
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script... -
17
MrFish
A anti-phishing Python script with headers and proxies!
MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling systems. It's ideal for security researchers looking to automate the process of probing online platforms for vulnerabilities while maintaining anonymity. ... -
18
CSZ CMS
CSZ CMS is a open source content management system. With Codeigniter.
CSZ CMS is an open source web application that allows to manage all content and settings on the websites. CSZ CMS was built on the basis of Codeigniter and design the structure of Bootstrap, this should make your website fully responsive with ease. CSZ CMS is based on the server side script language PHP and uses a MySQL or MariaDB database for data storage. CSZ CMS is open-source Content Management System. And all is free under the Astian Develop Public License (ADPL). -
19
Wifipumpkin3
Powerful framework for rogue access point attack
wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. -
20
Pentest-Tools
A collection of custom security tools for quick needs.
Pentest-Tools is a collection of penetration testing scripts and utilities designed to help security professionals and ethical hackers perform vulnerability assessments. It includes a wide range of tools for tasks like web scraping, reconnaissance, data extraction, and network analysis. The suite is modular, allowing users to choose the tools that best fit their specific pentesting needs, from web application analysis to network penetration testing. -
21
SharPyShell
Tiny and obfuscated ASP.NET webshell for C# web applications
SharPyShell is a tiny and obfuscated ASP.NET web shell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework >= 2.0. SharPyShell is a post-exploitation framework written in Python. The main aim of this framework is to provide the penetration tester with a series of tools to ease the post-exploitation phase once exploitation has been successful against an IIS webserver. This tool is... -
22
Node.js express.js MongoDB JWT REST API
Node.js express.js MongoDB JWT REST API - Basic Project Skeleton
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API) This project is created to help other developers create a basic REST API in an easy way with Node.js. This basic example shows how powerful and simple JavaScript can be. Do you want to contribute? Pull requests are always welcome to show more features. -
23
Hetty
An HTTP toolkit for security research
...Intercept requests and responses for manual review (edit, send/receive, cancel) Scope support, to help keep work organized. Easy-to-use web-based admin interface. Project-based database storage, to help keep work organized. -
24
Kraken tool
Kraken: A multi-platform distributed brute-force password cracking
Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator-based cracking across multiple machines both as a web app in a web browser and as a standalone electron-based client. Kraken aims to be easy to use, fault-tolerant and scalable. Kraken is a dockerized application using docker-compose which will launch the db (Postgres), s3-compliant file storage (Minio), the server and the browser client. You can find the... -
25
JWT-Cracker
Pure Go HS256/384/512 JWT Token Brute-force Cracker
Utility for security, pentests and forensics investigation. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. This is realistically only effective to crack JWT with weak secrets. It also only currently works with HMAC-SHA2 signatures. This project is licensed under the MIT License.
