Showing 21 open source projects for "command injection"

View related business solutions
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • Go from Code to Production URL in Seconds Icon
    Go from Code to Production URL in Seconds

    Cloud Run deploys apps in any language instantly. Scales to zero. Pay only when code runs.

    Skip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
    Try it free
  • 1
    Codex-5.5-codex-instruct-5.5

    Codex-5.5-codex-instruct-5.5

    Prompt-injection utility aimed at modifying how Codex CLI behaves

    Codex-5.5-codex-instruct-5.5 is a high-risk prompt-injection utility aimed at modifying how Codex CLI behaves. The repository presents itself as an early command-line version of a jailbreak-style tool for injecting unrestricted-mode instructions. It claims to use an official configuration mechanism rather than binary modification, network interception, or process tampering. The project includes a Python script, an examples folder, assets, a README, and an MIT license. ...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 2
    react2shell-scanner

    react2shell-scanner

    High Fidelity Detection Mechanism for RSC/Next.js RCE

    react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. This is especially valuable for projects that mix web UIs with server-side scripting, developer tooling, or plugin ecosystems where untrusted input could enter execution paths. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 3
    sqlmap

    sqlmap

    Automatic SQL injection and database takeover tool

    sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 4
    NoneBot

    NoneBot

    Asynchronous multi-platform robot framework written in Python

    ...NoneBot2 provides an easy-to-use, interactive command-line tool -- nb-cli, making it easier to get started with NoneBot2 for the first time. The plug-in system is the core of NoneBot2, through which the modularization and function expansion of the robot can be realized, which is convenient for maintenance and management.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Build Securely on AWS with Proven Frameworks Icon
    Build Securely on AWS with Proven Frameworks

    Lay a foundation for success with Tested Reference Architectures developed by Fortinet’s experts. Learn more in this white paper.

    Moving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
    Download Now
  • 5
    papermill

    papermill

    Parameterize, execute, and analyze notebooks

    papermill is a Python library and command-line tool that transforms Jupyter Notebooks into repeatable, parameterized workflows by allowing users to define editable parameters within notebooks and then programmatically execute them with different inputs. Instead of manually opening and running a notebook inside JupyterLab or Notebook every time, Papermill lets you inject new values into a specially tagged parameters cell and execute the entire notebook automatically via a script or automation...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 6
    garak

    garak

    The LLM vulnerability scanner

    garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated periodically. garak has its own dependencies, you can to install garak in its own Conda environment. garak needs to know what model to scan, and by default, it'll try all the probes it knows on that model, using the vulnerability detectors recommended by each probe. ...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 7
    Claude Code Security Reviewer

    Claude Code Security Reviewer

    An AI-powered security review GitHub Action using Claude

    The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning),...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 8
    SafeClaw

    SafeClaw

    Chat with it via text and voice

    SafeClaw is an open-source, entirely local alternative to cloud-based AI assistants like OpenClaw, enabling users to build a personal assistant that runs on their own machine without incurring API usage charges or exposing data to third-party services. It emphasizes privacy and predictability by using traditional programming, rule-based intent parsing, and established machine learning tools rather than large language models, meaning there are no per-token API costs and deterministic...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 9
    paramspider

    paramspider

    Mine parameterized URLs from web archives for security testing

    ...These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance.
    Downloads: 3 This Week
    Last Update:
    See Project
  • Train ML Models With SQL You Already Know Icon
    Train ML Models With SQL You Already Know

    BigQuery automates data prep, analysis, and predictions with built-in AI assistance.

    Build and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
    Try Free
  • 10
    GraphQLmap

    GraphQLmap

    GraphQLmap is a scripting engine to interact with endpoints

    GraphQLmap is a Python-based scripting engine designed to interact with GraphQL endpoints for penetration testing purposes. It can connect to a target GraphQL endpoint, dump the schema (if introspection is enabled), query it interactively, and fuzz fields for NoSQL/SQL injection vectors, thereby revealing hidden attack surfaces. GraphQL endpoints represent a relatively newer attack vector compared to REST, and GraphQLmap helps bridge this gap by providing tooling tailored to the GraphQL...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 11
    Python Taint

    Python Taint

    Static Analysis Tool for Detecting Security Vulnerabilities in Python

    Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis) Detect command injection, SSRF, SQL injection, XSS, directory traveral etc. A lot of customization is possible. For functions from builtins or libraries, e.g. url_for or os.path.join, use the -m option to specify whether or not they return tainted values given tainted inputs, by default this file is used.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 12
    Spatial Media

    Spatial Media

    Specifications and tools for 360º video and spatial audio

    spatial-media provides tools for working with spherical video and spatial audio metadata so players and platforms can correctly render immersive media. The utilities inject, inspect, and extract metadata in common container formats (MP4/WebM) to signal 360° projection type, stereoscopy mode, and spatial audio layout. Creators use it to prepare 360/VR180 assets for upload so services know whether a video is monoscopic, top-bottom stereo, or side-by-side, and whether ambisonic audio is...
    Downloads: 69 This Week
    Last Update:
    See Project
  • 13
    Gin Config

    Gin Config

    Gin provides a lightweight configuration framework for Python

    Gin Config is a lightweight and flexible configuration framework for Python built around dependency injection. It enables developers to manage complex parameter hierarchies—particularly common in machine learning experiments—without relying on boilerplate configuration classes or protos. By decorating functions and classes with @gin.configurable, Gin allows their parameters to be overridden using simple configuration files (.gin) or command-line bindings.
    Downloads: 10 This Week
    Last Update:
    See Project
  • 14
    iSCSIsim is a powerful generic test tool for iSCSI targets. Its capabilities include SCSI command injection, error insertion, and recovery testing: all with built-in validation of test results.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    sqliv

    sqliv

    Massive SQL injection vulnerability scanner for automated web testing

    SQLiv is a command-line security tool designed to identify SQL injection vulnerabilities in web applications through automated scanning techniques. Written primarily in Python, the project focuses on discovering potentially vulnerable web pages by analyzing URLs that contain database query parameters. It can perform large-scale scanning by using search engine queries known as SQL injection dorks to collect candidate websites and then test them for vulnerabilities. ...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 16

    sitecheck

    Modular web site spider for web developers.

    More than just a link checker, sitecheck is a website spider (also known as a crawler) which can assist with SEO by testing an entire site plus both inbound links from search engines and outbound links to other sites for the following issues: looping redirects (HTTP 301/302), broken links (HTTP 404), server errors (HTTP 500), spelling mistakes, low readability scores (using the Flesch Reading Ease test), missing/empty/duplicate meta tags, duplicate content, slow page speed, W3C validation...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    Mole

    Mole

    Automatic SQL Injection Exploitation Tool

    Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    w3af
    w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/
    Downloads: 1 This Week
    Last Update:
    See Project
  • 19
    sqlmap
    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 20
    A blind SQL injection tool inspired by sqlmap and written in the Python language.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    OpenSQLi-NG is the next generation open source sql injection tool. It silently test and exploit (on-demand) SQL injections conditions. Please refer to the project web site to have the complete description: http://opensqling.sourceforge.net/?page_id=8
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • Next