Search Results for "common" - Page 3
Sort By:
Showing 205 open source projects for "common"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
1
Cherrybomb
Cherrybomb is a CLI tool that helps you avoid undefined user behaviour
...Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. ... -
2
Ultimate AppLocker Bypass List
The most common techniques to bypass AppLocker
...The project functions as a living catalog: entries list binaries, script hosts, and patterns that researchers have tested or reported in the wild, along with notes about context, platform constraints, and mitigation ideas. It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation. -
3
Sobelow
Security-focused static analysis for the Phoenix Framework
...For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities. Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green. A finding is typically marked "low confidence" if it looks like a function could be used insecurely, but it cannot reliably be determined if the function accepts user-supplied input. ... -
4
DeepBlueCLI
PowerShell Module for Threat Hunting via Windows Event Logs
DeepBlueCLI is a PowerShell-centric threat-hunting toolkit built to extract, normalize, and flag suspicious activity from Windows event logs and Sysmon telemetry. It parses common sources—including Windows Security, System, Application, PowerShell logs, and Sysmon event ID 1—then applies a rich set of detection heuristics for things like suspicious account changes, password guessing and spraying, service tampering, PowerShell obfuscation and download-string usage, long or unusual command lines, and credential dumping attempts. ... -
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
5
JJException
Protect the objective-c application
Common problems will not crash by the JJException, Hook the Unrecognized Selector, Out of bound, the parameter is nil, etc. Throw the exception to the interface, and then save the exception record to the log, and upgrade the app or Hot-Fix to resolve the exception. -
6
vulnerable-AD
Create a vulnerable active directory
Vulnerable-AD is a PowerShell toolkit that automates the creation of a deliberately insecure Active Directory domain for hands-on labs and testing. It builds a domain controller (or augments an existing AD installation) with a variety of common misconfigurations and intentional weaknesses so practitioners can exercise attack techniques such as Kerberoast, AS-REP roast, DCSync, Pass-the-Hash, Silver/Golden Ticket attacks, and more. The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. ... -
7
Tink
A library that provides cryptographic APIs that are easy and secure
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is an open-source cryptography library written by cryptographers and security engineers at Google. Tink's secure and simple APIs reduce common pitfalls through user-centered design, careful implementation and code reviews, and extensive testing. Tink helps users without a cryptography background safely implement common cryptographic tasks. At Google, Tink has been deployed in hundreds of products and systems. Cryptography is difficult to get right. With Tink, you can encrypt or sign data with just a few lines of code, with built-in security guarantees to help you avoid pitfalls. ... -
8
certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates
...If the CN contains spaces, certstrap will change them to underscores in the filename for easier use. The spaces will be preserved inside the fields of the generated files. certstrap requires either -common-name or -domain flag to be set in order to generate a certificate signing request. -
9
Pixload
Image Payload Creating/Injecting tools
Pixload is a collection of tools for creating and injecting payloads into image files using steganographic techniques to embed hidden content in common image formats. It supports BMP, GIF, JPG, PNG, and WebP formats and offers command-line utility for generating or modifying images with embedded payloads. If the target image exists, it can inject into it; otherwise, it generates a new one. Offers separate utilities per format (e.g., bmp.pl, gif.pl, jpg.pl, png.pl) for injection or creation. ... -
8 Monitoring Tools in One APM. Install in 5 Minutes.AppSignal works out of the box for Ruby, Elixir, Node.js, Python, and more. 30-day free trial, no credit card required.
-
10
Password Extractor
Transfer passwords to and from K-Meleon
Transfer passwords between browsers. This extension for K-Meleon can also be installed on other browsers that use XUL including SeaMonkey, Pale Moon, Mypal, Roytam's New Moon, and Waterfox Classic. The Password Extractor XML export/import format is also used by Password Exporter (for Firefox and SeaMonkey) and Password Backup Tool (for Pale Moon and Basilisk). The CSV export format is compatible with popular browsers and password managers including Mozilla Firefox, Google Chrome, Microsoft... -
11
cloud_enum
Multi-cloud OSINT tool for discovering public cloud resources
...It focuses on enumerating assets in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform using keyword-based discovery techniques. It works by taking user-provided keywords and generating variations through mutation wordlists, then testing these combinations against common cloud service naming patterns. cloud_enum performs both HTTP probing and DNS lookups to identify resources such as storage buckets, cloud applications, and databases that may be exposed or accessible. cloud_enum uses concurrent processing to speed up scanning, enabling efficient enumeration of large numbers of possible resource names. ... -
12
authoscope
Scriptable network authentication cracker (formerly `badtouch`)
authoscope is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications. The scope of authoscope is specifically cracking custom services. This is done by writing scripts that are loaded into a lua runtime. Those scripts represent a single service and provide a verify(user, password) function that returns either true or false. ... -
13
CyphyOS
CyphyOS is Debian-based Distro for Cyber Physical System Hackers
CyphyOS is Debian 10 x86_64 Based Distro Flavor, specifically for Cyber Physical System penetration testing. Powered with XFCE4. Out-Of-The-Box Dedicated to All Hardware Hackers. Especially for those who are still using the common pentesting tools and in need of hardware, Embedded System, IoT and SCADA tools as well. Also SDR tools are in place and configurations are made for HackRF, RTL-SDR and BladeRF. Tools Are Listed In Discussion Tab. Default Username : hackerman Default Password : cyphy -
14
GoSpider
Gospider - Fast web spider written in Go
...Generate and verify link from JavaScript files. Link Finder. Find AWS-S3 from response source. Find subdomains from the response source. Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault. Format output easy to Grep. Support Burp input. Crawl multiple sites in parallel. -
15
Ciphey
Decrypt encryptions without knowing the key or cipher
Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense. You don't know, you just know it's possibly encrypted. Ciphey will figure it out for you. Ciphey can solve most things in 3 seconds or less. Ciphey aims to be a tool to automate a lot of decryptions & decodings such as multiple base encodings, classical ciphers, hashes or more advanced cryptography. If you don't know much about cryptography, or you want to quickly check the ciphertext before working on it yourself, Ciphey is for you. ... -
16
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. List Of All Labs in one VM:- 1. Web-DVWA 2. Mutillidae 3. Webgoat 4. Bwapp 5. Juice-shop 6. Security-ninjas 7. WordPress We are adding more labs in few days🤗 -
17
LibPKI
Easy to use PKI library
The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI enabled application development. The LibPKI Project enables developers with the possibility to implement complex cryptographic operations with a few simple function calls. -
18
FireCX
Open source OWASP penetration testing tool written in Python 3
FireCX is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. -
19
commons-crypt
A library for easy use of symmetric encryption and decryption in java
A library for easy use of symmetric encryption and decryption in java. Encrypt and decrypt with one line of code using common algorithms like AES. Requires Java 7 or later. -
20
htrace.sh
My simple Swiss Army knife for http/https troubleshooting
htrace.sh is a shell-based “Swiss Army knife” for HTTP/HTTPS troubleshooting that wraps a variety of network and security tools into a single, convenient command. It helps engineers inspect endpoints by collecting connection details, TLS certificate info, and server headers while optionally driving tests from third-party analyzers. The script emphasizes operability: you can run quick checks against URLs to reveal redirects, protocol negotiation, and response timing without assembling a pile... -
21
DevHub
Filter issues, activities and notifications
...Create columns for the repositories and people that matters to you; receive desktop push notifications; manage notifications, issues, pull requests and activities; bookmark things for later. Choose between two modes, desktop or menubar; enable push notifications only for the columns you want. All columns support a common set of filters, like bot, label, issue status, text, etc. The Issues & Pull Requests columns are special: they give you all the power of GitHub Advanced Search on your hands (filter by assignee, number of comments, etc. Create a column for each person and see what they are up to commits, comments, issues, pull requests, tags, releases, etc. -
22
Active Directory Exploitation
A cheat sheet that contains common enumeration and attack methods
Active-Directory-Exploitation-Cheat-Sheet is a comprehensive, community-curated cheat sheet that collects practical enumeration commands, attack techniques, and quick references for attacking and auditing Windows Active Directory environments. The repository is organized as a stepwise kill-chain: recon, domain enumeration, local privilege escalation, user hunting, BloodHound guidance, lateral movement, persistence, domain-admin takeover, cross-trust attacks, data exfiltration, and a toolbox... -
23
WinPwn
Automation for internal Windows Penetrationtest / AD-Security
WinPwn is a PowerShell-based toolkit for automating internal Windows penetration testing and Active Directory reconnaissance. It streamlines many manual steps by integrating reconnaissance modules like Seatbelt, Inveigh, Rubeus, and PrivescCheck. With proxy auto‑detection, endpoint enumeration, and exploitation routines, it's widely used in red team and blue team tool chains. -
24
TIDoS
Python web penetration testing framework with modular security tools
TIDoS-Framework is an open source web application penetration testing framework designed to assist security researchers and ethical hackers in identifying vulnerabilities in web systems. It provides a comprehensive environment for performing multiple phases of security assessment, including reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation. Its modular architecture contains more than one hundred modules organized into several testing phases, allowing users to... -
25
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
...By automatically extracting this data, BlackWidow helps security professionals and researchers build a clearer understanding of a website’s structure and publicly accessible information. In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities.
