Search Results for "common"
Sort By:
Showing 205 open source projects for "common"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
1
DVWA
PHP/MySQL web application
...Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. ... -
2
Username Anarchy
Username generator for penetration testing and user enumeration
Username Anarchy is an open source command line tool designed to generate possible usernames for use in penetration testing and security assessments. It focuses on solving one of the common challenges in authentication attacks: identifying valid usernames before attempting password attacks. It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems. These generated username lists can then be used for activities such as username enumeration, password spraying, or brute force testing during security audits. ... -
3
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS
...It is widely used by malware analysts, digital forensics investigators, reverse engineers, and security researchers to quickly inspect unknown files and infer their type, architecture, compiler/packer used, and internal structure. DiE supports a large variety of file formats — from common executables (Windows PE, Linux ELF, macOS Mach-O) to archives, mobile packages (APK, IPA), legacy binaries, compressed or packed files, and more — making it a versatile first step in analysis or triage workflows. The tool offers both a graphical user interface as well as a command-line interface, allowing flexible use across environments (desktop, servers, automation). ... -
4
ClamAV
Antivirus engine for detecting trojans, viruses and malware
...The software includes a command-line scanner, an automatically updating signature database, and a scalable multi-threaded daemon that enables high-performance scanning in production environments. ClamAV is widely used in mail gateways, file servers, and security pipelines because it can inspect compressed archives, common document formats, and executable files. Its bytecode signature system allows advanced detection logic while ensuring signatures are trusted and securely distributed. -
Gemini 3 and 200+ AI Models on One PlatformBuild, govern, and optimize agents and models with Gemini Enterprise Agent Platform.
-
5
FLARE VM
A collection of software installations scripts for Windows systems
...It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather than setup. Updates and modular installation let users include only the tools that match their workflow, keeping the VM lean and current. Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. ... -
6
YARA
The pattern matching swiss knife for malware researchers
...YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. YARA-CI may be a useful addition to your toolbelt. This is GitHub application that provides continuous testing for your rules, helping you to identify common mistakes and false positives. If you plan to use YARA to scan compressed files (.zip, .tar, etc) you should take a look at yextend, a very helpful extension to YARA developed and open-sourced by Bayshore Networks. -
7
AzureAD Attack Defense
This publication is a collection of various common attack scenarios
AzureAD-Attack-Defense is a community-maintained playbook that collects common attack scenarios against Microsoft Entra ID (formerly Azure Active Directory) together with detection and mitigation guidance. The repository is organized into focused chapters — for example: Password Spray, Consent Grant, Service Principals in Azure DevOps, Entra Connect Sync Service Account, Replay of Primary Refresh Token (PRT), Entra ID Security Config Analyzer, and Adversary-in-the-Middle — each written to explain the attack, show detection approaches, and recommend mitigation steps. ... -
8
Checkov
Prevent cloud misconfigurations during build-time for Terraform
Checkov scans cloud infrastructure configurations to find misconfigurations before they're deployed. Checkov uses a common command-line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework. Verify changes to hundreds of supported resource types in all major cloud providers. Checkov supports developers using Terraform, Terraform plan, CloudFormation, Kubernetes, ARM Templates, Serverless, Helm, and AWS CDK. ... -
9
AWS Encryption SDK for C
AWS Encryption SDK for C
...The Windows instructions install everything in your current directory (where you run the build process). The AWS Encryption SDK for C can be used with AWS KMS, but it is not required. For best results when doing a build with AWS KMS integration, do not install aws-c-common directly. Build and install the AWS SDK for C++, which will build and install aws-c-common for you (see the C++ SDK dependencies here). -
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
10
OWASP WrongSecrets
Vulnerable app with examples showing how to not use secrets
...The game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -
11
Kubernetes Network Policy Recipes
Example recipes for Kubernetes Network Policies that you can just copy
Kubernetes Network Policy Recipes is a practical, example-driven repository offering ready-to-use Kubernetes NetworkPolicy manifests and patterns for real application networking scenarios. Rather than just listing theoretical API specs, it groups recipes that implement common intent-based policies — such as isolating namespaces, restricting cross-pod traffic, enabling ingress from specific services, and locking down egress to only necessary endpoints — so users can pick and apply what they need. These recipes help secure Kubernetes clusters by ensuring that pods communicate only with allowed peers, reduce attack surfaces, and enforce least-privilege connectivity at the network layer. ... -
12
Terrascan
Detect compliance and security violations across Infrastructure
...As you embrace Infrastructure as Code (IaC) such as Terraform, Kubernetes, Argo CD, Atlantis and AWS CloudFormation, it is important to ensure that security best practices and compliance requirements are observed. Terracan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. It leverages the Open Policy Agent (OPA) engine so that you can easily create custom policies using the Rego query language. Monitor provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture. Detect security vulnerabilities and compliance violations. -
13
emp3r0r
Linux/Windows post-exploitation framework made by linux user
A post-exploitation framework for Linux/Windows. Initially, emp3r0r was developed as one of my weaponizing experiments. It was a learning process for me trying to implement common Linux adversary techniques and some of my original ideas. So, what makes emp3r0r different? First of all, it is the first C2 framework that targets Linux platform including the capability of using any other tools through it. Take a look at the features for more valid reasons to use it. -
14
Scope Sentry
Cyberspace asset mapping and vulnerability scanning platform
...ScopeSentry can automatically identify assets and services, extract URLs, and crawl websites to collect useful security data for further analysis. It also includes vulnerability scanning and subdomain takeover detection to help identify common security weaknesses across web infrastructure. It supports distributed scanning with multiple nodes, allowing large scanning tasks to be performed efficiently across different systems. -
15
Paseto
Platform-Agnostic Security Tokens
Paseto (Platform-Agnostic Security Tokens) is an open-source security token format designed as a more secure alternative to JWT (JSON Web Tokens). Unlike JWT, Paseto eliminates common cryptographic pitfalls by avoiding weak algorithms. It is designed to be secure by default, with built-in cryptographic best practices, making it ideal for applications requiring robust authentication and token management. -
16
XRAY
XRay for recon, mapping and OSINT gathering from public networks
...XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling. -
17
Windows Super God Mode
Creates shortcuts to virtually every special location or action built
...It automates creation of “God Mode” folders and other control-panel shortcuts, removes the need to manually hunt through layers of Settings or the Registry, and often bundles helper scripts for common maintenance tasks. The intent is to put power-user features—tweaks for privacy, appearance, power management, and system behavior—within quick reach so administrators and enthusiasts can configure machines consistently. Because many of the actions touch system settings, the collection emphasizes clear instructions and reversible steps so users can roll back changes if needed. ... -
18
IntelOwl
Centralized platform for automated threat intelligence analysis
IntelOwl is an open source platform designed to manage and enrich threat intelligence data at scale. It provides a centralized environment where security analysts can gather information about suspicious files and observables such as IP addresses, domains, URLs, or hashes using a single API request. The platform integrates numerous online intelligence sources and advanced malware analysis tools, enabling users to obtain comprehensive threat intelligence without manually querying multiple... -
19
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
20
Arcjet
Arcjet JS SDKs. Rate limiting, bot protection, email verification
Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, and defense against common attacks. Native security for Bun, Next.js, Node.js, SvelteKit, Vercel, Netlify, Fly.io, and other modern platforms. Customizable protection for signup forms, login pages, API routes, and your whole app. Test security rules locally. Protection that works in every environment. No agent is required. -
21
DSVPN
A dead simple VPN
DSVPN is a Dead Simple VPN, designed to address the most common use case for using a VPN. Runs on TCP. Works pretty much everywhere, including on public WiFi where only TCP/443 is open or reliable. Uses only modern cryptography, with formally verified implementations. Small and constant memory footprint. Doesn't perform any heap memory allocations. Small (~25 KB), with an equally small and readable code base. -
22
GopenPGP V3
A high-level OpenPGP library
GopenPGP V3 is a high-level OpenPGP cryptographic library developed by ProtonMail that provides a user-friendly API for common encryption and signing operations in Go, abstracting the complexity of the underlying OpenPGP standards and golang crypto primitives. This library lets developers perform key generation, message encryption and decryption, digital signing, and signature verification with straightforward functions that hide much of the boilerplate and nuance typically required when working directly with OpenPGP implementations. ... -
23
Apple Silicon Guide
Learn all about the A17 Pro, A16 Bionic, R1, M1-series
...The guide also includes practical advice on setting up development environments — such as configuring compilers, package managers, containers, virtualization tools (e.g., UTM/VMs) — and resolving common pain points with dependencies that historically lacked native support. For creative and power users, there are performance recommendations for video/audio production, machine learning workflows, and GPU-accelerated tasks. -
24
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these... -
25
Authelia
The Single Sign-On Multi-Factor portal for web apps
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies. With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available. Written in Go and React, authorization policies and many other backend tasks are completed in mere milliseconds and login portal loading times of 100 milliseconds makes it one of the fastest solutions available. ...
