Search Results for "concept"
Sort By:
Showing 51 open source projects for "concept"
View related business solutions-
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
1
YellowKey
YellowKey Bitlocker Bypass Vulnerability
YellowKey is a security research repository documenting a reported BitLocker bypass vulnerability affecting modern Windows recovery environments. The project is not a general-purpose application, but a proof-of-concept disclosure intended for vulnerability awareness, defensive research, and incident response discussion. It highlights how recovery tooling and boot-adjacent components can create serious risks even when full-disk encryption is enabled. The repository is relevant to security teams, system administrators, forensic analysts, and researchers who monitor Windows endpoint exposure. ... -
2
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
3
thc-hydra
Shows how easy it would be to gain unauthorized access to a system
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. ... -
4
Tookie-OSINT
Username OSINT tool for discovering accounts across many websites
...By entering a target username, Tookie-OSINT scans a list of supported sites and checks whether the username exists on those platforms. This approach removes the need for manual checks and significantly speeds up OSINT investigations. It is similar in concept to tools such as Sherlock, focusing on identifying user profiles across social media and other online services. Tookie-OSINT includes both command-line and optional web interface functionality, giving users flexible ways to run scans and analyze results. Tookie-OSINT was created to help beginners and aspiring security professionals learn about OSINT techniques. -
Build Securely on Azure with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
5
Al-Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation
al-khaser is an open-source proof-of-concept security tool that deliberately implements techniques commonly used by real-world malware to test and evaluate the effectiveness of antivirus and endpoint detection and response (EDR) systems. It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. ... -
6
V3SP3R
AI Flipper control
V3SP3R is an experimental open-source project focused on integrating artificial intelligence with Flipper Zero control, aiming to create a more autonomous and intelligent interaction layer for hardware-based security tools. The project explores the concept of AI-assisted device control, where an intelligent system can interpret commands, automate workflows, and potentially orchestrate complex sequences of actions across Flipper functionalities. It is part of a broader ecosystem of projects by the same author that investigate prompt engineering, agent-based systems, and unconventional AI interaction paradigms. ... -
7
Locker Password Manager
Open source secure password manager
Locker is a password manager that goes beyond the mere concept of password management. Whatever your previous password manager provided, we offer even more. Store passwords, passkeys and personal data in one encrypted vault. Manage effectively with categories and folders. Save your passwords with a click, login and checkout made effortlessly with auto-saving and auto-fill features from passwords, payment details to two-factor authentication passcodes. -
8
Devise
Flexible authentication solution for Rails with Warden
Devise is a flexible authentication solution for Rails that is based on Warden, a general Rack authentication framework. It is a complete MVC solution based on Rails engines that lets you have several models signed in at the same time. It consists of 10 modules: 1. Authenticatable Module, responsible for password hashing and validating user authenticity when signing in 2. Omniauthable adds OmniAuth support 3. Confirmable is responsible for verifying if an account is already confirmed... -
9
Brook
Brook is a cross-platform strong encryption and not detectable proxy
...Usually, if you use Brook, you will need a combination of Server and Client, Of course Brook CLI also has many other independent functions. The Brook CLI file is an independent command file, it can be said that there is no concept of installation, just download this file to your computer, run it after granting it executable permissions in the command line interface. -
Streamline Azure Security with Palo Alto Networks VM-SeriesImprove your security posture and reduce incident response time. Use the VM-Series to natively analyze Azure traffic and dynamically drive policy updates based on workload changes.
-
10
BadUSB
Flipper Zero badusb payload library
This project explores USB device emulation attacks—commonly called BadUSB—by demonstrating how commodity USB hardware can impersonate keyboards, network adapters, or storage devices to perform scripted actions on a host. It typically contains firmware examples, payloads, and explanations showing how a device presenting as a Human Interface Device (HID) can inject keystrokes, open shells, or orchestrate data exfiltration when plugged into a machine. The codebase is frequently intended for... -
11
MicroBurst
A collection of scripts for assessing Microsoft Azure security
...The project exposes both interactive helpers and scripted commands (e.g., Invoke-EnumerateAzureBlobs, Invoke-EnumerateAzureSubDomains, REST-based VM command execution and storage key retrieval routines) so operators can pivot from discovery to validated proof-of-concept actions during authorized penetration tests. -
12
Guardian
Elixir Authentication
...If you're implementing a TCP/UDP protocol directly or want to utilize your authentication via channels in Phoenix, Guardian can work for you. The core currency of authentication in Guardian is the token. By default JSON Web Tokens are supported out of the box but you can use any token that Has the concept of a key-value payload, is tamper-proof, can serialize to a String, or that has a supporting module that implements the Guardian.Token behavior. You can use Guardian tokens to authenticate web endpoints (Plug/Phoenix/X), channels/Sockets (Phoenix - optional), and any other system you can imagine. If you can attach an authentication token you can authenticate it. -
13
GoldBug - Encrypted Communications
Chat Messenger. E-Mail-Client. Websearch. Filetransfer.
...Main GUI features: Minimal & colorful Interface with Tabs in the East. Microsoft & Qt MinGW deprecated Win32 & for Compiling: ● https://sourceforge.net/p/goldbug/wiki/compiling As Spot-On implemented the minimal GB-concept & Nuvola Icons, GoldBug has now been fully integrated into Spot-On Win64: Just choose Tabs at East & Mini-View in Options - w/ Nuvola Icons of course! Voilá! & Many Thanks, Pro-Files can be found archived at ● current source: https://github.com/textbrowser/spot-on ● EN Manual: https://www.amazon.com/dp/3749435065 ● DE: https://compendio.github.io/goldbug-manual-de/ ● Study: https://www.amazon.com/asin/dp/3750408971 -
14
WeIdentity is a set of distributed multi-center technical solutions that can carry the credible mapping of the actual identity and chain identity of the entity object (person or thing), as well as the realization of safe access authorization and data exchange between the entity objects. WeIdentity is independently developed and fully open source by the Microbank. It adheres to the concept of public alliance chains integrating resources, exchanging value, and serving the public. It is committed to becoming a distributed commercial infrastructure linking multiple vertical industry fields, promoting pan-industry, cross-institution, and cross-regional. Identity authentication and data cooperation. In the traditional way, user registration and identity management are completely dependent on the single center's registration agency; with the emergence of distributed ledger technology (such as blockchains), distributed multi-center identity registration, and identification.
-
15
Slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP
Slipstream (also referred to as “NAT Slipstreaming”) is a proof-of-concept exploit framework that allows an attacker to remotely access any TCP or UDP service running on a victim machine inside a NAT (behind a router/firewall) simply by tricking the target to visit a malicious website. It works by abusing the NAT’s Application Level Gateway (ALG) logic and connection tracking, combined with browser capabilities like WebRTC, precise packet fragmentation or boundary control, and packet injection techniques. ... -
16
messor-opencart
Messor Security - IPS/WAF anti DDOS/bot and more for OpenCart3
...Each network member collects intruders and attacks data and then sends it to central servers, as well as distributes the current database to the rest network participants. The current concept provides real-time protection of your store from the network attacks. -
17
email2phonenumber
OSINT tool to discover phone numbers using an email address
email2phonenumber is an open source OSINT (Open Source Intelligence) tool designed to help researchers identify a target’s phone number using only an email address. The project was created as a proof-of-concept during research into new OSINT methodologies for extracting personal information from publicly accessible sources and account recovery mechanisms. The tool works by automating interactions with password reset processes on various online services, which may reveal masked phone number digits associated with an account. By combining these partial digits with other publicly available information, the tool attempts to reconstruct or identify the full phone number. ... -
18
Linux Exploit Suggester 2
Next-Generation Linux Kernel Exploit Suggester
...It inspects the target kernel and OS release, compares that information against a curated database of known kernel vulnerabilities, and reports which exploit primitives are plausibly applicable to the host. The script can optionally download exploit proof-of-concept code from public exploit repositories to accelerate validation in controlled environments. It supports wildcard matching for kernel strings to broaden detection coverage and colorizes its output for easier reading in terminal sessions. Typical usage is simple and lightweight: run the script on the target (or pass a manual kernel string) and review the ranked list of candidate exploits and references. -
19
Drive Badger
Open source platform for covert data exfiltration operations.
Drive Badger is a software tool for data exfiltration – which means, for copying data from the computer to external USB drive. Unlike many other tools from IT security area, it's not a Proof-of-Concept kind of tool, bringing some groundbreaking techniques. Everything, what Drive Badger does, can be as well run manually, step by step. Instead, what Drive Badger really does, is doing it all better, by putting the maximum focus on: -
20
MaskPhish
Introducing "URL Making Technology" to the world
MaskPhish is not any Phishing tool. It's just a proof of concept of "URL Making Technology". It is a simple Bash Script to hide phishing URLs under a normal-looking URL (google.com or facebook.com). It can be integrated into Phishing tools (with proper credits) to look the URL legit. Hiding phishing links in normal-looking trust-able links is a bigger part of social engineering. By using this method the attacker owns the trust of the victim, and the victim treats the phishing link as a normal link because the top-level domain (like Google, YouTube, New York Times, etc) is considered clean. -
21
Nothing Private
A proof of concept that any website can identify and track you
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong. -
22
Cassiopeia's BitMail
Encrypting E-Mail Client
BitMail is a Proof-of-Concept- / Design-Study for an Qt E-Mail Client. POP3 / IMAP / SMTP / P2P E-Mail-Client. ● Qt E-Mail Client. ● Build-in Encryption to secure E-Mails ● IMAP & POP3 ● Additionally a full decentral P2P Email-Option via the Echo Protocol ● Store Email for Offline-Friends in the P2P Network. ● Chat and Instant Messaging is build in -
23
Gryptonite
Cross-platform encrypted password and file database
...For advanced users, it includes a separate utility called Grypto-Transforms, which has a universal hash calculator with all the major hash functions, generic encrypt/decrypt functions and a base64/hex converter. It's not just easy to use, it's also highly secure. Security experts will be happy to know that it uses AES with CCM and has a solid security concept. -
24
w-o-f
Passive or learning mode of web application firewalls to evaluate WAF
"Web application firewalls (WAF)" , The today's requirement to secure the web applications without changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi). -
25
OWASP JSEC CVE Details is is an opensource application developed in Java that is used to know about details of CVE , current CVE releases and also search exploits and proof of concept. https://www.owasp.org/index.php/OWASP_JSEC_CVE_Details [Features] [+] Fetch Recent CVEs [New Features included in v2.0] [+] Search for vulnerabilities of different platform/application/categories [+] Search CVEs [+] Search POC & Exploits Project/Source Code : http://dibsy.github.io/JSEC_CVE_DETAILS/
