Search Results for "injection"
Sort By:
40 projects for "injection" with 2 filters applied:
-
Add Two Lines of Code. Get Full APM.Works out of the box for Rails, Django, Express, Phoenix, and more. Monitoring exceptions and performance in no time.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
1
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
2
Claude Code Security Reviewer
An AI-powered security review GitHub Action using Claude
...Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning), generates findings (with explanations, severity, and remediation suggestions), filters false positives using custom prompt logic, and posts comments directly on the PR. It supports configuration inputs (which files/directories to skip, model timeout, whether to comment on the PR, etc). ... -
3
XRAY
XRay for recon, mapping and OSINT gathering from public networks
...XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling. -
4
paramspider
Mine parameterized URLs from web archives for security testing
...Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
PHP mini vulnerability suite
Multiple server/webapp vulnerability scanner
github: https://github.com/samedog/phpmvs -
6
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids security researchers in writing buffer overflows, input validation vulnerabilities, as well as helping one audit code for general logic mistakes. -
7
hexinject
Hexadecimal and raw packet injector and sniffer.
Hexadecimal and raw packet injector and sniffer. Can be easily combined with other tools to provide a powerful cmdline framework for raw network access. -
8
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with...
-
9
Webiness
Lightweight PHP framework
...Trying to be secure, it has integrated authetification and authorization module, RBAC user interface, sessions expire feature, input validation, CSRF protection, SQL injection prevention and other security features. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
11
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
12
Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell or extract data also in very hostile conditions. For more information please check http://sqlninja.sf.net
-
13
Mole
Automatic SQL Injection Exploitation Tool
Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible. -
14
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/
-
15
Injection Wizard is an application for injecting traffic into WEP protected Wi-Fi networks, like aireplay-ng, but it's much more easy to use and it can work with worse conditions.
-
16
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
17
sqlcake
Automatic SQL injection and database information gathering tool.
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features. Written in Ruby. -
18
Note: WE ARE UNABLE TO UPDATE THE SCANNER AT THIS MOMENT! Note: WE APPRECIATE YOUR CONTRIBUTION. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. We'll update it soon. The database update is currently maintained by web-center.si. Send your contributions, recommendations and bugs report to joomscan at yehg.net or creating a ticket at Trac here.
-
19
Gui for aircrack-ng that can crack WEP and WPA networks, automatically scans for available networks, provides fake authentication and injection support.
-
20
CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your network interface and hijack all cookie. The hijacked cookies can be edit and/or injected in your Firefox. It include a arp poisoning tool.
-
21
Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
-
22
ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.
-
23
mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.
-
24
InjectionDenied is a bash/gawk program that blocks PHP and SQL attacks by adding entries to /etc/hosts.deny (it works like DenyHosts with SSH). The daemon inform the admin about the new block host by mail.
-
25
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured
