Search Results for "injection"

...It’s written in C/C++ and designed to execute a wide range of anti-analysis, anti-debugging, anti-virtualization, timing-based evasion, and sandbox detection routines so security researchers and defenders can see how well their tools detect or ignore these behaviors. The project includes checks for debugger presence, stealthy anti-dumping measures, various VM and sandbox artifacts, and process injection techniques, giving you a broad view of how defensive tools respond under stress. al-khaser isn’t malicious by intent — its purpose is to help security teams identify gaps in their detection logic and harden defenses by simulating evasive behaviors without actual payloads.

...In addition to delimiting data by length, it also affords programmers the ability to use text for describing data, just like tags are used in HTML and XML. Thus, SPF provides a simple and practical approach to preventing command injection attacks while allowing text to describe data.

...As an application rather than a library, it provides a concrete example of how to leverage Blackbone’s robust process and memory manipulation APIs to perform manual and automated DLL injection into both 32-bit and 64-bit Windows applications. Xenos supports a variety of mapping techniques including manual mapping, and it is configured to work across supported Windows versions from Windows 7 to Windows 10 x64, making it useful for developers and modding communities working with older or newer games and applications. By basing its core functionality on Blackbone, Xenos benefits from the underlying library’s advanced memory manipulation capabilities such as process attachment, memory allocation, and loader-agnostic injection methods.

ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids security researchers in writing buffer overflows, input validation vulnerabilities, as well as helping one audit code for general logic mistakes.

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

SpaceMonkey is a Web application auditing tool. It can detect bugs or security flaws without using a knowledge database. It uses fault injection technics ('fuzzing') in order to reveal the flaws (SQL injection, XSS, File inclusion, command execution ).

Acte is an sql injection tool that performs error based sql-injection on web applications which use microsoft sql-server. It includes various queries to extract info from "dead end" situations and it also includes DOS attacks and other features.