Search Results for "issues" - Page 2
Sort By:
Showing 70 open source projects for "issues"
View related business solutions-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
CookieGuardAudit
A beginner-friendly Python CLI tool that audits website cookies.
CookieGuardAudit is a simple Python command-line security tool that checks a website's cookies for common security flag issues. It helps users quickly spot weak cookie settings such as missing Secure, missing HttpOnly, missing SameSite, and SameSite=None without Secure. This project is designed for beginners, defenders, students, and anyone learning basic web security auditing. -
2
OpenAS2
AS2 1.1 server implementation in Java
...It is extremely configurable and supports a wide variety of signing and encryption algorithms. Supports very high traffic volume allowing parallel processing of files per partner. SUPPORT: Please use the Github issues and Discussions channels here: https://github.com/OpenAS2/OpenAs2App/ Requirements: - Java 11 or newer (tested with the LTS versions of Java up to 21) - Any OS that runs Java Planned enhancements in the next major release: - User interace configuration GUI - Certificate Exchange Management IMPORTANT: Java 8 is no longer supported. -
3
CacheGuard Gateway
Free UTM appliance: firewall, VPN, WAF and antivirus in one ISO.
...CacheGuard is a free open-source network security appliance for startups and growing businesses that need serious protection without the complexity. Install CacheGuard-OS on any x86 machine or VM and get a complete security gateway in under an hour. No plug-ins, no compatibility issues. Everything works out of the box. CacheGuard-OS is not an app, it IS the OS. A fully custom network appliance operating system built from scratch over 20 years, now fully open source. One ISO includes: firewall, VPN, web antivirus, URL filtering, SSL inspection, WAF, reverse proxy, load balancer and QoS. Free for any number of users. ... -
4
MrFish
A anti-phishing Python script with headers and proxies!
MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling... -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
5
A network access control (NAC) system featuring a captive-portal for registration and remediation, wired and wireless management, 802.1X support, isolation of devices, integration with IDS; it can be used to secure networks from small to large. Source code is hosted here: https://github.com/inverse-inc/packetfence Issue tracker is hosted here: https://github.com/inverse-inc/packetfence/issues
-
6
Cherrybomb
Cherrybomb is a CLI tool that helps you avoid undefined user behaviour
...Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. ... -
7
paramspider
Mine parameterized URLs from web archives for security testing
...Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
8
Kernelhub
Kernel privilege escalation vulnerability collection
...This project is a collection of proprietary, except for test failure or unspecified Exp, Demo GIF map. If there is an omission of the omission of CVE vulnerabilities, please join your issues and bring your use of code. Project code is prohibited from testing in a real environment! The reliability of the code is self-verified, and the cause of the fault you have is not responsible. -
9
Kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command
...It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network. When running an exploit, it will practice the organization's cyber event management, which doesn't happen when scanning for cluster issues. It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Liferay Security Patches
Download latest security patches for Liferay community
This project contains security patches (binaries) for different versions of Liferay community, which are no more developed as newer versions are released. Apart from the security patches, some of the binaries include additional fixes for the issues raised at https://issues.liferay.com/ (Liferay Issue Tracking System). Please note, that this is not an official Liferay repository. The patches were kindly provided by the Liferay Community Security team members, which was compiled and released here. Source code for the security fixes can be found at https://github.com/community-security-team/liferay-portal In addition, we recommend using Liferay DXP for official product support, faster delivery of patches and updates baked by Liferay Team itself. -
11
CloudMapper
CloudMapper analyzes your Amazon Web Services (AWS) environments
...The original purpose was to generate network diagrams and display them in your browser (functionality no longer maintained). It now contains much more functionality, including auditing for security issues. If you want to add your own private commands, you can create a private_commands directory and add them there. You must have AWS credentials configured that can be used by the CLI with reading permissions for the different metadata to collect. Cloudmapper needs to make IAM calls and cannot use session credentials for collection, so you cannot use the AWS-vault server if you want to collect data, and must pass role credentials indirectly or configure AWS credentials manually inside the container. ... -
12
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organization. It performs numerous in-depth checks on a range of services and open ports well across more than one platform such as self-hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc., to identify any misconfigurations which make organizations an easy target for attackers. -
13
DevHub
Filter issues, activities and notifications
...Create a column for each person and see what they are up to commits, comments, issues, pull requests, tags, releases, etc. -
14
American Fuzzy Lop
American fuzzy lop - a security-oriented fuzzer
...Its workflow emphasizes quick start: point it at a target binary with compile-time instrumentation (or use QEMU-based mode when recompilation isn’t possible), seed it with a small corpus, and let it iterate. AFL is known for finding serious security issues in complex software due to its corpus minimization, queue management, and deterministic mutation stages that balance breadth and depth. It provides crash triage helpers and test case minimization so developers can reproduce and fix issues quickly. The design deliberately optimizes for robustness and speed on commodity hardware, which helped it become a standard part of many security testing pipelines. -
15
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
...In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities. -
16
lua-resty-auto-ssl
On the fly (and free) SSL registration and renewal inside OpenResty
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt. This OpenResty plugin automatically and transparently issues SSL certificates from Let's Encrypt (a free certificate authority) as requests are received. By default, resty-auto-ssl will not perform any SSL registrations until you define the allow_domain function. You may return true to handle all possible domains, but be aware that bogus SNI hostnames can then be used to trigger an indefinite number of SSL registration attempts (which will be rejected). ... -
17
MozDef
MozDef: Mozilla Enterprise Defense Platform
MozDef aims to bring real-time incident response and investigation to the defensive toolkits of security operations groups in the same way that Metasploit, LAIR, and Armitage have revolutionized the capabilities of attackers. We use MozDef to ingest security events, alert us to security issues, investigate suspicious activities, handle security incidents, and visualize and categorize threat actors. The real-time capabilities allow our security personnel all over the world to work collaboratively even though we may not sit in the same room together and see changes as they occur. The integration plugins allow us to have the system automatically respond to attacks in a preplanned fashion to mitigate threats as they occur. -
18
Remme PKI (d) Protocol
Blockchain-based distributed PKI protocol
Remme Protocol is a blockchain-based protocol focused on digital key and identity lifecycle management to resolve issues related to cybersecurity, IoT connectivity, data integrity, digital copyright protection, transparency etc. Some of the groundbreaking features include: - Free Rate Limited Transactions - Low Latency Block confirmation (0.5 seconds) - Attribute-based identity and access control - Designed for Sparse Header Light Client Validation - Time Delay Security - Hierarchical Role Based Permissions - Support for Biometric Hardware Secured Keys (e.g. ... -
19
Firing Range
Firing Range is a test bed for web application security scanners
...Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. Each scenario is crafted to reflect how bugs appear in production—behind frameworks, in odd encodings, or across redirects—so scanners must demonstrate accurate crawling and context understanding. Because the behaviors are stable and documented, teams can run comparative tests over time and quantify regression or improvement in their pipelines. ... -
20
APIthet
An Application to security test RESTful web APIs.
APIthet is an application to security test RESTful web APIs. Assessing APIs help in detecting security vulnerabilities at an early stage of the SDLC. Compare this with assessing an Android application that uses APIs on a backend server. This kind of assessment happens at a much later phase of the SDLC. Even worse, it does not necessarily touch all the APIs. That's not all. You specify one of the JSON parameters as random. This helps set a unique value for a specific JSON parameter in... -
21
BitCrazy's Faucet-in-a-Box Mod
Mod of the original Faucet-in-a-Box faucet PHP script
.... ======================================== Minimum requirements: PHP 5.4.4+ (5.5 recommended) MySQL (5.6 recommended) ======================================== CHANGELOG { [F] - bugfixes, [+] - new features, [!] - known issues } Current release (version 7): [+]: CACert.pem updated to latest version. [+]: FaucetHub.php was replaced with native FaucetHub library! [+]: Faucet now has page "Currency rate", where you can see USD price of selected currency. [+]: Anti-Bot Links were updated to version 5.75 [F]: + various related fixes & small changes.... -
22
Lynis
System/security auditing tool for hardening and securing Linux/Unix
...It is used by security consultants, auditors and system administrators. This tool performs a security audit of the system and determines how well it is hardened. Any detected security issues will be provided in the form of a suggestion or warning at the end of the audit. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. ... -
23
OWASP Security Shepherd
Web and mobile application security awareness/training platform
...If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd -
24
There are a lot of tools and plugins to fix security issues of the dignified mail system. The goal of this project is to redefine a system that takes the problems of our time into account. Be sure to visit this project on github: https://github.com/mv2project/mv2
-
25
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...
