Search Results for "patterns"
Sort By:
Showing 31 open source projects for "patterns"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Automate contact and company data extractionGenerate leads at scale without building or maintaining scrapers. Use 10,000+ ready-made tools that handle authentication, pagination, and anti-bot protection. Pull data from business directories, social profiles, and public sources, then export to your CRM or database via API. Schedule recurring extractions, enrich existing datasets, and integrate with your workflows.
-
1
SecLists
The Pentester’s Companion
...SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
2
Kubernetes Network Policy Recipes
Example recipes for Kubernetes Network Policies that you can just copy
...These recipes help secure Kubernetes clusters by ensuring that pods communicate only with allowed peers, reduce attack surfaces, and enforce least-privilege connectivity at the network layer. The recipes scale from simple “deny all traffic by default” policies to more advanced micro-segmentation patterns for multi-tier apps (frontend/backends) and platform-level isolation for CI/CD systems or service meshes. -
3
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
...Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. Command line integration is available with Ant and Maven. Can be used with systems such as Jenkins and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. -
4
Tracee
Linux Runtime Security and Forensics using eBPF
...It is using eBPF technology to tap into your system and expose that information as events that you can consume. Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns. -
Safetica Data Loss Prevention Software for BusinessesSafetica is a cost-effective, easy-to-use Data Loss Prevention (DLP) solution. It performs security audits, prevents sensitive data from leaving your company, and sheds light on what is going on in your organization.
-
5
YARA
The pattern matching swiss knife for malware researchers
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. YARA-CI may be a useful addition to your toolbelt. ... -
6
uBlacklist
Blocks specific sites from appearing in Google search results
uBlacklist is a Google Search filter for Chrome and Firefox. uBlacklist requires many site permissions on install. They are necessary to support all domains where Google Search is provided (google.com, google.ac, google.ad, ...). You can install uBlacklist from Chrome Web Store, Firefox Add-ons or Mac App Store. To block a site that you are looking at from appearing on the search result page, click the toolbar icon. A "Block this site" dialog will be shown. In recent versions of Chrome, the... -
7
novu
The open-source notification infrastructure
The open-source notification infrastructure for developers. Simple components and APIs for managing all communication channels in one place: Email, SMS, Direct, and Push. Select channels, add content with {{dynamic}} syntax, and custom rules to control the delivery of notifications. Use a built-in collection of popular providers - Sendgrid, Mailgun, Twilio and many more. Add API key and you're ready to go. Send an event trigger using one of our community-built SDK's, and we will handle it... -
8
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
...IP Blocklists are limited to very-safe-to-ban IPs only (~5% of the global database so far, will grow soon). A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security. Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors. -
9
Oso
Oso is a batteries-included framework for building authorization
The Oso Library is a batteries-included framework for building authorization in your application. With Oso, you can. Model: Set up common permissions patterns like RBAC and relationships using Oso’s built-in primitives. Extend them however you need with Oso’s declarative policy language, Polar. Filter: Go beyond yes/no authorization questions. Implement authorization over collections too - e.g., “Show me only the records that Juno can see.” Test: Write unit tests over your authorization logic now that you have a single interface for it. ... -
Power your business with flexible POS software.POS Software allows your business to accept payments from customers and keep track of sales. Square Point of Sale software also helps you handle online orders and inventory, reach your customers, and manage your team.
-
10
ModSecurity Nginx Connector
ModSecurity v3 Nginx Connector
...It integrates WAF processing into the NGINX request/response phases, allowing rules to inspect headers, bodies, and even streaming request data before it reaches upstream apps. Operators can load the OWASP Core Rule Set or custom rules to detect and block common attacks such as SQLi, XSS, RCE patterns, and protocol anomalies. The module exposes directives for enabling audit logging, anomaly scoring, request body buffering limits, and performance tuning to fit high-traffic deployments. Because it’s a native NGINX module, it benefits from NGINX’s event-driven architecture and can be compiled as a dynamic module for flexible packaging. ... -
11
KeePass
A lightweight and easy-to-use password manager
KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for Android, iPhone/iPad and other mobile devices. With so many passwords to remember and the need to vary passwords to protect your valuable data, it’s nice to have KeePass to manage your passwords in a secure way. KeePass puts all your passwords in a highly encrypted database and locks them with one master key or a key file. As a result, you only have to... -
12
Metlo
Metlo is an open-source API security platform
Metlo is an open source API security tool you can set up in < 15 minutes that inventories your endpoints, detects bad actors, and blocks malicious traffic in real time. Metlo passively listens to your API traffic and tags every malicous request. Our models are built on patterns of malicous requests to detect bad actors and API attacks. -
13
Privaxy
Privaxy is the next generation tracker and advertisement blocker
...Privaxy is a MITM HTTP(s) proxy that sits in between HTTP(s) talking applications, such as a web browser and HTTP servers, such as those serving websites. By establishing a two-way tunnel between both ends, Privaxy is able to block network requests based on URL patterns and to inject scripts as well as styles into HTML documents. Operating at a lower level, Privaxy is both more efficient as well as more streamlined than browser add-on-based blockers. A single instance of Privaxy on a small virtual machine, server or even, on the same computer as the traffic is originating from, can filter thousands of requests per second while requiring a very small amount of memory. -
14
pyWhat
Identify emails, IP addresses, and more
...Given inputs such as hex strings, URLs, email addresses, IP addresses, credit card numbers, cryptocurrency wallets, or entire .pcap capture files, it scans for structured patterns and tells you what it finds. The tool is recursive: it can traverse files and directories to extract meaningful entities, which is useful when analyzing malware samples, network captures, or code repositories at scale. It offers powerful filters called “tags” and distributions that let you narrow results to specific categories like bug bounties, cryptocurrencies, or AWS-related artifacts. ... -
15
Naxsi
Open-source, high performance, low rules maintenance WAF for NGINX
Technically, it is a third-party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI. Being very simple, those patterns may match legitimate queries, it is Naxsi's administrator duty to add specific rules that will whitelist legitimate behaviors. The administrator can either add whitelists manually by analyzing nginx's error log, or (recommended) start the project with an intensive auto-learning phase that will automatically generate whitelisting rules regarding a website's behavior. ... -
16
Hikari
LLVM Obfuscator
...Designing an Obfuscator is hard, and keeping the source open definitely leaks the pattern to crackers which could potentially make the crackers' life easier if they have the right skillset. While every reasonable attempt has been made in Hikari to reduce such patterns from appearing, however, with overkill weapons like symbolic execution, binary obfuscation can still be defeated much easier, even so-called VM-based obfuscation. DOI 10.1145/2991079.2991114 explained this in great detail. I would implement a few anti-SE mechanisms in the future in an attempt to cause (even) more trouble to attackers, though. -
17
Firing Range
Firing Range is a test bed for web application security scanners
Firing Range is an intentionally vulnerable web application designed to evaluate the real-world effectiveness of web security scanners and training exercises. Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. Each scenario is crafted to reflect how bugs appear in production—behind frameworks, in odd encodings, or across redirects—so scanners must demonstrate accurate crawling and context understanding. ... -
18
AnCH Framework
Another C++ Hack
This project has been migrated to GitHub : https://github.com/vlachenal/anch-framework AnCH framework aims to provide utility classes for some common programming features. Features are implemented to be used as simply as possible. This framework was initially a way to test new C++ specifications (C++11) and to test C++ design patterns and tricks. Only POSIX systems are supported for now. Others could be supported later. (Partial) Doxygen documentation can be found on project home page. -
19
Google Authenticator OpenSource
Open source version of Google Authenticator (except the Android app)
Google Authenticator is the open-source counterpart of Google’s one-time passcode apps, implementing industry-standard OATH algorithms such as TOTP (time-based) and HOTP (counter-based) for two-factor authentication. The repository historically hosts code for mobile platforms like iOS and BlackBerry, demonstrating how to generate numeric codes locally without needing network access. Its core purpose is to help services and users add a second factor that’s simple to deploy yet resistant to... -
20
Log Templater
Templater is a fast log processor for security engineers
...You use the tool to process past log data and store templates that represent normal log line structures. You then run the tool against current or target logs and all normal patterns are automatically ignored. The parser is fast and capable of processing millions of lines per minute. Log Templater runs pretty fast. The following mentrics were generated in a Linux VM running on an i7 @ 3.2GHz. Please donate if you find Log Templater (tmpltr) useful. BTC: 1GwYToq2AuUWUfJJ7NeCpksfjMth7bw7Tu LTC: LKh99yzPeXZ7jQgvGgRhkTGReN4TRK4C6p -
21
ANNFiD
A forensic file identification tool using neural networks
Just carved a bunch of bytes and have no idea what they could be? Maybe ANNFiD can help. ANNFiD uses neural network to identify byte patterns. It can be trained and has a GUI to help in the process. The tool is still on a very early stage, but could improve exponentially with the help of the developer community -
22
FroZenLight connects simple line art and mathematics. The source of light can be positioned so that either symmetric reflection patterns or secret messages (Cryptography) are created. Example light patterns and math exercises for education are provided.
-
23
thad0ctor's Backtrack 5 toolkit
thad0ctor's BT5 toolkit streamlines word list creation and other tasks
Originally designed as a word list creation tool, thad0ctor's BT5 Toolkit has become an all purpose security script to help simplify many Backtrack 5 functions to help Pentesters strengthen their systems. The backbone of thad0ctor's Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass... -
24
This project focuses on a tool development, FAB DNS Snooper, which allows extract information from the company's DNS cache, to get the technological and social behavior patterns of any Domain Name System. DNS Cache Snooping is used technique.
-
25
A simple console program to battle fake naming and name flooding in p2p networks. Connects to a DirectConnect hub (adc and nmdc protocols supported) and scans it for known fake patterns. Also can parse hash indexes of StrongDC and FlylinkDC clients.
