Search Results for "tests"
Sort By:
Showing 76 open source projects for "tests"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
1
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
2
WPScan
WPScan WordPress security scanner
WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators. -
3
nbcelltests
Cell-by-cell testing for production Jupyter notebooks in JupyterLab
nbcelltests is designed for writing tests for linearly executed notebooks. Its primary use is for unit testing reports. Cell-by-cell testing for production Jupyter notebooks in JupyterLab. To use in JupyterLab, you will also need the lab and server extensions. Typically, these are automatically installed alongside nbcelltests, so you should not need to do anything special to use them. -
4
AWS Encryption SDK for Dafny
AWS Encryption SDK for Dafny
To build, the AWS Encryption SDK requires the most up-to-date version of dafny on your PATH. In addition, this project uses the parallel verification tasks provided by the dafny.msbuild MSBuild plugin, and thus requires dotnet 3.0. The tests currently require native implementations of cryptographic primitives and other methods, so they can only be run when embedding this library into one of the compilation target languages supported by Dafny. This repo uses Duvet to directly document the specification alongside this implementation. Refer to the specification for how to install duvet in order to generate reports. ... -
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
5
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web... -
6
SIPVicious
Security tools that can be used to audit SIP based VoIP systems
SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications. Open-source security suite for auditing SIP based VoIP systems. Also known as friendly-scanner, it is freely available to help pentesters, security teams and developers quickly test their SIP systems. Download the latest source code from git or the latest release, send pull requests and open issues. Install the latest and greatest release... -
7
fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go
The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful, and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, and... -
8
PHP OAuth 2.0 Server
A spec compliant, secure by default
...All HTTP messages passed to the server should be PSR-7 compliant. This ensures interoperability with other packages and frameworks. The library uses PHPUnit for unit tests. We use Github Actions, Scrutinizer, and StyleCI for continuous integration. In order to prevent man-in-the-middle attacks, the authorization server MUST require the use of TLS with server authentication as defined by RFC2818 for any request sent to the authorization and token endpoints. The client MUST validate the authorization server’s TLS certificate as defined by RFC6125. -
9
lynis
Security auditing tool for Linux, macOS, and UNIX-based system
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007. Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. PCI, HIPAA, SOx), penetration testing, vulnerability... -
Stop Cyber Threats with VM-Series Next-Gen Firewall on AzureGain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
-
10
Modlishka
Powerful and flexible HTTP reverse proxy
Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy of multi-domain destination traffic, both TLS and non-TLS, over a single domain, without the requirement of installing any additional certificate on the client. What exactly does this mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. Modlishka was written as... -
11
AWS Secrets Manager Python caching
Enables in-process caching of secrets for Python applications
The AWS Secrets Manager Python caching client enables in-process caching of secrets for Python applications. To use this client you must have Python 3.6 or newer. Use of Python versions 3.5 or older are not supported. An Amazon Web Services (AWS) account to access secrets stored in AWS Secrets Manager. To create an AWS account, go to Sign In or Create an AWS Account and then choose I am a new user. Follow the instructions to create an AWS account. To create a secret in AWS Secrets Manager,... -
12
IBM's TPM 2.0 TSS
IBM's TPM 2.0 TSS
...See the companion IBM TPM 2.0 at https://sourceforge.net/projects/ibmswtpm2/ and attestation at projects/ibmtpm2acs I welcome (1) bug reports, (2) documentation requests, (3) suggestions for ECC tests, and (4) requests for features for which you have an immediate need. See the wiki for additional support - additions to the documentation. -
13
OpenAS2
AS2 1.1 server implementation in Java
OpenAS2 is a java-based implementation of the EDIINT AS2 standard. It is intended to be used as a server. It is extremely configurable and supports a wide variety of signing and encryption algorithms. Supports very high traffic volume allowing parallel processing of files per partner. SUPPORT: Please use the Github issues and Discussions channels here: https://github.com/OpenAS2/OpenAs2App/ Requirements: - Java 11 or newer (tested with the LTS versions of Java up to 21) ... -
14
Eristic Cryptographic Toolkit
Open source 8 bit random number generator
Eris version 7 pseudo random number generator and hashing function. Passes Dieharder tests. -
15
PetoronHash-System
PHASH | post-quantum XOF hashing algorithm | C++20
...Context and salt separation — unique hashing domains for each use-case. Optimized performance — ~120–130 MB/s Comprehensive verification — verify_all.sh performs KAT tests, determinism checks, and performance validation. Verification Script: chmod +x verify_all.sh ./verify_all.sh https://github.com/01alekseev/PetoronHash-System Ivan Alekseev | petoron.org -
16
MrFish
A anti-phishing Python script with headers and proxies!
MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling systems. ... -
17
Oso
Oso is a batteries-included framework for building authorization
...Filter: Go beyond yes/no authorization questions. Implement authorization over collections too - e.g., “Show me only the records that Juno can see.” Test: Write unit tests over your authorization logic now that you have a single interface for it. Use the debugger or tracing to track down unexpected behavior. Oso lets you write policies to control who can do what in your app. Select different policies below to see how they change the permissions in the sample app on the right. Oso's language libraries can be developed without touching the Rust core, but you will still need the Rust stable toolchain installed in order to build the core. -
18
Cherrybomb
Cherrybomb is a CLI tool that helps you avoid undefined user behaviour
...Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. ... -
19
AWS Jupyter Proxy
Jupyter server extension to proxy requests with AWS SigV4 authentican
A Jupyter server extension to proxy requests with AWS SigV4 authentication. This server extension enables the usage of the AWS JavaScript/TypeScript SDK to write Jupyter frontend extensions without having to export AWS credentials to the browser. A single /awsproxy endpoint is added on the Jupyter server which receives incoming requests from the browser, uses the credentials on the server to add SigV4 authentication to the request, and then proxies the request to the actual AWS service... -
20
email2phonenumber
OSINT tool to discover phone numbers using an email address
email2phonenumber is an open source OSINT (Open Source Intelligence) tool designed to help researchers identify a target’s phone number using only an email address. The project was created as a proof-of-concept during research into new OSINT methodologies for extracting personal information from publicly accessible sources and account recovery mechanisms. The tool works by automating interactions with password reset processes on various online services, which may reveal masked phone number... -
21
OpenSK
OpenSK is an open-source implementation for security keys
OpenSK is an open-source implementation of FIDO2 (WebAuthn + CTAP) security keys, written in Rust and designed to run on affordable microcontroller boards. It provides the full authenticator stack—USB/NFC transport, CTAP protocol handling, credential management, and cryptographic operations—so you can build and audit your own hardware token. The project emphasizes defense-in-depth: memory-safe Rust, hardened crypto, isolation via an embedded OS, and explicit user presence/verification flows.... -
22
BugBuntu
Linux Distribution for Bug Hunters
BugBuntu is a Fork of Ubuntu 18.04 customized for Bug Hunters. The distribution contains almost all tools used by KingOfBugBounty tips repository for Recon and tests on platforms like Hackerone, Bugcrowd and others. Default credential: user: bugbuntu pwd: bugbuntu KingOfBugBoutyTips: https://github.com/KingOfBugbounty/KingOfBugBountyTips Telegram Group: https://t.me/joinchat/DN_iQksIuhyPKJL1gw0ttA -
23
htrace.sh
My simple Swiss Army knife for http/https troubleshooting
htrace.sh is a shell-based “Swiss Army knife” for HTTP/HTTPS troubleshooting that wraps a variety of network and security tools into a single, convenient command. It helps engineers inspect endpoints by collecting connection details, TLS certificate info, and server headers while optionally driving tests from third-party analyzers. The script emphasizes operability: you can run quick checks against URLs to reveal redirects, protocol negotiation, and response timing without assembling a pile of one-off commands. It supports profiling scenarios useful during incidents, such as confirming cipher support, verifying chain validity, or flagging misconfigurations. ... -
24
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
...By automatically extracting this data, BlackWidow helps security professionals and researchers build a clearer understanding of a website’s structure and publicly accessible information. In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities. -
25
Pharos
RTOS for Secure, Safe and Real-Time Systems
Pharos is a free open-source RTOS for secure, safe and real-time systems with the following characteristics: - Memory and enhanced time partitioning (TSP) - Native support for sporadic, periodic and aperiodic threads - Fixed-priority preemptive scheduler - Execution time protection (threads are prevented from executing for more time than they are configured to) - Small size (full image has ~100 to 300KiB text, ~30KiB data) - Hard real-time determinism - Fast critical sections - Prioritized nested interrupts - inter-partition communication with filters to protect unwanted access - Multicore support (RMP) - Supports ARM9, Cortex-A/R/M and Aarch64, RISC-V64 (64 bits) - The complete TestSuite (see below information) is run successfully for each platform in each release - Tested: more than 170 KLOC of requirement-based tests, executed for each board at each release - Up-to-date User Manual also available See our wiki page for more information.
