Search Results for "vulnerable web apps"
Sort By:
Showing 65 open source projects for "vulnerable web apps"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
Blokada Apps
Repo for Blokada apps
Blokada is the popular ad blocker and privacy app for Android and iOS. It's being supported and actively developed by the amazing open-source community. Our modern solution for mobile content blocking. Protect multiple devices from ads and tracking, and manage your preferences in one place. Enjoy zero battery drain, no noticeable slowdowns, and highly reliable adblocking. If you want to efficiently block ads, trackers, malware, save on your data plan, speed up your device and protect your... -
2
Retire.js
Scanner detecting the use of JavaScript libraries
...Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt-retire scans your grunt-enabled app for use of vulnerable JavaScript libraries and/or node modules. Scans visited sites for references to insecure libraries and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded. -
3
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. -
4
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
...Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. It positions itself as a pre-attacker safety net, aiming to break your web app before someone else does and thereby reduce the gap between “potentially vulnerable” and “confirmed exploitable.” -
Stop Cyber Threats with VM-Series Next-Gen Firewall on AzureGain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
-
5
SimpleX
The first messaging platform operating without user identifiers
...It allows to deliver messages without user profile identifiers, providing better meta-data privacy than alternatives. Many communication platforms are vulnerable to MITM attacks by servers or network providers. To prevent it SimpleX apps pass one-time keys out-of-band when you share an address as a link or a QR code. Double-ratchet protocol. OTR messaging with perfect forward secrecy and break-in recovery. NaCL cryptobox in each queue to prevent traffic correlation between message queues if TLS is compromised. -
6
UFONet
UFONet - Denial of Service Toolkit
UFONet is a powerful and controversial Python-based toolkit for testing and conducting Distributed Denial of Service (DDoS) attacks using unconventional methods, such as leveraging third-party web applications as attack vectors. It automates the discovery of vulnerable targets and enables attackers or researchers to launch large-scale amplification attacks without directly using botnets. While primarily intended for penetration testing and educational purposes, UFONet emphasizes anonymity through the use of proxies, TOR, and encrypted command channels. -
7
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. ... -
8
Luakit
Fast, small, webkit based browser framework extensible by Lua
Luakit is a highly configurable browser framework based on the WebKit web content engine and the GTK+ toolkit. It is very fast, extensible with Lua, and licensed under the GNU GPLv3 license. It is primarily targeted at power users, developers and anyone who wants to have fine-grained control over their web browser’s behavior and interface. While switching to the WebKit 2 API means a vastly improved security situation, not all distributions of Linux package the most up-to-date version of WebKitGTK+, and several package very outdated versions that have many known vulnerabilities. ... -
9
EMBA
The firmware security analyzer
...It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. EMBA is a command line tool with the possibility to generate an easy-to-use web report for further analysis. EMBA assists the penetration testers and product security teams in the identification of weak spots and vulnerabilities in the firmware image. ... -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
10
Adguard Browser Extension
AdGuard browser extension
AdGuard is a fast and lightweight ad-blocking browser extension that effectively blocks all types of ads and trackers. AdGuard is a fast and lightweight ad blocking browser extension that effectively blocks all types of ads and trackers on all web pages. We focus on advanced privacy protection features to not just block known trackers, but prevent web sites from building your shadow profile. Unlike its standalone counterparts (AG for Windows, Mac), the browser extension is completely free... -
11
Ente
End-to-end encrypted cloud for photos, videos and 2FA secrets
...Ente is a service that provides a fully open source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of this platform, we have built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy). This monorepo contains all our source code - the client apps (iOS / Android / F-Droid / Web / Linux / macOS / Windows) for both the products (and more planned future ones!), and the server that powers them. -
12
Locker Password Manager
Open source secure password manager
...Save your passwords with a click, login and checkout made effortlessly with auto-saving and auto-fill features from passwords, payment details to two-factor authentication passcodes. Locker password manager is available anytime on any platform and device, whether it is a web browser, extensions, mobile apps or desktop apps. Share passwords and sensitive data with your friends and colleagues quickly and securely. Or share items with anyone, even if they don't use Locker. -
13
FingerprintJS
Browser fingerprinting library
FingerprintJS is a source-available, client-side, browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode and even when browser data is purged. Since FingerprintJS processes and generates the fingerprints from within the browser itself, the accuracy is limited (40% - 60%). For example, when 2 different users send requests using identical (i.e.... -
14
TinyAuth
The simplest way to protect your apps with a login screen
TinyAuth is a lightweight authentication middleware designed to protect your self-hosted web services without forcing you to build a full login system from scratch. It integrates easily with reverse proxies and container orchestrators (like Traefik, Caddy, or Nginx) to gate access behind simple policies and supports multiple auth backends, giving you flexible control over who can reach your apps. TinyAuth operates by forwarding authentication requests to configured identity providers, helping you enforce consistent access control across services in modern Docker or Kubernetes environments. ... -
15
Redwood
The App Framework for Startups
Focus on building your startup, not fighting your framework. Redwood is the full-stack web framework designed to help you grow from side project to startup. Our mission is to help more startups explore more territory, more quickly. We begin by crafting a more integrated framework. We’ve chosen the world’s most popular rendering engine to power Redwood’s web frontend. With React, you’ll have your pick of learning materials, design systems, and trained employees. -
16
Authelia
The Single Sign-On Multi-Factor portal for web apps
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies. With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available. Written in... -
17
...List Of All Labs in one VM:- 1. Web-DVWA 2. Mutillidae 3. Webgoat 4. Bwapp 5. Juice-shop 6. Security-ninjas 7. WordPress We are adding more labs in few days
-
18
Internal All The Things
Active Directory and Internal Pentest Cheatsheets
...The content is designed to help both learners and experienced red-teamers fill gaps in their internal pentest knowledge, especially for environments where AD and internal tooling dominate. Because internal engagements often have more complexity and fewer online guides compared to internet-facing web apps, this repo serves as a converging point for best practices, write-ups, and cheat sheets. The repository is structured, continuously updated, and encourages contributions, so its value grows over time. For teams, it can act as a reference handbook for engagements or a training resource to onboard new pentesters. -
19
ModSecurity Nginx Connector
ModSecurity v3 Nginx Connector
ModSecurity-nginx is the connector that embeds the ModSecurity v3 (libmodsecurity) web application firewall engine into NGINX. It integrates WAF processing into the NGINX request/response phases, allowing rules to inspect headers, bodies, and even streaming request data before it reaches upstream apps. Operators can load the OWASP Core Rule Set or custom rules to detect and block common attacks such as SQLi, XSS, RCE patterns, and protocol anomalies. -
20
React Native Auth0
React Native toolkit for Auth0 API
With a few lines of code, you can have Auth0 integrated into any app written in any language, and any framework. We provide 30+ SDKs & Quickstarts to help you succeed in your implementation. Enable user collaboration and granular access control in your applications with easy-to-use APIs. From improving customer experience through seamless sign-on to making MFA as easy as a click of a button, your login box must find the right balance between user convenience, privacy and security. That’s why... -
21
dex
OpenID Connect (OIDC) identity and OAuth 2.0 provider
...Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.ID Tokens are an OAuth2 extension introduced by OpenID Connect and dex's primary feature. ID Tokens are JSON Web Tokens (JWTs) signed by dex and returned as part of the OAuth2 response that attest to the end user's identity. -
22
IBM's TPM 2.0 TSS
IBM's TPM 2.0 TSS
...It implements the functionality equivalent to (but not API compatible with) the TCG TSS working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a hopefully simpler interface. It comes with over 110 "TPM tools" samples that can be used for scripted apps, rapid prototyping, education, and debugging. It also comes with a web based TPM interface, suitable for a demo to an audience that is unfamiliar with TCG technology. It is also useful for basic TPM management. See the below link for operating system, platform, and hardware support. See the companion IBM TPM 2.0 at https://sourceforge.net/projects/ibmswtpm2/ and attestation at projects/ibmtpm2acs I welcome (1) bug reports, (2) documentation requests, (3) suggestions for ECC tests, and (4) requests for features for which you have an immediate need. ... -
23
StrongKey FIDO Server (SKFS)
FIDO® Certified StrongKey FIDO Server (SKFS)
An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps). -
24
SafeUtils
110+ developer tools as native MacOS, Linux & Windows desktop apps.
Tools: https://safeutils.com/barcode-generator https://safeutils.com/color-picker https://safeutils.com/qr-code-generator https://safeutils.com/qr-code-scanner https://safeutils.com/word-counter https://safeutils.com/base-64-decoder https://safeutils.com/diff-checker https://safeutils.com/hex-to-ascii https://safeutils.com/json-formatter https://safeutils.com/lorem-ipsum-generator https://safeutils.com/random-generator https://safeutils.com/time-converter https://safeutils.com/... -
25
paramspider
Mine parameterized URLs from web archives for security testing
...These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance.
