Showing 318 open source projects for "web-based"

View related business solutions
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • Train ML Models With SQL You Already Know Icon
    Train ML Models With SQL You Already Know

    BigQuery automates data prep, analysis, and predictions with built-in AI assistance.

    Build and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
    Try Free
  • 1
    RedAmon

    RedAmon

    AI-powered framework for automated penetration testing and red teaming

    ...It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process.
    Downloads: 10 This Week
    Last Update:
    See Project
  • 2
    IVRE

    IVRE

    Open source framework for large scale network reconnaissance and analy

    ...The framework integrates with well known security and scanning tools such as Nmap, Masscan, ZGrab2, ZDNS, and Zeek to gather large amounts of network intelligence. IVRE stores the collected data in a database and offers multiple ways to explore and analyze it, including a web interface, command line tools, and a Python API. This allows security professionals to query scan results, inspect network flows, and identify patterns across large datasets. The project can be used to build self hosted alternatives to internet scanning services such as Shodan or Censys, giving organizations full control over their own reconnaissance infrastructure.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 3
    GTFOBins

    GTFOBins

    GTFOBins is a curated list of Unix binaries

    GTFOBins is a curated catalog of Unix / POSIX system binaries and how they can be misused to bypass restrictions, escalate privileges, exfiltrate data, spawn shells, or otherwise act as “living off the land” tools in a compromised environment. It collects documented techniques for how everyday binaries (e.g. awk, bash, tar, scp) can be abused under constrained conditions. Indexed list of Unix binaries and documented misuse techniques. Examples of command invocations to exploit...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 4
    linkedin2username

    linkedin2username

    Generate probable usernames from LinkedIn company employee lists

    ...This process helps security researchers, penetration testers, and investigators perform reconnaissance by building potential username lists for further security testing or OSINT analysis. Unlike tools that rely on official APIs, linkedin2username operates as a pure web scraper and therefore does not require API keys. The script uses Selenium to automate browser interactions and perform searches within LinkedIn to gather employee data.
    Downloads: 0 This Week
    Last Update:
    See Project
  • $300 Free Credits to Build on Google Cloud Icon
    $300 Free Credits to Build on Google Cloud

    New to Google Cloud? Get $300 in credits to explore Compute Engine, BigQuery, Cloud Run, Gemini Enterprise Agent Platform, and more.

    Start your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
    Claim $300 Free
  • 5
    cloud_enum

    cloud_enum

    Multi-cloud OSINT tool for discovering public cloud resources

    cloud_enum is an open source reconnaissance and OSINT tool designed to discover publicly accessible cloud resources across major cloud providers. It focuses on enumerating assets in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform using keyword-based discovery techniques. It works by taking user-provided keywords and generating variations through mutation wordlists, then testing these combinations against common cloud service naming patterns. cloud_enum performs both HTTP probing and DNS lookups to identify resources such as storage buckets, cloud applications, and databases that may be exposed or accessible. cloud_enum uses concurrent processing to speed up scanning, enabling efficient enumeration of large numbers of possible resource names. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 6
    OAuthLib

    OAuthLib

    A generic, spec-compliant, thorough implementation of the OAuth

    A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.8+. OAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without assuming a specific HTTP request object or web framework. Use it to graft OAuth client support onto your favorite HTTP library, or provide support onto your favourite web framework. If you're a maintainer of such a library, write a thin veneer on top of OAuthLib and get OAuth support for very little effort.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 7
    SIPVicious

    SIPVicious

    Security tools that can be used to audit SIP based VoIP systems

    SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications. Open-source security suite for auditing SIP based VoIP systems. Also known as friendly-scanner, it is freely available to help pentesters, security teams and developers quickly test their SIP systems. Download the latest source code from git or the latest release, send pull requests and open issues.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 8
    gitGraber

    gitGraber

    Real-time GitHub monitor that detects leaked API keys and secrets

    gitGraber is a Python-based security tool designed to monitor GitHub in real time to detect exposed sensitive information in publicly indexed repositories. It scans recently indexed files on GitHub and searches for patterns that may indicate leaked credentials, API keys, or other confidential data used by popular online services. Instead of analyzing the full history of repositories, the tool focuses on newly indexed content, allowing security researchers and bug bounty hunters to quickly identify fresh leaks as they appear. gitGraber uses carefully crafted regular expressions to detect tokens and secrets associated with platforms such as AWS, Google, PayPal, Twitter, Stripe, and many others. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 9
    ClusterFuzz

    ClusterFuzz

    Scalable fuzzing infrastructure

    ...Supports multiple coverage guided fuzzing engines (libFuzzer, AFL, AFL++ and Honggfuzz) for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase.
    Downloads: 2 This Week
    Last Update:
    See Project
  • MongoDB Atlas runs apps anywhere Icon
    MongoDB Atlas runs apps anywhere

    Deploy in 115+ regions with the modern database for every enterprise.

    MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
    Start Free
  • 10
    Xteam

    Xteam

    All-in-one command-line toolkit for security testing and OSINT tools

    ...It combines several modules and external tools to help users perform security research tasks related to mobile devices, wireless networks, and online services. It acts as a centralized launcher that integrates scripts and third-party tools, allowing users to access different testing functions through a menu-based command line workflow. Xteam includes features such as Instagram information gathering, phishing utilities, wireless attack tools, and Android security testing capabilities. Xteam’s architecture uses a main bash script that serves as the hub for running internal modules or downloading and executing external projects when needed. ...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 11
    ClatScope

    ClatScope

    OSINT reconnaissance tool for IP, domain, email, and username lookups

    ClatScope is a Python-based OSINT (open source intelligence) utility designed to gather and analyze publicly available information from multiple online sources. It is primarily aimed at investigators, cybersecurity professionals, penetration testers, and researchers who need a centralized platform for reconnaissance tasks. It integrates with numerous public APIs and internet services to retrieve detailed data about IP addresses, domains, email addresses, phone numbers, usernames, and other digital identifiers. ...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 12
    SkillSpector

    SkillSpector

    Security scanner for AI agent skills

    ...The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git repositories, URLs, zip files, folders, and individual files. It also produces practical reports with risk scores, severity labels, and recommendations that make security reviews easier to act on.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 13
    Harpoon

    Harpoon

    Command line OSINT and threat intelligence automation tool

    Harpoon is a command line tool designed to assist with open source intelligence (OSINT) and threat intelligence investigations. It helps security professionals and researchers collect and analyze publicly available information from a wide range of online sources. Harpoon is written in Python and organized around a modular plugin system, where each plugin is responsible for querying a specific platform, API, or intelligence service. This design allows users to automate many reconnaissance and...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 14
    pwnedOrNot

    pwnedOrNot

    Check breached emails and find exposed passwords from public dumps

    pwnedOrNot is an open source OSINT tool designed to investigate whether an email address has been compromised in known data breaches and to identify exposed credentials associated with that account. The tool works by interacting with the HaveIBeenPwned (HIBP) API to determine if a given email address appears in breach databases. If the email is found in a breach, the tool proceeds to search for associated passwords within publicly available data dumps. This two-phase approach allows...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 15
    Sippts

    Sippts

    Set of tools to audit SIP based VoIP Systems

    Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python and it allows us to check the security of a VoIP server using SIP protocol. You can freely use, modify and distribute. If modified, please put a reference to this site. Most security tools can be used for illegal purposes, but the purpose of this tool is to check the security of your own servers and not to use to do bad things. I am not responsible for the misuse of this tool. Sippts...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 16
    Maltrail

    Maltrail

    Malicious traffic detection system

    Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    aws-encryption-sdk-cli

    aws-encryption-sdk-cli

    CLI wrapper around aws-encryption-sdk-python

    ...Installation using a python virtual environment is recommended to avoid conflicts between system packages and user-installed packages. For the most part, the behavior of aws-encryption-cli in handling files is based on that of GNU CLIs such as cp. A qualifier to this is that when encrypting a file, if a directory is provided as the destination, rather than creating the source filename in the destination directory, a suffix is appended to the destination filename. By default the suffix is .encrypted when encrypting and .decrypted when decrypting, but a custom suffix can be provided by the caller if desired.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    Checkov

    Checkov

    Prevent cloud misconfigurations during build-time for Terraform

    ...Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework. Analyze relationships between cloud resources using Checkov’s graph-based YAML policies. Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19
    Python Outlier Detection

    Python Outlier Detection

    A Python toolbox for scalable outlier detection

    ...PyOD includes more than 30 detection algorithms, from classical LOF (SIGMOD 2000) to the latest COPOD (ICDM 2020) and SUOD (MLSys 2021). Since 2017, PyOD [AZNL19] has been successfully used in numerous academic researches and commercial products [AZHC+21, AZNHL19]. PyOD has multiple neural network-based models, e.g., AutoEncoders, which are implemented in both PyTorch and Tensorflow. PyOD contains multiple models that also exist in scikit-learn. It is possible to train and predict with a large number of detection models in PyOD by leveraging SUOD framework. A benchmark is supplied for select algorithms to provide an overview of the implemented models. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Digna Web Scanner

    Digna Web Scanner

    A tool to check web apps for vulnerabilty

    This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    GHunt

    GHunt

    Offensive Google framework

    ...Put GHunt on listening mode (currently not compatible with docker) Paste base64-encoded cookies. Enter manually all cookies. The development of this extension has followed Firefox guidelines to use the Promise-based WebExtension/BrowserExt API being standardized by the W3 Browser Extensions group, and is using webextension-polyfill to provide cross-browser compatibility with no changes.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 22
    Network Security Toolkit (NST)

    Network Security Toolkit (NST)

    A network security analysis and monitoring toolkit Linux distribution.

    ...An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.
    Leader badge
    Downloads: 134 This Week
    Last Update:
    See Project
  • 23
    Robolinux

    Robolinux

    Announcing Robolinux Cinnamon 14.1

    Announcing The New Robolinux Series 14 Mate LTS - 2034 Robolinux is very pleased to announce a completely new 14.1 Mate privacy centered 1inux operating system you can download freely while also offering our users an optional 14+ advanced upgrade which comes with our Untracker and FAAST Boot along with one click popular privacy software installers like Tor and I2p, Wireshark and Bleachbit plus many more for a fair and reasonable price. Robolinux14.1-Mate is ideal for beginners and...
    Downloads: 114 This Week
    Last Update:
    See Project
  • 24
    CacheGuard Gateway

    CacheGuard Gateway

    Free UTM appliance: firewall, VPN, WAF and antivirus in one ISO.

    ...CacheGuard-OS is not an app, it IS the OS. A fully custom network appliance operating system built from scratch over 20 years, now fully open source. One ISO includes: firewall, VPN, web antivirus, URL filtering, SSL inspection, WAF, reverse proxy, load balancer and QoS. Free for any number of users. Optional paid support available. Source code: https://github.com/cacheguard/CacheGuard-OS Website: https://www.cacheguard.com/
    Leader badge
    Downloads: 4 This Week
    Last Update:
    See Project
  • 25
    Scout Suite

    Scout Suite

    Multi-cloud security auditing tool

    ...Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all users may be performed offline. Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.
    Downloads: 3 This Week
    Last Update:
    See Project
Auth0 Logo