Showing 318 open source projects for "web-based"

View related business solutions
  • Build Agents and Models on One Platform Icon
    Build Agents and Models on One Platform

    Everything you need to build production-ready agents and models. Access 200+ Google and third-party AI models and tools.

    Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
    Try It Free
  • Stop vibe-debugging. Icon
    Stop vibe-debugging.

    Plug Claude into your app's actual errors.

    AppSignal's MCP server hands Claude, Cursor, or Zed your real errors, traces, and the deploy that shipped them. AI writes the fix; you review the diff.
    Free 30 days.
  • 1
    Robin

    Robin

    AI-powered tool for dark web OSINT search and investigation

    Robin is an AI-powered open source tool designed to assist investigators and researchers in conducting dark web OSINT (Open Source Intelligence) investigations. It combines automated dark web search capabilities with large language models (LLMs) to analyze and summarize information discovered across hidden services and Tor-based search engines. The tool helps refine investigative queries, collect results from multiple dark web sources, and filter relevant intelligence using AI-driven processing. ...
    Downloads: 21 This Week
    Last Update:
    See Project
  • 2
    Wfuzz

    Wfuzz

    Web application fuzzer

    Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.
    Downloads: 19 This Week
    Last Update:
    See Project
  • 3
    mitmproxy

    mitmproxy

    A free and open source interactive HTTPS proxy

    ...It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. Its web-based interface mitmweb gives you a similar experience as Chrome's DevTools, with the addition of features like request interception and replay. Its command-line version mitmdump allows you to write powerful addons and script mitmproxy so it can automatically modify messages, redirect traffic, and perform many other custom commands.
    Downloads: 14 This Week
    Last Update:
    See Project
  • 4
    H4X-Tools

    H4X-Tools

    A modular, terminal-based toolkit for OSINT, reconnaissance

    H4X-Tools is a modular, terminal-based toolkit for OSINT, reconnaissance, and scraping workflows. It is built in Python and runs on Linux and Windows. The project organizes multiple research utilities behind an interactive menu and direct command-line options. Its tools cover areas such as Instagram profile research, web reconnaissance, phone lookup, IP lookup, username search, email search, leak intelligence, port scanning, WHOIS lookup, web scraping, directory discovery, Bluetooth scanning, and local user enumeration. ...
    Downloads: 10 This Week
    Last Update:
    See Project
  • Custom VMs From 1 to 96 vCPUs With 99.95% Uptime Icon
    Custom VMs From 1 to 96 vCPUs With 99.95% Uptime

    General-purpose, compute-optimized, or GPU/TPU-accelerated. Built to your exact specs.

    Live migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
    Try Free
  • 5
    Argus

    Argus

    Python toolkit for OSINT and reconnaissance with 135+ modules

    Argus is a Python-based open source toolkit designed to simplify information gathering and reconnaissance tasks in cybersecurity. It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 6
    BBOT

    BBOT

    The recursive internet scanner for hackers

    BBOT is an advanced open-source reconnaissance automation framework designed to streamline large-scale OSINT and attack surface discovery workflows. It operates as a modular and recursive scanning tool that can enumerate subdomains, perform port scans, gather metadata, and collect web intelligence through a unified command-line interface. The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying the core engine. BBOT is particularly valuable for security researchers and red teamers who need to automate multi-stage discovery processes across complex infrastructures. ...
    Downloads: 8 This Week
    Last Update:
    See Project
  • 7
    WhatsApp Beacon

    WhatsApp Beacon

    OSINT tool for tracking WhatsApp online status via Web automation

    WhatsApp Beacon is an open source OSINT tool designed to monitor and analyze the online activity status of WhatsApp users through WhatsApp Web. It uses Selenium automation to interact with the web interface and detect when a target account goes online or offline. By continuously monitoring these changes, WhatsApp Beacon records connectivity patterns and builds a historical dataset of activity sessions. The collected information is stored in logs and a local database, allowing users to review behavioral patterns over time. ...
    Downloads: 14 This Week
    Last Update:
    See Project
  • 8
    fsociety

    fsociety

    Modular CLI framework for managing penetration testing tools

    ...Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. Its modular architecture organizes tools into categories such as information gathering, networking, web application security, and password testing. This structure allows users to quickly navigate through different security tasks while maintaining a consistent interface. fsociety can automatically clone and manage required tools, reducing the manual effort typically needed to set up a penetration testing toolkit. fsociety is distributed as a Python package.
    Downloads: 124 This Week
    Last Update:
    See Project
  • 9
    CTFd

    CTFd

    CTFs as you need them

    ...Create your own challenges, categories, hints, and flags from the Admin Interface. Dynamic Scoring Challenges. Unlockable challenge support. Challenge plugin architecture to create your own custom challenges. Static & Regex-based flags. Custom flag plugins. Unlockable hints. File uploads to the server or an Amazon S3-compatible backend. Limit challenge attempts & hide challenges. Automatic bruteforce protection. Individual and Team-based competitions. Have users play on their own or form teams to play together. Scoreboard with automatic tie resolution. Hide Scores from the public. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • Go from Code to Production URL in Seconds Icon
    Go from Code to Production URL in Seconds

    Cloud Run deploys apps in any language instantly. Scales to zero. Pay only when code runs.

    Skip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
    Try it free
  • 10
    Payloads All The Things

    Payloads All The Things

    A list of useful payloads and bypass for Web Application Security

    A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 11
    Tookie-OSINT

    Tookie-OSINT

    Username OSINT tool for discovering accounts across many websites

    ...It is similar in concept to tools such as Sherlock, focusing on identifying user profiles across social media and other online services. Tookie-OSINT includes both command-line and optional web interface functionality, giving users flexible ways to run scans and analyze results. Tookie-OSINT was created to help beginners and aspiring security professionals learn about OSINT techniques.
    Downloads: 22 This Week
    Last Update:
    See Project
  • 12
    WAFW00F

    WAFW00F

    WAFW00F allows one to identify and fingerprint Web App Firewall

    The Web Application Firewall Fingerprinting Tool. Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 13
    discover

    discover

    Automation framework for reconnaissance and penetration testing tasks

    ...It provides a menu-driven interface that allows security professionals to quickly launch different tools and scripts without manually executing each command. The framework helps streamline activities such as information gathering, network scanning, and web application testing during security assessments. Discover also integrates with well-known security tools like Metasploit to generate malicious payloads and manage listeners for exploitation tasks. By organizing multiple security utilities and scripts into one environment, the project reduces repetitive manual steps and standardizes penetration testing workflows. ...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 14
    holehe

    holehe

    Check if the mail is used on different sites

    holehe is a Python-based OSINT utility designed to determine whether a specific email address is registered across a wide range of online services. The tool works by leveraging password-reset mechanisms and other public account-existence checks to infer whether an email is associated with accounts on major platforms. It supports more than a hundred websites and is commonly used during reconnaissance, digital investigations, and account exposure assessments. holehe is designed to operate quickly and quietly, emphasizing efficiency and minimal footprint during enumeration tasks. ...
    Downloads: 49 This Week
    Last Update:
    See Project
  • 15
    IntelOwl

    IntelOwl

    Centralized platform for automated threat intelligence analysis

    IntelOwl is an open source platform designed to manage and enrich threat intelligence data at scale. It provides a centralized environment where security analysts can gather information about suspicious files and observables such as IP addresses, domains, URLs, or hashes using a single API request. The platform integrates numerous online intelligence sources and advanced malware analysis tools, enabling users to obtain comprehensive threat intelligence without manually querying multiple...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 16
    OWASP Maryam

    OWASP Maryam

    Modular OSINT framework for automated open-source intelligence gatheri

    Maryam is an open source intelligence (OSINT) framework designed to automate the process of gathering and analyzing publicly available information from the internet. It provides a modular environment that enables users to collect data from search engines, open data sources, and various online services for reconnaissance and investigative purposes. Written in Python, Maryam is built to provide a flexible and extensible framework for harvesting information quickly and efficiently from open...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 17
    dnstwist

    dnstwist

    Detects phishing and lookalike domains using DNS fuzzing techniques

    dnstwist is an open source cybersecurity tool designed to identify malicious or suspicious domain names that imitate legitimate websites. It works by generating a large set of domain name permutations based on a target domain and analyzing whether any of those variants are actively registered or used. These permutations simulate common techniques used in phishing attacks, typosquatting, and brand impersonation campaigns. Security teams can use the tool to discover potential threats where attackers attempt to deceive users with lookalike domains. dnstwist also helps detect phishing activity by comparing web page content and visual similarity between domains using fuzzy hashing and perceptual hashing techniques. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    Django OAuth Toolkit

    Django OAuth Toolkit

    OAuth2 goodies for the Djangonauts!

    ...OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. Your Django app exposes a web API you want to protect with OAuth2 authentication. You need to implement an OAuth2 authorization server to provide tokens management for your infrastructure.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19
    reNgine

    reNgine

    Automated framework for web application reconnaissance and scanning

    reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface. reNgine focuses on improving traditional reconnaissance workflows by organizing collected data in a database and correlating results to make them easier to analyze. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Flowsint

    Flowsint

    Graph-based OSINT investigation platform w visual relationship mapping

    Flowsint is an open source OSINT investigation platform designed to help analysts explore and understand relationships between digital entities through a visual graph interface. The platform focuses on reconnaissance and open source intelligence workflows, enabling investigators to map connections between domains, IP addresses, organizations, individuals, and other data points. By presenting these relationships in an interactive graph, Flowsint allows users to quickly identify patterns,...
    Downloads: 19 This Week
    Last Update:
    See Project
  • 21
    Alerta

    Alerta

    Alerta monitoring system

    ...Integrating bespoke systems is easy using the API or command-line tool. Alerts are submitted in JSON format to an HTTP API. Alerts can be queried from the command line or viewed in a slick web console optimized for desktop, tablet, and mobile. User logins can be added using Google, GitHub or GitLab OAuth and programmatic access is managed using API keys.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    geowifi

    geowifi

    OSINT tool for locating WiFi networks using BSSID or SSID data

    ...The results can be displayed in different formats, including a structured JSON output or an interactive HTML map showing the discovered locations. geowifi also supports API-based integrations with certain services, which allows geowifi to retrieve more accurate or detailed geolocation data when valid API credentials are configured.
    Downloads: 15 This Week
    Last Update:
    See Project
  • 23
    sqlmap

    sqlmap

    Automatic SQL injection and database takeover tool

    sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 24
    Raccoon

    Raccoon

    High-performance reconnaissance and vulnerability scanning tool

    Raccoon is a high-performance offensive security tool designed to assist with reconnaissance and vulnerability scanning during penetration testing and security assessments. It automates several common reconnaissance tasks, allowing security professionals to quickly gather information about a target system or web application. The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. Raccoon can perform DNS enumeration, subdomain discovery, and URL fuzzing to uncover hidden endpoints and infrastructure components. It also integrates network scanning capabilities through tools such as Nmap to detect open ports, services, and potential vulnerabilities. ...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 25
    GRR

    GRR

    GRR Rapid Response, remote live forensics for incident response

    ...“Work” means running a specific action, downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers, fleetspeak) and provides a web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next
Auth0 Logo