Search Results for "attack"
Sort By:
Showing 64 open source projects for "attack"
View related business solutions-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
1
Impacket
A collection of Python classes for working with network protocols
Impacket is a collection of Python classes designed for working with network protocols. It was primarily created in the hopes of alleviating some of the hindrances associated with the implementation of networking protocols and stacks, and aims to speed up research and educational activities. It provides low-level programmatic access to packets, and the protocol implementation itself for some of the protocols, like SMB1-3 and MSRPC. It features several protocols, including Ethernet, IP, TCP,... -
2
Pterodactyl Panel
Pterodactyl® is a free, open-source game server management panel
...Built on a modern stack utilizing the best design practices that make it easy to jump in and make modifications. All servers run in isolated Docker containers that limit attack vectors, provide strict resource limits, and provide environments tailored to each specific game. Pterodactyl is 100% free and licensed under a MIT license. All of our code is completely open source as well. -
3
Themis
Easy to use cryptographic framework for data protection
Cross-platform high-level cryptographic library. Themis helps to build simple and complex cryptographic features easily, quickly, and securely. It’s a perfect fit for multi-platform apps. Themis hides cryptographic details and eliminates popular mistakes. Themis provides ready-made building blocks (“cryptosystems”) for secure data storage, message exchange, socket connections, and authentication. Secure Cell is a multi-mode cryptographic container suitable for storing anything from encrypted... -
4
LiteBox
A security-focused library OS supporting kernel execution
LiteBox is a security-focused “library OS” sandboxing project that aims to shrink the interface between an application and its host environment to reduce attack surface. Instead of relying solely on broad OS-level permissions, it focuses on isolating workloads by tightly controlling the boundary where code interacts with host services and system resources. The design emphasizes interoperability across different integration layers, describing a separation between “North” shims (how apps or runtimes plug in) and “South” platforms (where the sandbox runs), which helps the system adapt to multiple deployment contexts. ... -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
6
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
7
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your... -
8
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
9
ContainerSSH
ContainerSSH: Launch containers on demand
...Provide production access to your developers, give them their usual tools while logging all changes. Authorize their access and create short-lived credentials for the database using simple webhooks. Clean up the environment on disconnect. Study SSH attack patterns up close. Drop attackers safely into network-isolated containers or even virtual machines, and capture their every move using the audit logging ContainerSSH provides. The built-in S3 upload ensures you don't lose your data. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
ali
Generate HTTP load and plot the results in real-time
Generate HTTP load and plot the results in real-time. A load testing tool capable of performing real-time analysis, inspired by vegeta and jplot. ali comes with an embedded terminal-based UI where you can plot the metrics in real-time, so lets you perform real-time analysis on the terminal. Press l (or h) to switch the displayed chart. On all charts, you can click and drag to select a region to zoom into. -
11
sn0int
Semi-automatic OSINT framework and package manager
sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surfaces by semi-automatically processing public information and mapping the results in a unified format for follow-up investigations. sn0int is heavily inspired by recon-ng and maltego, but remains more flexible and is fully opensource. None of the investigations listed above are hardcoded in the source, instead, those are provided by modules that are executed in a sandbox. ... -
12
NextDNS
NextDNS CLI client (DoH Proxy)
...Go beyond the domain, we analyze DNS questions and answers on-the-fly (in a matter of nanoseconds) in order to detect and block malicious behavior. With usually only a few hours between domain registration and the start of an attack, our threat intelligence system is built to catch malicious domains earlier than classic security solutions. Block ads and trackers on websites and in apps, including the most devious ones. Use the most popular ads & trackers blocklists, millions of domains all updated in real-time. -
13
fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go
...Built simple, powerful, and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, and hybrid. OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. ... -
14
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. ... -
15
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also... -
16
SANTETIN
Santetin is a website stress test and DDOS simulation tool
Santetin is a powerful desktop application built with Electron to perform website stress tests, penetration testing simulations, DDOS attacks, and traffic jingling for testing and educational purposes. ⚠️ Disclaimer: This tool is intended for educational and testing purposes only. Do not use it against any website without explicit permission from the owner. -
17
Wifipumpkin3
Powerful framework for rogue access point attack
wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. -
18
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
19
Infection Monkey
Infection Monkey is a automated security testing tool for networks
Infection Monkey is a open source automated security testing tool for testing a network's security baseline. Monkey is a tool that infects machines and propagates and Monkey Island is the server for an administrator to control and visualize progress of Infection Monkey. -
20
Penetration Testing Tools
A collection of more than 170+ tools, scripts, cheatsheets
Penetration-Testing-Tools is a curated collection of tools, scripts, cheatsheets and reference materials assembled to help security researchers, red-teamers, and students perform hands-on penetration testing across multiple domains. The repository groups resources by discipline — reconnaissance, web application testing, network exploitation, privilege escalation, post-exploitation and reporting — so users can quickly find relevant utilities and walkthroughs. Many entries include short usage... -
21
Bank Vaults
K8s operator, Go client with automatic token renewal
...It has many 'blades' that cut through the security problem: the Bank-Vaults operator provides automation; a Go client with automatic token renewal that provides dynamic secret generation, multiple unseal options, and more; a CLI tool to initialize, unseal and configure Vault with authentication methods and secret engines; and direct secret injection into Pods to reduce the attack surface. Automates the entire Vault lifecycle in your Kubernetes clusters. Provides seamless integration with non-Vault-aware applications without storing the decrypted secret anywhere. Vault is the de-facto standard for secret management in cloud-native environments. Bank-Vaults provides various tools for Hashicorp Vault to make its use easier. ... -
22
ISB
ISB (I'm so bored) is a network stress-testing application for Windows
ISB (I'm so bored) is a network stress-testing application for Windows created by byte[size] Software byte[size] Software: https://github.com/softbytesize Frontpage: https://softbytesize.github.io/ISB/ Support: https://softbytesize.github.io/ISB#cu Documentation: https://softbytesize.github.io/ISB/#helpstart Releases: https://github.com/softbytesize/ISB-Releases/releases Discord: https://discord.com/invite/9YNzrXDHxE -
23
Zero Site Protector
Human verification & attack prevention for website security
The zero-site-protector plugin is a powerful security tool for your website that provides multiple layers of protection to safeguard against unauthorized access and potential attacks. The plugin includes features such as human verification, which ensures that only legitimate users are able to access your site. It also includes protection against various types of attacks such as cross-site scripting (XSS) and SQL injection. Additionally, the plugin allows you to block access to your... -
24
Command Line
Your Personal Hacking Terminal.
Command Line is an Open-Source Software for Pentesters and Ethical Hackers it contains many Functionalities which helps Ethical Hackers. It is CLI Based Application use for checking Networks and IP's it also supports functionalities like downloading Packages from Internet Including YouTube.It is also used for Port scanning, IP-Finding it is also useful for checking ping and net speed with the functionality of scanning the net speed by selecting the best server. It also has Host IP finding... -
25
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
...The tool is particularly valuable in security research, bug bounty hunting, and penetration testing, as it uncovers endpoints that may no longer be publicly linked but still exist on servers. By leveraging archived data, waybackurls helps identify hidden attack surfaces, legacy APIs, and forgotten resources that could be vulnerable. Its design is intentionally simple and efficient, focusing on delivering large volumes of URLs quickly with minimal configuration. The output can be combined with other tools for further analysis, such as filtering parameters or probing endpoints.
