Search Results for "web security"
Sort By:
Showing 45 open source projects for "web security"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
1
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
2
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. ... -
3
Zuul
Gateway service providing dynamic routing, monitoring and more
Zuul is an L7 application gateway that offers many capabilities, including dynamic routing, monitoring, security, resiliency and more. It is used in the backend of the Netflix streaming service as a front door for all requests from devices and web sites. Zuul is ideal for cases like this where API traffic volume and diversity can become overwhelming and cause production issues to arise suddenly and without warning. Zuul has a broad range of filters that enable it to perform multiple functions quickly and apply functionality to services like Netflix. ... -
4
Commando VM
Complete Mandiant Offensive VM (Commando VM)
Commando VM (by Mandiant) is a Windows-based offensive security / red-team distribution built to turn a fresh Windows installation into a fully featured penetration testing environment. It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of... -
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
5
Maltrail
Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic... -
6
DevSec Hardening
This Ansible collection provides battle tested hardening
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and... -
7
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
8
Bootsmann
A minimalistic, lean and fast HTTP REST API test application
Bootsmann is an opensource C++ alternative to Postman/Insomnia/Hoppscotch for simple HTTP REST API testing. It is especially useful for embedded devices and local development, where low memory usage and fast response times are crucial. -
9
BlackBuntu Linux
BlackBuntu Linux
BlackBuntu is born from the passion and spirit of 2 specialists. Let’s cut the bullshit, this distribution is a GNU/Linux distribution based on Ubuntu and designed with Pentest, Security and Development in mind for the best experience. With advanced accessibility tools and options to change language, colour scheme and text size, Blackbuntu makes computing easy – whoever and wherever you are. BlackBuntu is a fully open source project, anyone can see what is inside. The building source code... -
10
What is DracOS GNU/Linux Remastered ? DracOS GNU/Linux Remastered ( https://github.com/dracos-linux ) is the Linux operating system from Indonesia , open source is built based on Debian live project under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Use a GUI-based...
-
11
retrap
Open-Source intelligence tracking and analysis tool.
(OSINT) Open-Source intelligence tracking and analysis tool. - Disclaimer: This tool is experimental in its Alpha phase. It's developed and published as a small building block of a master's thesis research. So use it for educational purposes only and at your own discretion, the author cannot be held responsible for any damages caused. -
12
PHPCorrector
XSS and SQLi vulnerabilities corrrector for PHP web applications
PHPCorrector is a tool that scans your PHP code to find Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities. When a vulnerability is found, it is corrected automatically. -
13
httest is a script based tool for testing and benchmarking web applications, web servers, proxy servers and web browsers. httest can emulate clients and servers in the same test script, very useful for testing proxys.
-
14
RND
Random data generator: secure character streams and large files
Generate a lot of random junk. Create: • huge files • random character stream • specific character sequence Example uses - generate: • specific number of characters for testing web forms • restricted range character stream • control characters, 'high characters', emojis for fuzzing application input • specific byte sequence • Unicode character range • file overwrites to the exact byte count • custom text strings as content filler • long password strings • specific... -
15
Nishang
Offensive PowerShell for red team and penetration testing
...Two basic methods to execute PowerShell scripts in memory. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it. -
16
FoxNuke
A Proffesional Stress-Testing(ddos) tool for pentesters
The FoxNuke program is written in python and uses Firefox in order to complete the distributed denial of service attack feature. Multiple headers are used from the Firefox browser, along with a personal configuration option for the Opera browser. The FoxNuke Program is still underdevelopment as of 8/24/17, full release is set to come out sometime during 2017-2018. If you would like to participate in the TESTING of this program and would like to help report bugs, etc. then please email... -
17
Filler Studio
Filler Studio for any kind of automation for Windows,Linux,Mac.
Filler Studio for any kind of automation based on Java for Windows,Linux,Mac. Automation for Web Applications and Desktop Applications and OS itself also. Automation for IRCTC. Key Replacement Utility,Print Screen Utility are also included. Video tutorials are available on youtube. List Of Utilities in Filler Studio? Filler contain List of Utility use to Deduct Repetitive task in computer. Print Screen Utility IRCTC Filler Links Screen Record Fillers Key... -
18
This is a tool to help manage multiple hosts files on one system. Check out the readme: https://svn.code.sf.net/p/hostsmanager/code/trunk/Readme.txt Please use the request tracker if you have suggestions. I also accept patches! https://sourceforge.net/p/hostsmanager/feature-requests/ https://sourceforge.net/p/hostsmanager/code/
-
19
LOIC-0
A NETWORK STRESS TOOL BASED ON PRAETOX LOIC
...IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES THIS TOOL IS RELEASED WITH NO WARRANTY AT ALL. TAGS: LOIC,Low Orbit Ion Cannon, network, stress test, security software, network tool, Windows,Linux, LOWC, Low Orbit Web Cannon, network, stress testing, load testing, server load testing, server testing. -
20
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with...
-
21
The SoapUI download has moved to https://www.soapui.org/downloads/soapui/source-forge.html With more than 9 million downloads SoapUI is the de-facto standard for REST and SOAP API functional, security and performance testing.
-
22
OWASP Security Shepherd
Web and mobile application security awareness/training platform
The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security... -
23
must: A More Useful Syslog Test tool
A syslog message generator that replicates real syslog messages
Using templated message formats with customisable placeholders, run in configurable sequences that can selectively reuse data between steps, must allows more intelligent testing of syslog receivers with realistic data, as well as longer soak testing and stress testing. must was created to fill a gap found when trying to stress test Splunk as real, indexable and meaningful data was needed. must will (eventually) be provided as a standalone tool that uses XML configs (for quick use and... -
24
The concept behind DataWoo is to create a Spring-based architecture that allows developers to jump-start their coding efforts by providing a hardened and secure foundation when developing new systems; it can also be used as a reference for incorporating new technologies into existing systems. DataWoo is meant to be a research and development platform that can be extended into just about any enterprise-level web application. The architecture will be developed in three phases: 1. Basic Spring Architecture: Provides all the basic components needed to field an enterprise-level application. 2. Programmatic Security Model: Incorporates the components needed to dynamically assign users to user roles and user roles to profiles. 3. Meta-Driven Architecture: Use meta-data to dynamically configure 80%-90% of the application using the concepts exemplified in the Compiere open source project.
-
25
ESSPEE - Penetration Testing & Forensics
(Android Forensics & Malware Analysis Included)
ESSPEE - Extreme Security Scanning Penetration testing & Exploitation Environment Ubuntu 12.04 LTS (Precise Pangolin) is purposefully selected as the base Operating System to obtain supports from Ubuntu for a long duration (till Apr 2017). It is packed with featured security tools with very less resource consumption and higher degree of stability. Thanks to Back Track, Blackbuntu, CAINE and DEFT and many others for inspiration. Being a sole developer to this distro, I wish it...
