Search Results for "vulnerable applications"
Sort By:
Showing 22 open source projects for "vulnerable applications"
View related business solutions-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
$300 Free Credits to Build on Google CloudStart your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
-
1
Metarget
Framework for automatic construction of vulnerable infrastructures
Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. During security research, we might find that the deployment of a vulnerable environment often takes much time, while the time spent on testing PoC or ExP is comparatively short. In the field of cloud-native security, thanks to the complexity of cloud-native systems, this issue is more terrible.... -
2
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. -
3
UFONet
UFONet - Denial of Service Toolkit
UFONet is a powerful and controversial Python-based toolkit for testing and conducting Distributed Denial of Service (DDoS) attacks using unconventional methods, such as leveraging third-party web applications as attack vectors. It automates the discovery of vulnerable targets and enables attackers or researchers to launch large-scale amplification attacks without directly using botnets. While primarily intended for penetration testing and educational purposes, UFONet emphasizes anonymity through the use of proxies, TOR, and encrypted command channels. -
4
pagodo
Automate Google Hacking Database scraping and searching
pagodo automates Google searching for potentially vulnerable web pages and applications on the Internet. It replaces manually performing Google dork searches with a web GUI browser. There are 2 parts. The first is ghdb_scraper.py that retrieves the latest Google dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py. This version of pagodo also supports native HTTP(S) and SOCKS5 application support, so no more wrapping it in a tool like proxychains4 if you need proxy support. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
SecretScanner
Find secrets and passwords in container images and file systems
Deepfence SecretScanner can find unprotected secrets in container images or file systems. Secrets are any kind of sensitive or private data that gives authorized users permission to access critical IT infrastructure (such as accounts, devices, networks, cloud based services), applications, storage, databases, and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key etc. are secrets. Secrets should be strictly kept... -
6
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
...Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. It positions itself as a pre-attacker safety net, aiming to break your web app before someone else does and thereby reduce the gap between “potentially vulnerable” and “confirmed exploitable.” -
7
ThreatMapper
Open source cloud native security observability platform
Thousands of companies trust Deepfence to secure their most critical cloud workloads and applications with a unified platform. Experience rapid threat detection and remediation, while significantly reducing non-critical security alerts by 90%. Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk of exploit. It uncovers vulnerable software components, exposed secrets, and deviations from good security practices. ... -
8
KubeClarity
KubeClarity is a tool for detection and management of vulnerabilities
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection. KubeClarity includes a CLI that can be run locally and especially useful for CI/CD pipelines. It allows to analyze images and directories to generate... -
9
Vulnerable Web Apps
Vulnerable Web Apps virtual appliance to learn application security.
...There were not that many alternatives for virtual appliances that covers what I wanted to teach, so I decided to mount my own appliance. Last version is an Ubuntu 22.04 server appliance, which includes the following applications: Version 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab -
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
10
NoSQLi
NoSql Injection CLI tool, for finding vulnerable websites
NoSQLi is a penetration testing tool designed for detecting and exploiting NoSQL injection vulnerabilities. It allows security researchers and ethical hackers to assess the security of NoSQL databases by identifying injection flaws in applications using MongoDB and similar technologies. -
11
xsrfprobe
Advanced toolkit for detecting and exploiting CSRF vulnerabilities
XSRFProbe is an advanced security auditing toolkit designed to detect and analyze Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and request forgery scenarios. ... -
12
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible... -
13
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
14
sqliv
Massive SQL injection vulnerability scanner for automated web testing
SQLiv is a command-line security tool designed to identify SQL injection vulnerabilities in web applications through automated scanning techniques. Written primarily in Python, the project focuses on discovering potentially vulnerable web pages by analyzing URLs that contain database query parameters. It can perform large-scale scanning by using search engine queries known as SQL injection dorks to collect candidate websites and then test them for vulnerabilities. -
15
Robocrawl 2.0
Expose web vulnerabilities servers, Acess open FTP & HTTP Dirs & files
This is a forensics tool helping web developers and administrators to assess the presence or absence of vulnerabilities in web & server applications. -
16
In this package, it contain compilation of vulnerable web applications and various version of CMS for penetration testing. It is based on XAMPP for Windows OS For detail or updates, please visit http://www.facebook.com/SYWorks
-
17
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
-
18
hNix OS
A vulnerable lab for IT Security professionals & students
A vulnerable toolkit & lab for IT Security Professionals, Hackers and Students. This is a Linux based Operating System & has been developed for those concerned with IT Security. Contains various software, exploits and is vulnerable to attacks. This project is a fork of the project MyLab@Home developed by Huzaib Shafi (http://www.shafihuzaib.com) -
19
Command-Injection-ISO
Real World Command Injection Vulnerable Apps
We've packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 :) All the best! -
20
Vulnerable Flash Applications
Deliberately Vulnerable Flash Applications
-
21
SkunxTools
WebApp Pentest Tool
This is an Alpha version of what is to become an all in one tool for pentesting of web applications. In its current phase it currently scans google dorks and tests for sql vulnerabilities. Once urls are harvested from google dorks they are saved to a log file for future reference. One a sql check is run, the vulnerable URLs are saved to a seperate log file. View the readme in /docs for more information. -
22
This Java based API lets you introduce capcha to you J2EE 1.3 + compliant Web Applications and supportive to frameworks like Struts, JSF so that you do not have to worry about having to write your own code for capcha.
- Previous
- You're on page 1
- Next