XSRF Probe is an advanced Cross Site Request Forgery Audit Toolkit equipped with Powerful Crawling and Intelligent Token Generation Capabilities. It is because this tool is designed to perform all kinds of form submissions automatically which can sabotage the site. Sometimes you may screw up the database and most probably perform a DoS on the site as well.
https://github.com/theInfectedDrake/XSRFProbeTags | csrf crawler csrf-attacks token-generation csrf-scanner theinfecteddrake |
Implementation | Python |
License | GPL |
Platform | Windows Linux |
gorilla/csrf is also compatible with middleware 'helper' libraries like Alice and Negroni....and then collect the token with csrf.Token(r) in your handlers before passing it to the template, JSON body or HTTP header (see below).
csrf-protection gorilla middleware securitynosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application.Even though CSRF is a prominent vulnerability, Go's web-related package infrastructure mostly consists of micro-frameworks that neither do implement CSRF checks, nor should they.
csrf security middlewareNode.js CSRF protection middleware. Requires either a session middleware or cookie-parser to be initialized first.
nodejs middleware expressjs csrf tokens expressBlazy is a modern login page bruteforcer.
brute-force bruteforce csrf clickjacking scanner cloudflare waf detector sql-injectionA post here details a method for stealing sensitive data with CSS injection by using Attribute Selectors and iFrames. Because this method requires iFrames, and most major websites disallow being framed, this attack isn't always practical. Here I'll detail here a way to do this without iFrames, effectively stealing a CSRF token in about 10 seconds.
NeatHtml™ is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. Untrusted content is any content that is not trusted by the website owner (e.g. blog comments, forum posts, or user pages on social networks).
antixss csrf csrf-prevention xss xss-preventionSimple integration of Flask and WTForms, including CSRF, file upload, and reCAPTCHA.
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
hacking bugbounty whitepapers webappsec pentesting itsecurityXSSOR:方便XSS与CSRF的工具,http://evilcos.me/lab/xssor/
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.
web application scanner osint fuzzer owasp vulnerability spider passive active sqli xss lfi rfi rce csrf automated scan reportSPF is an application security module Microsoft IIS web servers. SPF provides instant out-of-the-box protection against Parameter Tampering, Cross-Site Scripting (XSS), URL Manipulation, Cross-Site Request Forgery (CSRF), and Session Hijacking/Replay attacks.
webJava-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Parameter Manipulation and many more.
The move towards Single Page Apps and RESTful services open the doors to a much better way of securing web applications. Traditional web applications use browser cookies to identify a user when a request is made to the server. This approach is fundamentally flawed and causes many applications to be vulnerable to Cross-Site Request Forgery (CSRF) attacks. When used correctly, RESTful services can avoid this vulnerability altogether. Before we go into the solution, lets recap the problem. HTTP is a stateless protocol. Make a request and get a response. Make another request and get another response. There is no correlation (i.e. "state") between these requests. This poses a problem when you need to identify a user to the system because one request logs the user in and another request needs to tell the server who is making the request.
Since version 0.11.0.0 Spock drops simple routing in favor of typesafe routing and drops safe actions in favor of the "usual" way of csrf protection with a token. Since version 0.7.0.0 Spock supports typesafe routing. If you wish to continue using the untyped version of Spock you can Use Web.Spock.Simple. The implementation of the routing is implemented in a separate haskell package called reroute.
haskell spock web framework functional http server api webframeworkShare configuration and state data of an Express app with the client-side via JavaScript. Express State is designed to make it easy to share configuration and state data from the server to the client. It can be used to share any data that needs to be available to the client-side JavaScript code of the an app: e.g., the current user, a CSRF token, model data, routes, etc.
express state client expose data config configuration json model modownNOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.
web-penetration-testing reconnaissance vulnerability-analysis scanning-enumeration web-fuzzer osint vulnerability-detection footprinting intelligence-gathering exploitation web-application-security theinfecteddrake tidos-frameworkSimple integration of Flask and WTForms, including CSRF, file upload and Recaptcha integration.
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.