This is an (archived) list of sites on Cloudflare DNS at the time of the CloudBleed HTTPS traffic leak announcement. Original vuln thread by Google Project Zero.This list is archived and no longer under active maintenance. It may contain stale or inaccurate data that will not be corrected. Do not link to it from press releases, it is not intended for end-users. If people want to find it, they can Google it.
security ssl https cloudflare passwords dns cdnMaster Password is a completely new way of thinking about passwords. It consists of an algorithm that implements the core idea and applications for various platforms making the alogirthm available to users on a variety of devices and platforms.
password-manager password-generator passwords cryptography ios android cli scrypt password-store password-vault password-hashShaming sites with dumb password rules. Feel free to submit a pull request with dumb rules you've encountered.
security passwords hacktoberfestrun ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.
payload payloads xss sqli web-attack-payloads passwordsHashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports. Please see the Contribution Guide for how to develop and contribute. If you have any problems, please consult Issues page first. If you don't see a related issue, feel free to add one and we'll help.
hashcat analytics passwords hashes pentesting distributed penetration-testing security-tools password-crackingEasy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.
password passwords hash auth authorization authentication security login sign-in salt rainbow brute stretching pbkdf2encpass.sh provides a lightweight solution for using encrypted passwords in shell scripts using OpenSSL. It allows a user to encrypt a password (or any other secret) at runtime and then use it, decrypted, within another script. This prevents shoulder surfing passwords and avoids storing the password in plain text, which could inadvertently be sent to or discovered by an individual at a later date. This script generates an AES 256 bit symmetric key for each script (or user-defined label) that stores secrets. This key will then be used to encrypt all secrets for that script or label.
encryption shell passwordsAiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON. The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.
cracking hash hashing distributed hashcat pentesting passwords hashtopussy hashesProgram to reverse Docker images into Dockerfiles
security-tools security docker-security reverse-engineering docker-image dockerfile secrets passwordsA native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault. Currently this library uses libsecret so you may need to install it before running npm install.
keychain libsecret credential-storage password passwords credential credentials vault credential-vaultIt's like SnapChat... for Passwords. This is a webapp that lets you share passwords securely.
passwords securitypwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.
haveibeenpwned api pwnedornot passwords hacked-emails hacked-passwords hacked python-scriptPrivy is a small and fast utility for password-protecting secret data such as API keys, cryptocurrency wallets, or seeds for digital signatures.Say for example you are using GnuPG. You are about to sign a message but it first requires your password. Does your password become the input to instantiate your private key? No, it is first hashed by a secure key derivation function. That hash then becomes the input to a symmetric cipher such as AES which then decrypts your stored private key. That is what Privy does.
secrets passwords encryption keys aes hmacThis is a nice and simple wrapper in Go over the raw scrypt libraries available. There are just 2 calls exposed by the library(and should be!) which makes it super easy to embed in any of your projects.The salt is randomly generated from the crypto/rand library which generates a cryptographically secure pseudorandom number.
hashing passwords scryptWorks on macOS and Linux. See user-info if you need cross-platform support.Accepts a username or uid number. Defaults to the current user (process.getuid()).
passwd osx uid gid pw getpwuid posix unix shell home dir username user etc password passwordsThe most performant AngularJS directive for matching two password input fields
angular angularjs password match-password confirm-password passwords angular-password ngpassword gdi2290 patrickjsIf you check database passwords into git, download credential files from S3 or some other server, provide plaintext keys to your continuous integration/deployment solution, or don't have the ability to limit engineers from getting production secrets, stop doing what you're doing. Following 12 Factor? Rock on. We have env var support already built-in.
crypto key keys secret secrets passwords encrypt decrypt encryption decryptionThis package aim to provide secure, well configured and ready to use password hashing algorithms for your application.Currently the most vetted hashing algorithm providing most security is BCrypt. PBKDF2 isn't bad either, but if you can use BCrypt you should.
credential nodejs hash-functions security brute-force timing-attacks rainbow-table credential-plus password passwords hashing verification hash-function hash auth authorization authentication login sign-in salt rainbow brute attack stretching timining-attack pbkdf pbkdf2 bcrypt scrypt argon2g20 (Generate a 20 Character Password) is the fastest and easiest cross-platform CLI password generator on the planet. For years I have been using something similar to it but it only works on OS X. Feel free to submit an issue if you're stuck. No.
password-generator nodejs cli password passwords generator clipboard chalk security crypto random os-x passwdExample Code from Practical Security talk
security ios certificate-pinning keychain cryptography aes talks passwords
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.