We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer
syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.
kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-toolsbrakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
rails security static-analysis vulnerabilities brakeman security-vulnerability security-tools security-auditSecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, regularly updated
This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues. Simply add "roave/security-advisories": "dev-master" to your composer.json "require-dev" section and you will not be able to harm yourself with software with known security vulnerabilities.
security-advisories security-vulnerability composer infoseclynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
Do you like this software? Star the project and become a stargazer. Lynis - Security auditing and hardening tool, for UNIX-based systems.
shell pci-dss compliance security-audit security-hardening security-scanner security-vulnerability hipaa unix vulnerability-detection vulnerability-scanners vulnerability-assessment devops devops-tools system-hardening hardening auditing gdpr security-toolsvuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.
vuls vulnerability-scanners freebsd vulnerability-detection security security-tools cybersecurity security-vulnerability security-scanner security-hardening security-automation security-audit vulnerability-assessment vulnerability-management vulnerability-scanneruber-cli - πUber, at your fingertips
Clearly, I'm a lazy person (just look at what this tool does - it helps me figure out if I should order a car to pick me up and drive me to where I want to go). That being said, as a lazy person it pains me everytime open my phone, open the Uber app, type my destination, and see the estimated price, only for my inner, responsible, cost-cutting, fiduciary-self to end up taking the bus all the way home.
uber security-vulnerability security-incidents command-line-tool uber-cli uber-price uber-timeSQLiScanner - Automatic SQL injection with Charles and sqlmap api
SQLiScanner works with Python version 3.x on Linux and osx.
sqlmap sqlmapapi autoscan scanner security-audit security sqlmap-webui security-vulnerabilitytlsfuzzer - SSL and TLS protocol test suite and fuzzer
Fuzzer and test suite for TLS (SSLv2, SSLv3, v1.0, v1.1, v1.2, v1.3) implementations. Early alpha version - thus no API stability guarantees.
tlslite-ng tls ssl security-audit security-vulnerability test-framework test-automation testing-tools test-suite tlslite protocol-verifier protocol-tester automation rfc-compliance standard-conformity standards robot drown tls13 tls12InsecureProgramming - mirror of gera's insecure programming examples | http://community
This is a mirror of Gera's Insecure Programming examples. Oldies but great for begineers getting into the basics of exploitation techniques and vulnerabilities.
vulnerabilities security-vulnerability security learning-exercise exploitationJeroboam - Check all your apps on macOS for vulnerable Sparkle updaters
IMMINENT DANGER: the heuristics indicate that it can't be assured, that using the updater won't compromise the system. In the best case, the app publisher provides updated binaries with a patched version of Sparkle, which isn't vulnerable or avoids using unencrypted HTTP connections for retrieving the AppCast, as strongly encouraged by Sparkle's documentation. Alternative countermeasures may range from disabling auto-updates and not using the updater anymore, over restricting the app's network functionalities to putting the app under quarantine. UNKNOWN: the app was compiled against an older SDK, so that ATS is not active or there are exclusions from ATS, while the feed URL for the AppCast is not declared in the Info.plist, so it has to be programmatically provided, which can't be determined by statical analysis. Nevertheless the tool inspects all string literals in the executable to find all HTTP URLs, which might include the feed URL. This strategy has limits and can't catch URLs, which weren't fully hardcoded as strings or obfuscated in another way. The found URLs are printed for further investigation through the user to allow a better risk estimation. If an insecure URL serving an AppCast can be found, it is likely that the app is vulnerable, otherwise it can't be excluded.
security security-tools security-scanner security-vulnerabilityPuma6Fail - Denial of service vulnerability in Puma 6 modems
Proof of concept code is already public elsewhere. DoS occurs in either direction - UDP from LAN to WAN or WAN to LAN.
security-vulnerability networkinghandshake-cracker - Handshake cracker
Includes a tool to efficiently perform capturing of handshakes. It intelligently manages all the words of the dictionaries to be tested, as well as keeps a history of everything that has already been tested, so that the same attempts are not repeated.
handshake cracker wordlist-generator wifi-password security-audit security-vulnerability penetration-testing hacking-tool john wordlist dictionaries ripper crack-process arch-linux handshake-crackerRansomware-Json-Dataset - Compiles a json dataset using public sources that contains properties to aid in the detection and mitigation of over 400 variants of ransomware
Compiles a json dataset containing properties to aid in the detection and mitigation of over 400 variants of ransomware using public sources. The latest version of the Ransomware Summary spreadsheet will then be downloaded and processed into a local json output which will be found in the core folder of your local repository along with a copy of the latest version of the spreadsheet. To change the source and destinations for local files edit the constants found in the header of the 'update_json.py' file.
ransomware security dataset-generation security-hardening ransomware-prevention excel-to-json security-audit security-vulnerability mitigation json json-dataset ransomware-resources detection ransomware-summary spreadsheet prevention wannacrywatchdog - Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360° view of any Internet property it scans. Given a list of domains/IP's it has the capability to perform a network scan, feed the output to open source web app scanners like Google's skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s. WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and map this information with it’s rich CVE database maintained and updated locally.
security-tools security security-vulnerability security-testing vulnerability-management vulnerability-assessment pentest-tool penetration-testing-framework cve-databases cve-search application-security network-security product-security bugbountycod-exploit - β οΈ cod mw2 exploit - PoC for CVE-2018-10718
The code has been published as the vulnerability used has been patched on all cod games as of 4/26/2018. For more information, read the post at https://momo5502.com/blog/?p=34 or see CVE-2018-10718. This software has been created purely for the purposes of academic research. It is not intended to be used to attack other systems. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
cpp exploit security-vulnerability mw2 cod hack pocShitHub - ShitHub is a collaborative platform, created to check your own and/or foreign code for security vulnerabilitys and design issues
ShitHub is a collaborative platform, created to check your own and/or foreign code for security vulnerabilitys and design issues. A: Well, there are many other Code review systems, but we don't knew any system which isn't limited to team inside review and Open Source.
security-vulnerability clean-code collaborative collaboration jugendhacktorthrus - π‘ Monitor, analyze, & report security misconfigurations across environments.
This project is still unstable and, thus, not production-ready. Breaking changes may be introduced to the API or the CLI.
security security-tools security-audit security-scanner security-vulnerability security-groupsYAS3BL - π Yet Another S3 Bucket Leak
π Enumerating all the AWS S3 bucket leaks that have been discovered to date.
aws aws-s3 security-vulnerability leaky-bucket leak document documentation s3 s3-bucket yas3bl yet-another-s3-bucket-leak s3-bucket-leak security information-securitybrowserrecon-php - Advanced Web Browser Fingerprinting
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted attacks, drive-by pharming and web-based phishing provide a broad aspect of threats during surfing in the world wide web. Attacker might initialize and optimize their attacks by fingerprinting the target application to find the best possible way to compromise the client.
browser fingerprint fingerprinting vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification exploit exploitation security-vulnerability
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
