Displaying 1 to 20 from 77 results

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

nsp - node security platform command-line tool

  •    Javascript

The results of the check command may be altered based on either a filter or threshold.Please note that in case of naming conflicts built-in reporters (as listed above) take precedence. For instance, nsp-reporter-json would never be used since nsp ships with a json formatter.

express-gateway - A microservices API Gateway built on top of ExpressJS

  •    Javascript

Express Gateway is an API Gateway that sits at the heart of any microservices architecture, regardless of what language or platform you're using. Express Gateway secures your microservices and exposes them through APIs using Node.js, ExpressJS and Express middleware. Developing microservices, orchestrating and managing them now can be done insanely fast all on one seamless platform without having to introduce additional infrastructure. Express Gateway is commerically supported LunchBadger. For more information about support plans please contact info@express-gateway.io.




learn-json-web-tokens - :closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)

  •    Javascript

JSON Web Tokens (JWTs) make it easy to send read-only signed "claims" between services (both internal and external to your app/site). Claims are any bits of data that you want someone else to be able to read and/or verify but not alter. To identify/authenticate people in your (web/mobile) app, put a standards-based token in the header or url of the page (or API endpoint) which proves the user has logged in and is allowed to access the desired content.

vm2 - Advanced vm/sandbox for Node.js

  •    Javascript

IMPORTANT: Requires Node.js 6 or newer. VM is a simple sandbox, without require feature, to synchronously run an untrusted code. Only JavaScript built-in objects + Buffer are available. Scheduling functions (setInterval, setTimeout and setImmediate) are not available by default.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.


javascript-obfuscator - A powerful obfuscator for JavaScript and Node.js

  •    TypeScript

JavaScript obfuscator is a powerful free obfuscator for JavaScript with a wide number of features which provides protection for your source code. It is not recommended to obfuscate vendor scripts and polyfills, since the obfuscated code is 15-80% slower (depends on options) and the files are significantly larger.

seifnode

  •    C++

Seifnode depends on the c++ library Seifrng which will be installed locally during pre-install; Seifrng uses the CMake build system which too will be installed locally if not found. The node module also depends of Crypto++ which will be locally installed by Seifrng if not found during pre-install.On Linux systems the node module requires PatchELF utility which will be installed locally if not found during pre-install.

jailed - execute untrusted code with custom permissions

  •    Javascript

Jailed is a small JavaScript library for running untrusted code in a sandbox. The library is written in vanilla-js and has no dependencies. Export a set of external functions into the sandbox.

protect - Proactively protect your Node.js web services

  •    Javascript

Works on Node.js v6 and newer. The purpose of this module is to provide out-of-box, proactive protection for common security problems, like SQL injection attacks, XSS attacks, brute force, etc...

fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io

  •    CoffeeScript

You think you're one raw dog? fusker.nodester.com Come at me bro. Please see this for a working express example. It's as easy as app.use(fusker.express.check); Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.

solgraph - Visualize Solidity control flow for smart contract security analysis

  •    Javascript

Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.

bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.

  •    Javascript

Pentesting framework using Node.js powers. Focused in VoIP. DISCLAIMER: Pointing this tool at other people's servers is NOT legal in most countries.

express-jwt-permissions - :vertical_traffic_light: Express middleware for JWT permissions

  •    Javascript

Middleware that checks JWT tokens for permissions, recommended to be used in conjunction with express-jwt. This middleware assumes you already have a JWT authentication middleware such as express-jwt.

vue-password-strength-meter - 🔐 Password strength meter based on zxcvbn in vue.js

  •    Javascript

You can customize the styling of the input field, badge and strength-meter by passing your own css classes to defaultClass, strengthMeterClass etc. For detailed explanation on how things work, checkout the guide and docs for vue-loader.

observatory-cli

  •    Javascript

Command line client for Mozilla HTTP observatory service