Displaying 1 to 20 from 260 results

MozDef - MozDef: The Mozilla Defense Platform

  •    Javascript

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

Google Authenticator - Two factor authentication

  •    Java

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

OpenAM - Authentication, Authorization and SSO

  •    Java

OpenAM provides open source Authentication, Authorization, Entitlement and Federation software. OpenAM provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenAM provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers.

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.




OpenZeppelin - A Framework to build secure smart contracts on Ethereum

  •    Javascript

OpenZeppelin is a library for writing secure Smart Contracts on Ethereum. With OpenZeppelin, you can build distributed applications, protocols and organizations. It is meant to provide secure, tested and audited code to enable the new generation of distributed applications, protocols and organizations. OpenZeppelin is a community effort to reduce the hurdle to develop and use them.

snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

  •    Javascript

Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

BouncyCastle - Lightweight Cryptography API for Java and CSharp

  •    Java

Bouncy Castle Crypto APIs is a lightweight cryptography API for Java and CSharp. It has provider for the Java Cryptography Extension and the Java Cryptography Architecture. It supports TLS, PKCS7, PKCS12, OpenPGP, S/MIME, OCSP, TSP, CMP, Extended Access Control, ASN and lot more.

OWASP Joomla Vulnerability Scanner Project

  •    Perl

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.


user.js - user.js -- Firefox configuration hardening

  •    Javascript

A user.js configuration file for Mozilla Firefox designed to harden browser settings and make it more secure. Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

KeyBox - Web-based SSH console that centrally manages administrative access to systems

  •    Java

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities

  •    Javascript

There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities. A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.

pac4j - The security engine to protect all your Java web applications

  •    Java

pac4j is a Java security engine to authenticate users, get their profiles and manage their authorizations in order to secure Java web applications. It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB and Stormpath and authorization checks.

MifareClassicTool - An Android NFC-App for reading, writing, analysing, etc

  •    Java

An Android NFC-App for reading, writing, analyzing, etc. MIFARE Classic RFID-Tags. This tool provides several features to interact with (and only with) MIFARE Classic RFID-Tags. It is designed for users who have at least basic familiarity with the MIFARE Classic technology. You also need an understanding of the hexadecimal number system, because all data input and output is in hexadecimal.

openzeppelin-solidity - OpenZeppelin is a library for secure smart contract development

  •    Javascript

OpenZeppelin is a library for secure smart contract development. It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems. To write your custom contracts, import ours and extend them through inheritance.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •    Javascript

So many amazing tools have come out since the release of Sleepy Puppy that streamline the original goals of the project. We're currently leaving Sleepy Puppy code online but are not planning on adding any new features or addressing issues/pull requests. If you are interested in maintaining this project, please reach out to me (sbehrens@netflix.com). Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

postmate - 📭 A powerful, simple, promise-based postMessage library.

  •    Javascript

A powerful, simple, promise-based postMessage iFrame communication library. Postmate is a promise-based API built on postMessage. It allows a parent page to speak with a child iFrame across origins with minimal effort.

buttercup-desktop - :key: Javascript Secrets Vault - Multi-Platform Desktop Application

  •    Javascript

Cross-platform, free and open-source password manager based on NodeJS. Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

  •    Javascript

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.

H5SC - HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

  •    Javascript

Pull requests welcome, we store the files in the /attachments sub-folder.