We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
OWASP Joomla Vulnerability Scanner Project
Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionhacker101 - Hacker101
Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injectionarachni - Web Application Security Scanner Framework
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
arachni dom audit detection security-audit analysis modular scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injectionNoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".
nosql nosql-databases penetration-testing scanner security-audit security-tools security-toolset offensive-security enumeration databases mongodb couchdb web-application-security bugbounty redis mongodb-database sql-injection hacking hacking-tool hacktoberfestDVWA - Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
dvwa sql-injection security training infosec hackingSqlmap - Automatic SQL injection and database takeover tool
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
penetration-testing vulnerability-scanner sql-injection pentesting security-testing testing-toolZeus-Scanner - Advanced reconnaissance utility
Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas. Running without a mandatory options, or running the --help flag will output Zeus's help menu: A basic dork scan with the -d flag, from the given dork will launch an automated browser and pull the Google page results: Calling the -s flag will prompt for you to start the sqlmap API server python sqlmapapi.py -s from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL's.
sql-injection port-scanner recon xss-scanner vulnerability-scanners google-dorks pgp-keyserver admin-panel-finder dork-scanning ip-block-bypass captcha-bypassw3af - Web Application Attack and Audit Framework
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionjsql-injection - jSQL Injection is a Java application for automatic SQL database injection.
jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X).
database kali-linux pentest sql-injectionDBShield - Database firewall written in Go
Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones. By adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.
sql-injection database mysql db2 postgresql mariadb oracleBlazy - Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF
Blazy is a modern login page bruteforcer.
brute-force bruteforce csrf clickjacking scanner cloudflare waf detector sql-injectionprotect - Proactively protect your Node.js web services
Works on Node.js v6 and newer. The purpose of this module is to provide out-of-box, proactive protection for common security problems, like SQL injection attacks, XSS attacks, brute force, etc...
security express xss sql-injection nodejsSecuBat Vulnerability Scanner
SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.
scanner secubat security sql-injection xssOWASP .NET Shield
Code to protect .NET Web applications and services against sql injection and cross site scripting attacks.
owasp sql-injection sqlinjection xssAscii Hex URL Decoder
This tool decodes Ascii Hex encoded data found in URLs used in recent SQL Injection attacks.
ascii decoder decoding hex sql-injection urlsjinjasql - Simplify creation and maintenance of complex SQL queries by using Jinja based template language
JinjaSQL is a template language for SQL statements and scripts. Since it's based in Jinja2, you have all the power it offers - conditional statements, macros, looping constructs, blocks, inheritance, and many more. JinjaSQL doesn't actually execute the query - it only prepares the query and the bind parameters. You can execute the query using any database engine / driver you are working with.
sql sql-builder jinja2 sql-injection sql-queryjanusec - Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing
Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Detailed documentation is available at Janusec Application Gateway Documentation.
waf web-application-firewall application-gateway load-balance gateway application-security security web-application-security reverse-proxy sql-injection xss cc-attack-defense sensitive-data-leakage janusec-application-gatewayvandium-node - AWS Lambda framework for building functions using Node
AWS Lambda framework for building functions using Node.js for API Gateway, IoT applications, and other AWS events. Install via npm.
aws-lambda aws-lambda-framework jwt aws lambda framework validation wrapper api gateway sql sql-injection sqli injection attack iot serverlessso-sql-injections - SQL injection vulnerabilities in Stack Overflow PHP questions
SQL injection vulnerabilities in Stack Overflow PHP questions
sql-injection mysqlgray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#
This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.
sql-injection fuzzer metasploit payload c-sharp automation mono xamarin security nessus openvas nexpose sqlmap arachni clamav cuckoo-sandbox pentesting blueteam redteam
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
