Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionHacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injectionOWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securityMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipanginx Docker image secure by default. Avoid the hassle of following security best practices "by hand" each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
docker nginx security reverse-proxy clamav cybersecurity web-security hardening modsecurity dnsbl devsecops antibot crowdsec bunkerized-nginx security-tuningw3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionWapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.
vulnerability vulnerability-scanner web-application-security web-security securityIronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.
vulnerability vulnerability-scanner web-application-security web-security security static-analysisThis is a list of all FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins. The login must be completed in less than 15 seconds to qualify for this list. How and why this list was created is documented in detail in my blog post Mass-analyzing a chunk of the Internet. You can do whatever you want with this data. Consider linking to this repo if you find something interesting or odd.
web-security ftpA tiny web auditor with strong opinions. You'll need bash 4, curl, dig, and nc, along with a fairly POSIX system.
security web-security auditingPassword Score is a javascript library for estimating password security in the means of entropy. Beneath using dictionaries, the library searches for common passwords or names and scans for patterns like dates in any format, sequences, repetitions or keyboard patterns. Based on the found patterns, the entropy may be used to estimate the average time needed to crack the password.Estimating the time to crack is still to be implemented. In addition there is still some work to do concerning documentation and the demonstration site.
javascript-library web-security password-strength js passwordRuns the default Google Lighthouse tests with additional security tests.Run the command from CLI like displayed below. The options are the same as for the default Lighthouse CLI options.
lighthouse cli web-security audit developer-tools reporting security websec websecurityCapability-based security enables the concise composition of powerful patterns of cooperation without vulnerability. What Are Capabilities? explains in detail. Shill: Shill is a shell scripting language designed to make it easy to follow the Principle of Least Privilege. It runs on FreeBSD and is developed in Racket.
web-security security capabilities awesome-listLookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. This code is very heavily inspired by webplugin and adapted to use flask as backend.
information-security privacy web-securityI started this blog around 1996, hosting it on geocities.com at first. What started as a small collection of random posts about chess and computers graphics grew into a collection of around 100 posts covering a wide array of computer science topics: from quines to size optimization. From web security to compilers/language design. And many other topics. After hosting this site for over 20 years and serving several million page views, I have decided to no longer post new content. I hope you'll enjoy all the content, which can still be accessed at quaxio.com.
blog web-security math puzzle random marqueeBurp-Automator: A Burp Suite Automation Tool with Slack Integration
security burp burpsuite security-tools web-security automation devops security-scanner security-automationA small Python 3.5+ library for decoding ASP.NET viewstate. Decoding the view state can be useful in penetration testing on ASP.NET applications, as well as revealing more information that can be used to efficiently scrape web pages.
python3 security viewstate web-security scraping asp-netIf you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken. You can download it from the Artifacts Directory.
security-tools security-scanner security-automation web-security application-security security security-audit security-testing hacking-tool taipan hacking web web-application web-sec-scanner web-security-researchc4 is a plain-text list of stream URLs of about 30k open IP cameras in IPv4, which is a representative amount. open should be configured to open URLs with your browser.
camera web-securityA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking). As this is the first build of Minesweeper lists are currently built based on CoinBlockerLists. As the project matures more sources will be added, as well as direct code checks. Since CoinBlockerLists updates quite frequently code is included to allow you to manually update your source list from the CoinBlockerLists github project.
burpsuite burpsuitepro burp-extensions burp-plugin web-security hacking hacking-tool web-application-hacking cryptocurrency bitcoin coinhive coinhive-miners blacklist blacklist-extension bugbounty security-audit security-tools security-scanner penetration-testing cryptojacking
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.