We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
OWASP Joomla Vulnerability Scanner Project
Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionhacker101 - Hacker101
Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injectionjuice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest security vulnerability broken bodgeitMobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipaw3af - Web Application Attack and Audit Framework
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.
vulnerability vulnerability-scanner web-application-security web-security security sql-injectionWapiti - Web application vulnerability scanner / security auditor
Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.
vulnerability vulnerability-scanner web-application-security web-security securityIronWASP - Iron Web application Advanced Security testing Platform
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.
vulnerability vulnerability-scanner web-application-security web-security security static-analysisopenftp4 - A list of all FTP servers in IPv4 that allow anonymous logins.
This is a list of all FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins. The login must be completed in less than 15 seconds to qualify for this list. How and why this list was created is documented in detail in my blog post Mass-analyzing a chunk of the Internet. You can do whatever you want with this data. Consider linking to this repo if you find something interesting or odd.
web-security ftptwa - A tiny web auditor with strong opinions.
A tiny web auditor with strong opinions. You'll need bash 4, curl, dig, and nc, along with a fairly POSIX system.
security web-security auditingpassword-score - Password scoring library written in Javascript.
Password Score is a javascript library for estimating password security in the means of entropy. Beneath using dictionaries, the library searches for common passwords or names and scans for patterns like dates in any format, sequences, repetitions or keyboard patterns. Based on the found patterns, the entropy may be used to estimate the average time needed to crack the password.Estimating the time to crack is still to be implemented. In addition there is still some work to do concerning documentation and the demonstration site.
javascript-library web-security password-strength js passwordlighthouse-security - Runs the default Google Lighthouse tests with additional security tests
Runs the default Google Lighthouse tests with additional security tests.Run the command from CLI like displayed below. The options are the same as for the default Lighthouse CLI options.
lighthouse cli web-security audit developer-tools reporting security websec websecurityawesome-ocap - Awesome Object Capabilities and Capability Security
Capability-based security enables the concise composition of powerful patterns of cooperation without vulnerability. What Are Capabilities? explains in detail. Shill: Shill is a shell scripting language designed to make it easy to follow the Principle of Least Privilege. It runs on FreeBSD and is developed in Racket.
web-security security capabilities awesome-listlookyloo - Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other
Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. This code is very heavily inspired by webplugin and adapted to use flask as backend.
information-security privacy web-securityalokmenghrajani.github.com - Alok Menghrajani's Blog
I started this blog around 1996, hosting it on geocities.com at first. What started as a small collection of random posts about chess and computers graphics grew into a collection of around 100 posts covering a wide array of computer science topics: from quines to size optimization. From web security to compilers/language design. And many other topics. After hosting this site for over 20 years and serving several million page views, I have decided to no longer post new content. I hope you'll enjoy all the content, which can still be accessed at quaxio.com.
blog web-security math puzzle random marqueeburpa - Burp-Automator: A Burp Suite Automation Tool with Slack Integration
Burp-Automator: A Burp Suite Automation Tool with Slack Integration
security burp burpsuite security-tools web-security automation devops security-scanner security-automationviewstate - ASP.NET View State Decoder
A small Python 3.5+ library for decoding ASP.NET viewstate. Decoding the view state can be useful in penetration testing on ASP.NET applications, as well as revealing more information that can be used to efficiently scrape web pages.
python3 security viewstate web-security scraping asp-netTaipan - Web application security scanner
If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken. You can download it from the Artifacts Directory.
security-tools security-scanner security-automation web-security application-security security security-audit security-testing hacking-tool taipan hacking web web-application web-sec-scanner web-security-researchc4 - Open IP cameras in IPv4
c4 is a plain-text list of stream URLs of about 30k open IP cameras in IPv4, which is a representative amount. open should be configured to open URLs with your browser.
camera web-securityMinesweeper - A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking)
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking). As this is the first build of Minesweeper lists are currently built based on CoinBlockerLists. As the project matures more sources will be added, as well as direct code checks. Since CoinBlockerLists updates quite frequently code is included to allow you to manually update your source list from the CoinBlockerLists github project.
burpsuite burpsuitepro burp-extensions burp-plugin web-security hacking hacking-tool web-application-hacking cryptocurrency bitcoin coinhive coinhive-miners blacklist blacklist-extension bugbounty security-audit security-tools security-scanner penetration-testing cryptojackingjuice-shop-ctf - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
The NPM package juice-shop-ctf-cli lets you create a archive files for conveniently import OWASP Juice Shop challenges into different Capture the Flag frameworks. This allows you to populate a CTF game server in a matter of minutes. Then follow the instructions of the interactive command line tool.
owasp ctf ctfd application-security capture-the-flag pentesting hacking owasp-juice-shop ctfd-database ctfd-setup web-security web-application-security webappsec pentest security vulnerable vulnerability broken cli
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
