Search Results for "attacks"
Sort By:
Showing 31 open source projects for "attacks"
View related business solutions-
Queue Management System for Busy Service Providers | WaitWellThe queue management system that perfectly adapts to your workflows. Improve operational efficiency in weeks with the most configurable enterprise queue system.
-
All-in-One Inspection SoftwareOptimize Frontline Operations: Elevate Equipment Uptime, Operational Excellence, and Safety with Connected Teams and Data, Including Issue Capture and Corrective Action.
-
1
UFONet
UFONet - Denial of Service Toolkit
UFONet is a powerful and controversial Python-based toolkit for testing and conducting Distributed Denial of Service (DDoS) attacks using unconventional methods, such as leveraging third-party web applications as attack vectors. It automates the discovery of vulnerable targets and enables attackers or researchers to launch large-scale amplification attacks without directly using botnets. While primarily intended for penetration testing and educational purposes, UFONet emphasizes anonymity through the use of proxies, TOR, and encrypted command channels. -
2
DOMPurify
XSS sanitizer for HTML, MathML and SVG
...We also cover Node.js v14.15.1, v15.4.0, running DOMPurify on jsdom. Older Node.js versions are known to work as well. DOMPurify is written by security people who have vast background in web attacks and XSS. -
3
BeEF
The browser exploitation framework project
...BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. -
4
NPQ
Install packages with npm or yarn by auditing them
npq is a security-focused package manager that analyzes npm dependencies for potential vulnerabilities before installation. It helps developers ensure the safety of their projects by checking for malicious or outdated packages. -
Unimus makes Network Automation and Configuration Management easy.We aim to make automation, disaster recovery, change management and configuration auditing painless and affordable for a network of any size.
-
5
Node Argon2
Node.js bindings for Argon2 hashing algorithm
A Node.js library for hashing passwords securely using the Argon2 key derivation function, a modern cryptographic algorithm. -
6
react-markdown
Markdown component for React
React component to render markdown. This package is a React component that can be given a string of markdown that it’ll safely render to React elements. You can pass plugins to change how markdown is transformed and pass components that will be used instead of normal HTML elements. -
7
RedAmon
AI-powered framework for automated penetration testing and red teaming
...RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
8
lockfile linting
Lint an npm or yarn lockfile to analyze and detect security issues
lockfile-lint is a security tool that helps validate npm and Yarn lockfiles to prevent malicious dependency injections. It checks for common security issues such as package integrity violations and unauthorized registry usage. -
9
Marked
A markdown parser and compiler. Built for speed
...The only completely secure system is the one that doesn't exist in the first place. Having said that, we take the security of Marked very seriously. To prevent ReDoS attacks you can run marked on a worker and terminate it when parsing takes longer than usual. Marked can be run in a worker thread on a node server, or a web worker in a browser. Only current and LTS Node.js versions are supported. End-of-life Node.js versions may become incompatible with Marked at any point in time. -
Teradata VantageCloud Enterprise is a data analytics platform for performing advanced analytics on AWS, Azure, and Google Cloud.VantageCloud is the complete cloud analytics and data platform, delivering harmonized data and Trusted AI for all. Built for performance, flexibility, and openness, VantageCloud enables organizations to unify diverse data sources, run complex analytics, and deploy AI models—all within a single, scalable platform.
-
10
node-rate-limiter-flexible
Count and limit requests by key with atomic increments
rate-limiter-flexible counts and limits number of actions by key and protects from DDoS and brute force attacks at any scale. It works with Redis, process Memory, Cluster or PM2, Memcached, MongoDB, MySQL, PostgreSQL and allows to control of requests rate in single process or distributed environment. All operations in memory or distributed environments use atomic increments against race conditions. Combine limiters, block key for some duration, delay actions, manage failover with insurance options, configure smart key blocking in memory and many others. ... -
11
StrongKey FIDO Server (SKFS)
FIDO® Certified StrongKey FIDO Server (SKFS)
An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps). -
12
ufonet
UFONet - Denial of Service Toolkit
UFONet - Is a set of hacktivist tools that allow launching coordinated DDoS and DoS attacks and combine both in a single offensive. It also works as an encrypted DarkNET to publish and receive content by creating a global client/server network based on a direct-connect P2P architecture. + FAQ: https://ufonet.03c8.net/FAQ.html -------------------------------------------- -> UFONet-v1.8 [DPh] "DarK-PhAnT0m!" -
13
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script... -
14
Node.js express.js MongoDB JWT REST API
Node.js express.js MongoDB JWT REST API - Basic Project Skeleton
...Do you want to contribute? Pull requests are always welcome to show more features. Custom email/password user system with basic security and blocking for preventing brute force attacks. Login access log with IP, browser and country location (for country it looks for the header cf-ipcountry that CloudFlare creates when protecting your website). NPM script for keeping good source code formatting using prettier and ESLint. JWT Tokens, make requests with a token after login with the Authorization header with value Bearer yourToken where yourToken is the signed and encrypted token given in the response. -
15
Pwnagotchi
Deep Reinforcement learning instrumenting bettercap for WiFi pwning
Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs. Instead of merely playing Super Mario or Atari games like most reinforcement learning based “AI” (yawn), Pwnagotchi tunes its own parameters over time to get better at pwning WiFi things in the real world environments you expose it to. ... -
16
mod_csrf
Apache module to prevent cross-site request forgery.
mod_csrf is a module for the Apache Web server. It prevents cross-site request forgery attacks to vulnerable HTML forms. -
17
Sploitware
Vulnerability analytics
Sploitware is a curated repository that maps the world of exploit development, offensive security, and binary exploitation into organized learning material. It brings together links to tutorials, tools, writeups, and CTF resources so that security learners don’t have to hunt across the internet for a coherent path. The focus is on practical exploitation skills: understanding memory corruption, reverse engineering, shellcode, privilege escalation, and platform specifics. By being a single,... -
18
SlimMVC.js
Your Slim MVC JavaScript
A simple JavaScript framework to implement MVC pattern and safe against XSS attacks using nodeValue property rather innerHTML. -
19
passport-facebook
Facebook authentication strategy for Passport and Node.js.
...The module normalizes the returned user profile into a consistent format so you can store or use profile data with minimal translation. It also handles secure token exchange and sanitization of inputs to protect against common OAuth attacks. -
20
Browserpass
Legacy Browserpass repo
...Browserpass is a browser extension for zx2c4's pass, a UNIX based password store manager. It allows you to auto-fill or copy to clipboard credentials for the current domain, protecting you from phishing attacks. In order to use Browserpass you must also install a companion native messaging host, which provides an interface to your password store. It uses a native binary written in Golang to do the interfacing with your password store. Secure communication between the binary and the browser extension is handled through native messaging. -
21
SWF Investigator
Adobe SWF Investigator enables full analysis of SWF applications.
...From a dynamic perspective, you can call functions within the SWF, load the SWF in various contexts, communicate via local connections and send messages to Action Message Format (AMF) endpoints. SWF Investigator contains an extensible fuzzer for SWF applications and AMF services, so you can search for common Web application attacks. This toolset also provides a variety of utilities including encoders and decoders for SWF data, as well as a basic AS3 compiler. -
22
Electrode Stateless CSRF
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
...CSRF protection is an important security feature, but in systems which don't have backend session persistence, validation is tricky. Stateless CSRF support addresses this need. CSRF attacks can be bad when a malicious script can make a request that can perform harmful operations through the user (victim)'s browser, attaching user-specific and sensitive data in the cookies. For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. ... -
23
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
24
IPTC-Attacker
Testing for XSS via IPTC metadata
As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag. Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection. -
25
Wave Framework
Open Source API-centric PHP Micro-framework
Wave is a PHP micro-framework that is built loosely following model-view-control architecture and factory method design pattern. It is made for web services, websites and info-systems and is built to support a native API architecture, caching, user control and smart resource management. Wave is a compact framework that does not include bloated libraries and features and is developed keeping lightweight speed and optimizations in mind. While not necessary for using Wave Framework, it comes by...
