Search Results for "attack"
Sort By:
Showing 698 open source projects for "attack"
View related business solutions-
MicroStation by Bentley Systems is the trusted computer-aided design (CAD) software built specifically for infrastructure design.MicroStation is the only computer-aided design software for infrastructure design, helping architects and engineers like you bring their vision to life, present their designs to their clients, and deliver their projects to the community.
-
Next-Gen Encryption for Post-Quantum Security | CLEAR by Quantum KnightCLEAR by Quantum Knight is a FIPS-140-3 validated encryption SDK engineered for enterprises requiring top-tier security. Offering robust post-quantum cryptography, CLEAR secures files, streaming media, databases, and networks with ease across over 30 modern platforms. Its compact design, smaller than a single smartphone image, ensures maximum efficiency and low energy consumption.
-
1
Rack::Attack
Rack middleware for blocking & throttling
Protect your Rails and Rack apps from bad clients. Rack::Attack lets you easily decide when to allow, block and throttle based on properties of the request. Rack middleware for blocking & throttling abusive requests. Tackling each curious anomaly that threatens your site’s reliability saps developer productivity and happiness. Rack::Attack lets you throttle abusive requests with just a few lines of code. -
2
Splunk Attack Range
Tool to simulate attacks and collect the data
Attack Range Log The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
3
Splunk Attack Range
A tool that allows you to create vulnerable environments
The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
4
AzureAD Attack Defense
This publication is a collection of various common attack scenarios
AzureAD-Attack-Defense is a community-maintained playbook that collects common attack scenarios against Microsoft Entra ID (formerly Azure Active Directory) together with detection and mitigation guidance. The repository is organized into focused chapters — for example: Password Spray, Consent Grant, Service Principals in Azure DevOps, Entra Connect Sync Service Account, Replay of Primary Refresh Token (PRT), Entra ID Security Config Analyzer, and Adversary-in-the-Middle — each written to explain the attack, show detection approaches, and recommend mitigation steps. ... -
Failed Payment Recovery for Subscription BusinessesFlexPay’s innovative platform uses multiple technologies to achieve the highest number of retained customers, resulting in reduced involuntary churn, longer life span after recovery, and higher revenue. Leading brands like LegalZoom, Hooked on Phonics, and ClinicSense trust FlexPay to recover failed payments, reduce churn, and increase customer lifetime value.
-
5
UFONet
UFONet - Denial of Service Toolkit
UFONet is a powerful and controversial Python-based toolkit for testing and conducting Distributed Denial of Service (DDoS) attacks using unconventional methods, such as leveraging third-party web applications as attack vectors. It automates the discovery of vulnerable targets and enables attackers or researchers to launch large-scale amplification attacks without directly using botnets. While primarily intended for penetration testing and educational purposes, UFONet emphasizes anonymity through the use of proxies, TOR, and encrypted command channels. -
6
bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks
bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks. -
7
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security. ... -
8
RedAmon
AI-powered framework for automated penetration testing and red teaming
...It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
9
SimpleX
The first messaging platform operating without user identifiers
Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers. This radically improves your privacy. The video shows how you connect to your friend via their 1-time QR-code, in person or via a video link. You can also connect by sharing an invitation link. Temporary anonymous pairwise identifiers SimpleX uses temporary anonymous pairwise addresses and credentials for each user contact or group member. It allows to deliver messages... -
Skillfully - The future of skills based hiringSkillfully transforms hiring through AI-powered skill simulations that show you how candidates actually perform before you hire them. Our platform helps companies cut through AI-generated resumes and rehearsed interviews by validating real capabilities in action. Through dynamic job specific simulations and skill-based assessments, companies like Bloomberg and McKinsey have cut screening time by 50% while dramatically improving hire quality.
-
10
Proxify
A versatile and portable proxy for capturing HTTP/HTTPS traffic
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally, a replay utility allows to import the dumped traffic (request/responses with correct domain name) into BurpSuite or any other proxy by simply setting the upstream proxy to proxify. -
11
go-mitmproxy
mitmproxy implemented with golang
go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. If the root certificate is already trusted... -
12
VIPER
AI-powered red team platform for adversary simulation toolkit
Viper is a comprehensive red teaming and adversary simulation platform designed to support cybersecurity professionals in conducting advanced security assessments. It integrates a wide range of tools and capabilities required for penetration testing, post-exploitation, and attack simulation workflows into a unified environment. Viper emphasizes ease of use through a graphical interface, allowing users to manage complex operations without relying solely on command-line tools. It includes a large collection of built-in modules that cover multiple stages of the MITRE ATT&CK framework, enabling realistic and structured attack simulations. ... -
13
KubeArmor
Runtime Security Enforcement System
...It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls. KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments. KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities. -
14
apk-mitm
Application that automatically prepares Android APK files for HTTPS
Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious. -
15
promptmap2
A security scanner for custom LLM applications
promptmap is an automated security scanner for custom LLM applications that focuses on prompt injection and related attack classes. The project supports both white-box and black-box testing, which means it can either run tests directly against a known model and system prompt configuration or attack an external HTTP endpoint without internal access. Its scanning workflow uses a dual-LLM architecture in which one model acts as the target being tested and another acts as a controller that evaluates whether an attack succeeded. ... -
16
Damn Vulnerable GraphQL Application
Vulnerable implementation of Facebook's GraphQL technology
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. DVGA has numerous flaws, such as Injections, Code Executions, Bypasses, Denial of Service, and more. See the full list under the Scenarios section. A public Postman collection is also available to replay solutions to the challenges. DVGA supports Beginner and Expert level game modes, which will change the exploitation difficulty. -
17
mitmproxy
A free and open source interactive HTTPS proxy
mitmproxy is an open source, interactive SSL/TLS-capable intercepting HTTP proxy, with a console interface fit for HTTP/1, HTTP/2, and WebSockets. It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. Its web-based interface mitmweb gives you a similar experience as Chrome's DevTools, with the addition of... -
18
WAF package for Laravel
Web Application Firewall (WAF) package for Laravel
This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notifications via email and/or slack when an attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Some middleware classes (i.e. Xss) are empty as the Middleware abstract class that they extend does all of the job, dynamically. In short, they all work. -
19
PentestAgent
AI agent framework for black-box security testing
PentestAgent is an open-source autonomous security testing platform designed to help organizations identify vulnerabilities and assess security posture by simulating real-world attack scenarios without manual intervention. It brings a modular and automated approach to penetration testing by orchestrating a suite of tools and scripts that can emulate common exploitation techniques, reconnaissance workflows, and post-exploitation activities across targets. Users configure rules, policies, and environments, and the agent continuously probes for weaknesses, prioritizes findings, and generates contextual reports that help both technical and non-technical stakeholders understand risk exposure. ... -
20
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. ... -
21
Proxyee
HTTP proxy server,support HTTPS & websocket
Proxyee is a JAVA-written HTTP proxy server library that supports HTTP, HTTPS, and WebSocket protocols, and supports MITM (Man-in-the-middle), which can capture and tamper with HTTP, and HTTPS packets. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to... -
22
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
23
Themis
Easy to use cryptographic framework for data protection
Cross-platform high-level cryptographic library. Themis helps to build simple and complex cryptographic features easily, quickly, and securely. It’s a perfect fit for multi-platform apps. Themis hides cryptographic details and eliminates popular mistakes. Themis provides ready-made building blocks (“cryptosystems”) for secure data storage, message exchange, socket connections, and authentication. Secure Cell is a multi-mode cryptographic container suitable for storing anything from encrypted... -
24
Pterodactyl Panel
Pterodactyl® is a free, open-source game server management panel
...Built on a modern stack utilizing the best design practices that make it easy to jump in and make modifications. All servers run in isolated Docker containers that limit attack vectors, provide strict resource limits, and provide environments tailored to each specific game. Pterodactyl is 100% free and licensed under a MIT license. All of our code is completely open source as well. -
25
SSH-MITM
Server for security audits supporting public key authentication
ssh man-in-the-middle (ssh-mitm) server for security audits supporting publickey authentication, session hijacking and file manipulation. SSH-MITM is a man in the middle SSH Server for security audits and malware analysis. Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not...
