Search Results for "web attacks detection"
Sort By:
Showing 465 open source projects for "web attacks detection"
View related business solutions-
Outgrown Windows Task Scheduler?Windows Task Scheduler wasn't built for complex, cross-platform automation. Get a free diagnostic that shows exactly where things are failing and provides remediation recommendations. Interactive HTML report delivered in minutes.
-
Build Secure Enterprise Apps Fast with RetoolCreate internal software that meets enterprise security standards. Retool connects to your business data—databases, APIs, and vector stores while ensuring compliance with granular permissions and audit logs. Whether on our cloud or self-hosted, build the dashboards and admin panels your organization needs without compromising on security or control.
-
1
Web-Check
All-in-one OSINT tool for analysing any website
Comprehensive, on-demand open source intelligence for any website. Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance,... -
2
Rebuff
LLM Prompt Injection Detector
A self-hardening prompt injection detector. Rebuff is designed to protect AI applications from prompt injection (PI) attacks through a multi-layered defense. Rebuff is still a prototype and cannot provide 100% protection against prompt injection attacks. Add canary tokens to prompts to detect leakages, allowing the framework to store embeddings about the incoming prompt in the vector database and prevent future attacks. -
3
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. ... -
4
UFONet
UFONet - Denial of Service Toolkit
UFONet is a powerful and controversial Python-based toolkit for testing and conducting Distributed Denial of Service (DDoS) attacks using unconventional methods, such as leveraging third-party web applications as attack vectors. It automates the discovery of vulnerable targets and enables attackers or researchers to launch large-scale amplification attacks without directly using botnets. While primarily intended for penetration testing and educational purposes, UFONet emphasizes anonymity through the use of proxies, TOR, and encrypted command channels. -
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
5
web-mode.el
Web template editing mode for emacs
web-mode.el is an autonomous emacs major mode for editing web templates. HTML documents can embed parts (CSS / JavaScript) and blocks (client / server side). web-mode.el is compatible with many template engines: PHP, JSP, ASP, Django, Twig, Jinja, Mustache, ERB, FreeMarker, Velocity, Cheetah, Smarty, CTemplate, Mustache, Blade, ErlyDTL, Go Template, Dust.js, Google Closure (soy), React/JSX, Angularjs, ejs, Nunjucks, etc. Compatibility with many template engines : php, jsp, gsp (grails), asp... -
6
FLEXible
Federated Learning (FL) experiment simulation in Python
FLEXible (Federated Learning Experiments) is a Python framework offering tools to simulate FL with deep learning. It includes built-in datasets (MNIST, CIFAR10, Shakespeare), supports TensorFlow/PyTorch, and has extensions for adversarial attacks, anomaly detection, and decision trees. -
7
WAFW00F
WAFW00F allows one to identify and fingerprint Web App Firewall
The Web Application Firewall Fingerprinting Tool. Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. ... -
8
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
9
teler
Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications. teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram and Discord. ... -
Inventors: Validate Your Idea, Protect It and Gain Market AdvantagessenseIP is an AI innovation platform for inventors, automating any aspect of IP from the moment you have an idea. You can have it researched for uniqueness and protected; quickly and effortlessly, without expensive attorneys. Built for business success while securing your competitive edge.
-
10
BeEF
The browser exploitation framework project
...BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. -
11
Arcjet
Arcjet JS SDKs. Rate limiting, bot protection, email verification
Arcjet helps developers protect their apps in just a few lines of code. Implement rate limiting, bot protection, email verification, and defense against common attacks. Native security for Bun, Next.js, Node.js, SvelteKit, Vercel, Netlify, Fly.io, and other modern platforms. Customizable protection for signup forms, login pages, API routes, and your whole app. Test security rules locally. Protection that works in every environment. No agent is required. -
12
WAF package for Laravel
Web Application Firewall (WAF) package for Laravel
This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notifications via email and/or slack when an attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Some middleware classes (i.e. Xss) are empty as the Middleware abstract class that they extend does all of the job, dynamically. In short, they all work. -
13
DOMPurify
XSS sanitizer for HTML, MathML and SVG
...We also cover Node.js v14.15.1, v15.4.0, running DOMPurify on jsdom. Older Node.js versions are known to work as well. DOMPurify is written by security people who have vast background in web attacks and XSS. -
14
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
15
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
...A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security. -
16
ModSecurity
Cross platform web application firewall (WAF) engine for Apache
ModSecurity is an open-source, cross-platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Libmodsecurity is one component of the ModSecurity v3 project. -
17
Splunk Attack Range
A tool that allows you to create vulnerable environments
The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
18
ShellHub
Get seamless remote access to any Linux device
ShellHub is a centralized SSH gateway that allows users to remotely access and manage their servers and devices from anywhere, using a web browser or a mobile app. It provides a secure and convenient way to connect to and control your servers and devices and can help to improve the security of your servers by preventing unauthorized access. ShellHub incorporates the use of Docker containers to facilitate the integration of new devices into the platform, simplifying configuration. ShellHub... -
19
changedetection.io
The best free open source website change detection and restock service
Loved by smart shoppers, data journalists, research engineers, data scientists, security researchers, and more. From simply monitoring website pages that have a change (such as watching prices, and restocking notifications), to deep inspection such as PDF text support, JSON and XML monitoring, and extensive text triggers. Monitor out-of-stock products and get alerts when those products are back in stock, get restock alerts via Discord, Slack, email, and many other platforms. Using the... -
20
ML.NET
Open source and cross-platform machine learning framework for .NET
...ML.NET has been designed as an extensible platform so that you can consume other popular ML frameworks (TensorFlow, ONNX, Infer.NET, and more) and have access to even more machine learning scenarios, like image classification, object detection, and more. -
21
Internal All The Things
Active Directory and Internal Pentest Cheatsheets
Internal All The Things is a large, community-driven cheat-sheet and documentation repository focused on internal network penetration testing and Active Directory (AD) exploitation. It covers a broad range of topics; AD certificate services, Kerberos attacks, lateral movement, tooling, post-exploitation techniques, and networking. The content is designed to help both learners and experienced red-teamers fill gaps in their internal pentest knowledge, especially for environments where AD and internal tooling dominate. Because internal engagements often have more complexity and fewer online guides compared to internet-facing web apps, this repo serves as a converging point for best practices, write-ups, and cheat sheets. ... -
22
BadUSB
Flipper Zero badusb payload library
...Due to the dual-use nature of such techniques, responsible repositories emphasize lab-only experiments, consent-based testing, and mitigations like disabling autorun, enforcing device policies, and using endpoint detection. -
23
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs... -
24
Highlight.js
JavaScript syntax highlighter with language auto-detection
...You can run highlighting inside a web worker to avoid freezing the browser window while dealing with very big chunks of code. -
25
Locust
Scalable open source load testing tool
Locust is an open source user load testing tool written in Python. The idea behind Locust is to swarm your web site or other systems with attacks from simulated users during a test, with each user behavior defined by you using Python code. This swarming process is then monitored from a web UI in real-time, and will help identify any bottlenecks in your code before real users can come in. As it is completely event-based, Locust can have thousands or even millions of simultaneous users distributed over multiple machines swarming your system. ...
