Search Results for "command injection"
Sort By:
Showing 32 open source projects for "command injection"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
The All-in-One Commerce Platform for Businesses - ShopifyShopify is a leading all-in-one commerce platform that enables businesses to start, build, and grow their online and physical stores. It offers tools to create customized websites, manage inventory, process payments, and sell across multiple channels including online, in-person, wholesale, and global markets. The platform includes integrated marketing tools, analytics, and customer engagement features to help merchants reach and retain customers. Shopify supports thousands of third-party apps and offers developer-friendly APIs for custom solutions. With world-class checkout technology, Shopify powers over 150 million high-intent shoppers worldwide. Its reliable, scalable infrastructure ensures fast performance and seamless operations at any business size.
-
1
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others... -
2
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also... -
3
Claude Code Security Review
An AI-powered security review GitHub Action using Claude
The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning... -
4
garak
Developers and anyone seeking an LLM solution to scan for vulnerabilit
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated periodically... -
Simple, Secure Domain RegistrationRegister or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
-
5
Secure Protocol Format
Generic binary protocol library that prevents injection attacks
... constraints and, more importantly, demands that data fields to be described using binary metadata rather than text. The Secure Protocol Format, or SPF, was created as a simplified version of DER. In addition to delimiting data by length, it also affords programmers the ability to use text for describing data, just like tags are used in HTML and XML. Thus, SPF provides a simple and practical approach to preventing command injection attacks while allowing text to describe data. -
6
Pixload
Image Payload Creating/Injecting tools
Pixload is a collection of tools for creating and injecting payloads into image files using steganographic techniques to embed hidden content in common image formats. It supports BMP, GIF, JPG, PNG, and WebP formats and offers command-line utility for generating or modifying images with embedded payloads. If the target image exists, it can inject into it; otherwise, it generates a new one. Offers separate utilities per format (e.g., bmp.pl, gif.pl, jpg.pl, png.pl) for injection or creation... -
7
FireCX
Open source OWASP penetration testing tool written in Python 3
FireCX is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. -
8
PHPCorrector
XSS and SQLi vulnerabilities corrrector for PHP web applications
PHPCorrector is a tool that scans your PHP code to find Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities. When a vulnerability is found, it is corrected automatically. -
9
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids... -
Photo and Video Editing APIs and SDKsUnlock Picsart's full editing suite by embedding our Editor SDK directly into your platform. Offer your users the power of a full design suite without leaving your site.
-
10
hexinject
Hexadecimal and raw packet injector and sniffer.
Hexadecimal and raw packet injector and sniffer. Can be easily combined with other tools to provide a powerful cmdline framework for raw network access.">
-
11
A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
-
12
MR.SE SQL Injection Tool
Auto SQL Injection Tool Coded by MR.SE
SQLInjection is one of the basics of hacking. It is also one of the most tedious and most time consuming steps. MR.SE SQL Injection Tool programmed under Perl and hackers can quickly and easily penetrate their desired website databases with this. -
13
Web Application Protection
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static... -
14
PAVS
PHP Application Vulnerability Scanner
PAVS scans the PHP based web application source code and identifies the potential security problems in that application. PAVS also identifies the loop holes in PHP configuration file settings. Attacks addressed by PAVS are Cross-site Scripting SQL Injection File Manipulation File Inclusion Command Execution Code Evaluation -
15
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...">
-
16
Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell or extract data also in very hostile conditions. For more information please check http://sqlninja.sf.net
-
17
Mole
Automatic SQL Injection Exploitation Tool
Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible. -
18
hwk
hwk is a tool used for wireless lan pentests
hwk is an easy-to-use application used to attack and discover wireless networks. It's providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing. -
19
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/
-
20
AHT (Ashiyane Hack Tools Ver) 1.1
Perl Hacking Tools (BackTrack)
This is a perl script for hacking .. It Will make hacking easy for You .. It is For BackTrack This Script Contains This tools : Local File Disclource (LFD) Checker Scanning the whole netmask and returning IP and MAC BackConnect Tools Proxy Checker Reverse IP Add a User With Admin Access (Windows) Add a User With r00t Access (Unix) Grab Cpanel Users Remote Port Scanning With NetCat SQL Injection Scanner MD5 Hash Cracker (Online) Admin Page Finder Make Uploader With Echo... -
21
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
22
GameOver
Training and educating about the web security
About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command... -
23
Note: WE ARE UNABLE TO UPDATE THE SCANNER AT THIS MOMENT! Note: WE APPRECIATE YOUR CONTRIBUTION. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. We'll update it soon. The database update is currently maintained by web-center.si. Send your contributions, recommendations and bugs report to joomscan at yehg.net or creating a ticket at Trac here.
-
24
sqlsus is an open source (My)SQL injection tool, written in perl. It focuses on speed and efficiency, optimising the available injection space. It provides an easy to use interface with lots of neat features. For more information, please visit http://sqlsus.sf.net
-
25
mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.