Open Source Python Security Software

Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo

OSS-Fuzz is a large-scale fuzz testing platform developed by Google to improve the security and reliability of widely used open source software. Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. OSS-Fuzz integrates modern fuzzing engines with sanitizers and runs them at scale in a distributed environment, providing automated testing and continuous monitoring. The platform supports multiple programming languages including C/C++, Rust, Go, Python, Java/JVM, and JavaScript, ensuring wide coverage across critical open source projects.

Dynamic and static analysis with Sandboxie for Windows, including EDR, ClamAV, YARA-X, custom machine learning AI, behavioral analysis, NLP-based detection, website signatures, Ghidra, Suricata, Sigma, and much more than you can imagine

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, OCSP and CRL support, is backed by the robust wolfCrypt cryptography library, and much more. wolfSSL relies on the FIPS 140-2 validated wolfCrypt library for all cryptographic functionality. Visit http://wolfssl.com/wolfSSL/fips.html for more info!

This is a apache v2.0 authentication module. Based on html form authentication and cookie authentication session. Cookie session are stored in memcache deamon. Can be used has an simple "Single Signe-On" (SSO). All the code source and the bug tracking has migrated to github: https://github.com/ZenProjects/Apache-Authmemcookie-Module All the documentation are here: https://zenprojects.github.io/Apache-Authmemcookie-Module/

UNICORE is a software suite for building federated systems, providing secure and seamless access to heterogeneous resource such as compute clusters and file systems. UNICORE deals with authentication, user mapping and authorization, and provides a comprehensive set of RESTful APIs for HPC access and workflows. Contributors: visit https://github.com/UNICORE-EU

A.I. security app. Development ceased.

The CILogon project facilitates secure access to Cyberinfrastructure (CI) via open source identity and access management software.

This project is intended to host developer clients for openhuman.org web services - free collaborative protection system against userbase contamination by disposable email addressing (DEA) and public accounts.

Eng: Digital Signature with x.509 certificates and smartcards for PDFand PAdES format documents in Spanish for Windows OS (8 and 10). Esp: Firma Digital de documents electrónicos PDF en formato PAdES con certificados digitales X.509 y tokens criptográficos en español.

An alternative Identification system that is a replacement for Microsoft's Passport and the Liberty Alliance. Its a simple architecture that is setup so anyone can run a server and thereby have control over their online identification.

Injection Wizard is an application for injecting traffic into WEP protected Wi-Fi networks, like aireplay-ng, but it's much more easy to use and it can work with worse conditions.

Honeypots for servers, VoIP, social networks and web applications

Konfidi is a trust framework that uses topical trust values from a social network of authenticated people. When you receive an email from someone you do not know, but he/she is in the network, Konfidi will compute an inferred trust value for you.

MINI is a secure service discovery protocol for the M2MI ad-hoc networking library and written in Java (and soon, Python).

OpenSEED is open source implementation for SEED, the 128-bit Symmetric Block Cipher which is used widely among Korean Financial & Banking Companies. OpenSEED will implement TLS over SEED, also.

OpenSQLi-NG is the next generation open source sql injection tool. It silently test and exploit (on-demand) SQL injections conditions. Please refer to the project web site to have the complete description: http://opensqling.sourceforge.net/?page_id=8

IMPORTANT : The project is now being hosted at http://code.google.com/p/ciform Plug'n Auth is an API providing easy integration of different authentication mechanisms into web applications. Within a few steps web admins will be able to change both the authentication backend and the logon frontend at any time with no further effort

RADAR is a pluggable network monitoring platform that allows for reporting and searching at the application layer. Out of the box, RADAR lets you capture SMTP, AIM, YahooIM and YMail traffic. Find out more at: http://www.optaros.com/solutions_radar.html

THE STP CODE HAS MOVED TO GITHUB. THE CODE HERE IS STALE. PLEASE CHECKOUT THE FOLLOWING WEBSITE: http://stp.github.io/

The Secure Remote Log Monitor (SRLM) project provides client and server utilities that collect application or system log files from multiple systems over an untrusted network onto a central server for analysis and action.

The principal target of Segovia is to generate reports for a set of Security Testing tools. This reports show the different found vulnerabilities in a graphical way. Also they explain the most common reasons and the solution of these vulnerabilities.

WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste

deface-no-tnx is an anti-defacement system that monitors your Web files and notifies you about unallowed changes. It also replaces the defaced page with a standard "error" page,so that no offensive/joking content can be frauodolently added to your site