Node.js Goof is a vulnerable Node.js demonstration application designed for security testing and educational purposes. The application contains multiple types of security vulnerabilities including exploitable packages with known vulnerabilities, Docker image scanning capabilities for base images with vulnerable system libraries, and runtime alerts for detecting invocation of vulnerable functions in open source dependencies. The application includes various code-level vulnerabilities such as: - Open Redirect vulnerabilities - NoSQL Injection attacks - Code Injection flaws - Cross-site Scripting (XSS) vulnerabilities - Information exposure through hardcoded values - Security misconfigurations that expose server information - Insecure HTTP protocol communication - Local File Inclusion and Path Traversal vulnerabilities - Regular expression denial of service vulnerabilities The tool requires MongoDB version 3 for proper functionality and can be deployed on various platforms including Heroku and CloudFoundry with appropriate MongoDB service attachments. It provides step-by-step demonstrations of each vulnerability type and includes cleanup functionality for managing test data.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A brute-force protection middleware for express routes that rate-limits incoming requests.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.