web-application-security

There are 185 repositories under web-application-security topic.

  • codingo/NoSQLMap

    Automated NoSQL database enumeration and web application exploitation tool.

    Language:Python3.2k10682613

  • owtf/owtf

    Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

    Language:Python1.9k121712479

  • 0xInfection/TIDoS-Framework

    The Offensive Manual Web Application Penetration Testing Framework.

    Language:Python1.8k124110393

  • wallarm/gotestwaf

    An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

    Language:Go1.7k4182245

  • payloadbox/xxe-injection-payload-list

    🎯 XML External Entity (XXE) Injection Payload List

    1.3k221328

  • codingo/VHostScan

    A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

    Language:Python1.3k3754238

  • Janusec/janusec

    JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

    Language:Go1.2k3850267

  • Mehdi0x90/Web_Hacking

    Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

    694100129
  • api-firewall

    wallarm/api-firewall

    Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

    Language:Go640222962

  • payloadbox/rfi-lfi-payload-list

    🎯 RFI/LFI Payload List

    628171209
  • pentest

    ZishanAdThandar/pentest

    Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

    Language:PHP55912086

  • DoS0x99/cyber-security-books

    A collection of FREE cyber security books

    557115150

  • vatsalgupta67/All-In-One-CyberSecurity-Resources

    List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

    5035063

  • Anon-Exploiter/SiteBroker

    A cross-platform python based utility for information gathering and penetration testing automation!

    Language:Python4272117102

  • gildasio/h2t

    h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

    Language:Python4118536

  • mhmdiaa/second-order

    Second-order subdomain takeover scanner

    Language:Go4067967

  • ImAyrix/fallparams

    Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

    Language:Go4013750

  • PalindromeLabs/STEWS

    A Security Tool for Enumerating WebSockets

    Language:Python3627243
  • cut-cdn

    ImAyrix/cut-cdn

    ✂️ Removing CDN IPs from the list of IP addresses

    Language:Go3412552

  • migueltc13/TryHackMe

    Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.

    Language:Shell33574156

  • security-checklist/php-security-check-list

    PHP Security Check List [ EN ] 🌋 ☣️

    29615156

  • PalindromeLabs/awesome-websocket-security

    Awesome information for WebSockets security research

    28412028

  • codingo/crithit

    Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

    Language:Makefile21516444

  • mhmdiaa/chronos

    Wayback Machine OSINT Framework

    Language:Go2151338

  • tprynn/web-methodology

    Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

    2127036
  • go-agent

    sqreen/go-agent

    Sqreen's Application Security Management for the Go language

    Language:Go21011731
  • WebSecProbe

    spyboy-productions/WebSecProbe

    Bypass 403

    Language:Jupyter Notebook1633025

  • CyberAlbSecOP/Awesome_CyberSec_Bible

    Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hacking, Social Engineering, Privacy, Incident Response, Threat Assestment, Personal Security, Ai Security, Android Security, Iot Security, Standards.

    1371124
  • SuperLibrary

    MrM8BRH/SuperLibrary

    A massive, curated collection of information security books, study guides, cheat sheets, and resources. This library is intended for educational purposes and to help those who cannot otherwise access this material.

    Language:Python1348235
  • lazyGrandma

    AhmedConstant/lazyGrandma

    a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

    Language:Shell663417

  • VainlyStrain/Vaile

    Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

    Language:Python6641014

  • oshp/headers

    An application to catch, search and analyze HTTP secure headers.

    Language:Python652119

  • MrPr0fessor/Google-Dorks-for-Cross-site-Scripting-XSS

    Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML content. Widespread due to input validation lapses.

    61204

  • kljunowsky/CVE-2023-36845

    Juniper Firewalls CVE-2023-36845 - RCE

    Language:Python532114

  • sagsooz/Webshell-bypass

    A collection of advanced PHP and ASPX web shells designed to bypass security measures.

    Language:PHP532122

  • teler-sh/teler-proxy

    🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷

    Language:Go51429