web-application-security

There are 154 repositories under web-application-security topic.

codingo/NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
Language:Python3.2k 107 81607
owtf/owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Language:Python1.9k 125 708477
0xInfection/TIDoS-Framework
The Offensive Manual Web Application Penetration Testing Framework.
Language:Python1.8k 125 110394
wallarm/gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Language:Go1.7k 42 81242
codingo/VHostScan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Language:Python1.3k 38 54237
payloadbox/xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
1.2k 23 1325
Janusec/janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
Language:Go1.2k 39 50267
Mehdi0x90/Web_Hacking
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
660 10 0122
wallarm/api-firewall
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
Language:Go630 24 2962
payloadbox/rfi-lfi-payload-list
🎯 RFI/LFI Payload List
614 17 1207
ZishanAdThandar/pentest
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Language:PHP537 12 085
DoS0x99/cyber-security-books
A collection of FREE cyber security books
524 11 5148
vatsalgupta67/All-In-One-CyberSecurity-Resources
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
487 5 062
Anon-Exploiter/SiteBroker
A cross-platform python based utility for information gathering and penetration testing automation!
Language:Python424 21 17102
gildasio/h2t
h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply
Language:Python408 9 536
mhmdiaa/second-order
Second-order subdomain takeover scanner
Language:Go408 7 967
ImAyrix/fallparams
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Language:Go371 3 747
PalindromeLabs/STEWS
A Security Tool for Enumerating WebSockets
Language:Python361 7 243
ImAyrix/cut-cdn
✂️ Removing CDN IPs from the list of IP addresses
Language:Go338 2 552
migueltc13/TryHackMe
Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.
Language:Shell322 7 2159
security-checklist/php-security-check-list
PHP Security Check List [ EN ] 🌋 ☣️
298 15 156
PalindromeLabs/awesome-websocket-security
Awesome information for WebSockets security research
275 12 028
codingo/crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Language:Makefile214 16 444
sqreen/go-agent
Sqreen's Application Security Management for the Go language
Language:Go210 12 731
mhmdiaa/chronos
Wayback Machine OSINT Framework
Language:Go207 1 336
tprynn/web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
204 7 034
spyboy-productions/WebSecProbe
Bypass 403
Language:Jupyter Notebook165 3 024
MrM8BRH/SuperLibrary
Information Security Library
127 8 230
CyberAlbSecOP/Awesome_CyberSec_Bible
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hacking, Social Engineering, Privacy, Incident Response, Threat Assestment, Personal Security, Ai Security, Android Security, Iot Security, Standards.
119 1 121
VainlyStrain/Vaile
Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
Language:Python66 4 1014
oshp/headers
An application to catch, search and analyze HTTP secure headers.
Language:Python65 2 119
AhmedConstant/lazyGrandma
a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves
Language:Shell64 3 417
kljunowsky/CVE-2023-36845
Juniper Firewalls CVE-2023-36845 - RCE
Language:Python52 2 114
teler-sh/teler-proxy
🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷
Language:Go51 5 29
timokoessler/easy-waf
An easy-to-use Web Application Firewall (WAF) for Node.js. Can be used with Express, Fastify, NextJS, NuxtJS ... or plain Node.js http.
Language:TypeScript47 2 14
roottusk/xforwardy
Host Header Injection Scanner
Language:Python44 3 214

web-application-security

codingo/NoSQLMap

owtf/owtf

0xInfection/TIDoS-Framework

wallarm/gotestwaf

codingo/VHostScan

payloadbox/xxe-injection-payload-list

Janusec/janusec

Mehdi0x90/Web_Hacking

wallarm/api-firewall

payloadbox/rfi-lfi-payload-list

ZishanAdThandar/pentest

DoS0x99/cyber-security-books

vatsalgupta67/All-In-One-CyberSecurity-Resources

Anon-Exploiter/SiteBroker

gildasio/h2t

mhmdiaa/second-order

ImAyrix/fallparams

PalindromeLabs/STEWS

ImAyrix/cut-cdn

migueltc13/TryHackMe

security-checklist/php-security-check-list

PalindromeLabs/awesome-websocket-security

codingo/crithit

sqreen/go-agent

mhmdiaa/chronos

tprynn/web-methodology

spyboy-productions/WebSecProbe

MrM8BRH/SuperLibrary

CyberAlbSecOP/Awesome_CyberSec_Bible

VainlyStrain/Vaile

oshp/headers

AhmedConstant/lazyGrandma

kljunowsky/CVE-2023-36845

teler-sh/teler-proxy

timokoessler/easy-waf

roottusk/xforwardy