web-security

There are 408 repositories under web-security topic.

  • Mobile-Security-Framework-MobSF

    MobSF/Mobile-Security-Framework-MobSF

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

    Language:JavaScript16.5k5691.5k3.1k

  • Hacker0x01/hacker101

    Source code for Hacker101.com - a free online web and mobile security class.

    Language:SCSS13.6k697822.5k

  • nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

    A list of resources for those interested in getting started in bug bounties

    10.3k568261.9k

  • chaitin/SafeLine

    一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术,作为反向代理接入,保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.

    Language:C++10k60717591

  • infoslack/awesome-web-hacking

    A list of web application security

    5.5k243141.2k

  • vavkamil/awesome-bugbounty-tools

    A curated list of various bug bounty tools

    3.7k8514593
  • bunkerweb

    bunkerity/bunkerweb

    🛡️ Make your web services secure by default !

    Language:Python3.6k46394232
  • awesome-nodejs-security

    lirantal/awesome-nodejs-security

    Awesome Node.js Security resources

    2.6k6512233
  • DDoS-Ripper

    palahsu/DDoS-Ripper

    DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

    Language:Python2k4164471

  • 0xSobky/HackVault

    A container repository for my public web hacks!

    Language:JavaScript1.9k841265

  • lunasec-io/lunasec

    LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

    Language:TypeScript1.4k30290162

  • WangYihang/GitHacker

    🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

    Language:Python1.3k1425227

  • Ge0rg3/requests-ip-rotator

    A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

    Language:Python1.2k1758130

  • qi4L/JYso

    It can be either a JNDIExploit or a ysoserial.

    Language:Java1.2k6339156

  • 4ra1n/super-xray

    Web漏洞扫描工具XRAY的GUI启动器

    Language:Java1.2k16158139

  • devanshbatham/FavFreak

    Making Favicon.ico based Recon Great again !

    Language:Python1.1k206163
  • cherrybomb

    blst-security/cherrybomb

    Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

    Language:Rust1.1k126377

  • chenjj/CORScanner

    🎯 Fast CORS misconfiguration vulnerabilities scanner

    Language:Python9892117176

  • pushsecurity/saas-attacks

    Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

    902153158

  • Zeyad-Azima/Offensive-Resources

    A Huge Learning Resources with Labs For Offensive Security Players

    847311195

  • backdoorhub/shell-backdoor-list

    🎯 PHP / ASP - Shell Backdoor List 🎯

    Language:PHP669325548

  • Lookyloo/lookyloo

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

    Language:Python6611918781

  • incredibleindishell/SSRF_Vulnerable_Lab

    This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

    Language:PHP659195175

  • turbo/openftp4

    A list of all FTP servers in IPv4 that allow anonymous logins.

    65049097

  • madneal/articles-translator

    :books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.

    62159867

  • 4ra1n/mysql-fake-server

    MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)

    Language:Java6147666

  • tempesta-tech/tempesta

    All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks

    Language:C607491.1k103

  • trailofbits/twa

    A tiny web auditor with strong opinions.

    Language:Shell57984653

  • Harmoc/CTFTools

    Personal CTF Toolkit

    5611712138
  • Raven-Storm

    Tmpertor/Raven-Storm

    Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

    Language:Python545229157

  • hueristiq/xurlfind3r

    A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

    Language:Go53292063

  • Cryin/JavaID

    java source code static code analysis and danger function identify prog

    Language:Python518102116

  • 0x4D31/burpa

    Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

    Language:Python481335118

  • splitline/How-to-Hack-Websites

    開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

    Language:PHP4746247

  • enkomio/Taipan

    Web application vulnerability scanner

    4562511103
  • pyhtools

    dmdhrumilmistry/pyhtools

    A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

    Language:Python43372079