web-security
There are 815 repositories under web-security topic.
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
chaitin/SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Hacker0x01/hacker101
Source code for Hacker101.com - a free online web and mobile security class.
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
bunkerity/bunkerweb
🛡️ Open-source and next-generation Web Application Firewall (WAF)
infoslack/awesome-web-hacking
A list of web application security
vavkamil/awesome-bugbounty-tools
A curated list of various bug bounty tools
lirantal/awesome-nodejs-security
Awesome Node.js Security resources
palahsu/DDoS-Ripper
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
0xSobky/HackVault
A container repository for my public web hacks!
qi4L/JYso
JNDIExploit or a ysoserial.
Ge0rg3/requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
WangYihang/GitHacker
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
pushsecurity/saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
4ra1n/super-xray
Web漏洞扫描工具XRAY的GUI启动器
devanshbatham/FavFreak
Making Favicon.ico based Recon Great again !
blst-security/cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
chenjj/CORScanner
🎯 Fast CORS misconfiguration vulnerabilities scanner
Zeyad-Azima/Offensive-Resources
A Huge Learning Resources with Labs For Offensive Security Players
TypeError/secure
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
ghoshsuman845/frontend-interview-preparation-kit
This repo contains a complete guidance for Frontend Interview Preparation.
4ra1n/mysql-fake-server
纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用
backdoorhub/shell-backdoor-list
🎯 PHP / ASP - Shell Backdoor List 🎯
incredibleindishell/SSRF_Vulnerable_Lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Lookyloo/lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Tmpertor/Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
tempesta-tech/tempesta
Web application acceleration, advanced DDoS protection and web security
luigigubello/PayloadsAllThePDFs
PDF Files for Pentesting
turbo/openftp4
A list of all FTP servers in IPv4 that allow anonymous logins.
fabriziosalmi/caddy-waf
Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
hueristiq/xurlfind3r
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
madneal/articles-translator
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Harmoc/CTFTools
Personal CTF Toolkit
aaPanel/aaWAF
堡塔云WAF,宝塔免费(free)的私有云网站应用防火墙(firewall),基于docker/nginx/lua开发
dmdhrumilmistry/pyhtools
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.