web-security
There are 479 repositories under web-security topic.
PayloadsAllThePDFs
PDF Files for Pentesting
Taipan
Web application vulnerability scanner
koko-moni
一个基于网络空间搜索引擎的攻击面管理平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗
firefly
Black box fuzzer for web applications
awesome-ocap
Awesome Object Capabilities and Capability Security
frontend-interview-preparation-kit
This repo contains a complete guidance for Frontend Interview Preparation.
jwt-pwn
Security Testing Scripts for JWT
Log-killer
Clear all your logs in [linux/windows] servers 🛡️
FDsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
jiff
JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
web-security-fundamentals
Mike North's Web Security Course
fallparams
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Reverse-Shell-Manager
:hammer: A multiple reverse shell session/client manager via terminal
bbrecon
Python library and CLI for the Bug Bounty Recon API
cs253.stanford.edu
CS 253 Web Security course at Stanford University
WebAppPentestRoadmap
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
lighthouse-security
Runs the default Google Lighthouse tests with additional security tests
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
domxssscanner
DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
explo
Human and machine readable web vulnerability testing format
WAF-A-MoLE
A guided mutation-based fuzzer for ML-based Web Application Firewalls
web-hacking-toolkit
A web hacking toolkit (docker image).
sec-pentesting-toolkit
👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.
breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
SecAutoBan
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
SecReport
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
directory-payload-list
🎯 Directory Payload List
poc-runner
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
c4
Open IP cameras in IPv4
roadmaps
Curriculum for full-stack learning path on codedamn. Become a full-stack web developer with relevant technologies of 2022
shuriken
Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
pphack
The Most Advanced Client-Side Prototype Pollution Scanner
DirBuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
purpleteam
CLI component of OWASP PurpleTeam