webpentest

There are 36 repositories under webpentest topic.

  • FinalRecon

    thewhiteh4t/FinalRecon

    All In One Web Recon

    Language:Python2.5k5552466

  • olizimmermann/s3dns

    Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern

    Language:Python11114

  • AngixBlack/Corscan

    Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts

    Language:Python662016
  • PathFinder

    HalilDeniz/PathFinder

    Web Path Finder

    Language:Python60208

  • J4FSec/HaccTheHub

    Open source self-hosted cyber security learning platform

    Language:TypeScript53015

  • mamgad/DVBLab

    This course uses a deliberately vulnerable banking application to demonstrate common security vulnerabilities, their impact, and how to fix them. The application is built with Flask (backend) and React (frontend).

    Language:JavaScript52314

  • txuswashere/pentesting

    CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...

    28103

  • cyberstruggle/whitepass

    Whitepass Bypass Whitelist/Ratelimit Implementations in Web Applications/APIs

    Language:Python26202

  • Anof-cyber/pentest-recon

    Web application pentesting recon

    Language:Shell23306

  • MedhatHassan/CyberTalents

    The CyberTalents repository is a collection of solutions and write-ups for challenges sourced from the CyberTalents platform. Organized topic, this repository serves as a resource for cybersecurity enthusiasts seeking to enhance their skills and understanding of security concepts.

    Language:Python18103

  • defensahacker/viewstate-decoder

    Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests

    Language:Python13105

  • InfoSecWarrior/Subdomain-Takeovers

    This repository discusses the subdomain takeover vulnerability and lists of services which are vulnerable to it. It also provides information, methodology and resources to perform subdomain takeover attacks.

    Language:HTML13009

  • TorhamDev/Death-engine

    A powerful recon tool

    Language:Python11122
  • knockknock

    krishealty/knockknock

    A Simple Tool to gather information from any website, domain, sub-domain, DNS, links by enumeration with simple commands.

    Language:Go7101

  • Serhatcck/hidden_fuzzer

    Hidden Fuzzer is a URL fuzzing tool designed to uncover hidden paths and resources on web applications. It features multithreading, customizable HTTP headers, and request parameters for optimized performance.

    Language:Go7101

  • Fadavvi/BurpPro-FastCrawler

    The simplest way to integrate your subdomain enum outputs with Burp Pro (Fast Crawler)

    Language:Python6104

  • xpl0ited1/postMessageFinderBurpSuite

    This extension allows you to detect implementations of postMessage function, addEventListener("message",function) event handler and onMessage function.

    Language:Python5100

  • austinsonger/sitemapsandrobotsaroundtheweb

    Sitemaps and Robots.txt for websites around the world.

    410

  • m3z0diac/spaceBox

    a simple vulnerable web applications, gain access then capture the flag.

    Language:PHP410

  • reflx-dot/API-Pentesting-Tools

    API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

    4

  • sanogotech/Vulnerable-Flask-App

    Erlik 2 - Vulnerable-Flask-App

    Language:Python4102

  • defensahacker/URLSUCKER

    Sucks all embedded URLs from a given URI or file. Ideal to parse URLs from CSS or JavaScript (such as API calls, webservices, ;)

    Language:Perl3000

  • AngixBlack/gitools

    shell script that automates the installation of essential bug bounty and web pentesting tools. It supports Linux and macOS

    Language:Shell2102

  • hansengianto/webpentestingtool

    My Private Website Pentesting Tool

    2100

  • HarshilPatel007/webappsec

    web application penetration testing and security notes.

    Language:Python2100

  • mentesan/webtaz

    Web pentest kickstarter

    Language:Shell2100
  • portswigger-academy

    onyxwizard/portswigger-academy

    🎓 Roadmap to conquer PortSwigger Web Security Academy labs — SQLi, XSS, CSRF & more 🛡️🕵️‍♂️

    22

  • amitlttwo/endpointxplorer

    A powerful Go-based tool to discover hidden endpoints, parameters, and URLs using GAU, Waybackurls, JS file analysis, and OSINT techniques.

    Language:Go1

  • LulzFather/WebPentest-Framework

    WebPentest Framework is made for hackers and penetration tester

    1000

  • raylan-oliveira/jsonAnalytic

    jsonAnalytic - List all keys & all values in json

    Language:Python1100

  • SaranCoder0/Web-Pentest-Notebook

    A collaborative repository for web pentesting notes and tool commands. Contribute your knowledge to build a comprehensive resource for Web pentester, Bug bounty hunter, Ethical hacker and security professionals.

    Language:Python1110

  • xnoncywer/adminfinder

    Admin Finder Tool is a Python-based tool designed to help security professionals, penetration testers, and website administrators identify potentially sensitive admin areas on a website. The tool works by testing a list of common admin URL paths and checking if any of these return a 200 HTTP status code, indicating that they exist.

    Language:Python0100

  • giriaryan694-a11y/ARY-PEN-AI

    ARY-PEN-AI is an advanced web vulnerability scanning tool powered by Google Gemini AI.

    Language:Python

  • mo3giiza/PHP4Sec-Notes

    Notes and practical projects for learning PHP while my learning journey.

    Language:PHP10

  • shingareom/PentestingTools

    This repository contains a collection of tools designed for automating penetration testing, while also being valuable for manual testing. Leveraging these tools can enhance both the efficiency and effectiveness of your security assessments.

    101

  • stashEmal/cli-hackbox

    🔧 A simple but powerful CLI-based toolkit for basic reconnaissance — includes subdomain discovery, header scanning, port scanning, etc.

    Language:Python10