websec
There are 41 repositories under websec topic.
Nekmo/dirhunt
Find web directories without bruteforce
devploit/nomore403
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
deibit/cansina
Web Content Discovery Tool
security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
l4wio/CTF-challenges-by-me
Pwnable|Web Security|Cryptography CTF-style challenges
devploit/XORpass
Encoder to bypass WAF filters using XOR operations.
devploit/debugHunter
Discover hidden debugging parameters and uncover web application secrets
payloadbox/csv-injection-payloads
🎯 CSV Injection Payloads
VainlyStrain/Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
payloadbox/directory-payload-list
🎯 Directory Payload List
security-prince/Resources-for-Application-Security
Some good resources for getting started with application security
doyensec/CSPTPlayground
CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
tyki6/MyJWT
A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
devploit/put2win
Script to automate PUT HTTP method exploitation to get shell
gbiagomba/Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
rastating/xss-chef
A web application for generating custom XSS payloads
veliovgroup/ostrio
▲ SEO Middleware • Web Analytics • Web CRON • WebSec • HTTP & SNMP Monitoring • ostr.io is a unified web-services platform
rahulrajpl/netizenship
a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
SecuringTheStack/tutorials
Additional Resources For Securing The Stack Tutorials
ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
umair9747/4oFour
A tech enumeration toolkit focused on 404 Not found pages.
Crypto-Cat/ctf-writeups
Repository for my GitBook (CTF writeups)
ducdatdau/Writeups
writeups/solvers for CTF challenges
foospidy/sigsci-power-rules
Rule packs for Signal Sciences power rules platform.
t0nyc23/condi
Content Discovery/Directory Brute-forcing using Python3
vin-hacks/ClaraClassroom
The Clara S. Traversal's classroom is an intermediate level web security challenge (black box) where you will have to exploit both client-side and server-side vulnerability in order to change a student gard. Can you hack the class and get in? Access teacher only features? Do even more than the teacher can? Good luck!
alessiovierti/blindpie
Automatically exploit time-based blind SQL injection vulnerabilities
VulnCode1337/VulnCode
VulnCode: Secure Code Review Training -- This application allows the user to practice identifying vulnerabilities within codeblocks. Each codeblock was engineered to contain a single vulnerability. There are three difficulty levels. Each exercise contains a detailed explanation which becomes available after a correct answer or three wrong answers.
Drayko/Web-Elements-List
Lists of elements that compose HTML and SVG structure to fuzz in security testing checks
Az3z3l/Az3z3l.github.io
The B.L.O.G experiment
Az3z3l/webXtools
A collection of often-used scripts and tools
DarkPurple141/xss-test
A utility to test the success of xss payloads on a target website. Use responsibly.
dkasak/relative-urls
Extract endpoints from stdin or files.
Kaiser784/Web-sec-challenges
A collection of small web-security challenges
rarecoil/overthewire
Writeups for Over The Wire wargames, for total security noobs.
cybersecurityhq/cybersecurityhq.github.io
Yet another security blog