websec
There are 39 repositories under websec topic.
Nekmo/dirhunt
Find web directories without bruteforce
devploit/nomore403
Tool to bypass 403/40X response codes.
deibit/cansina
Web Content Discovery Tool
security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
l4wio/CTF-challenges-by-me
Pwnable|Web Security|Cryptography CTF-style challenges
root4loot/rescope
A scope generation tool for Burp Suite & ZAP
devploit/XORpass
Encoder to bypass WAF filters using XOR operations.
devploit/debugHunter
Discover hidden debugging parameters and uncover web application secrets
VainlyStrain/Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
payloadbox/csv-injection-payloads
🎯 CSV Injection Payloads
payloadbox/directory-payload-list
🎯 Directory Payload List
security-prince/Resources-for-Application-Security
Some good resources for getting started with application security
devploit/put2win
Script to automate PUT HTTP method exploitation to get shell
tyki6/MyJWT
A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
gbiagomba/Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
rastating/xss-chef
A web application for generating custom XSS payloads
veliovgroup/ostrio
▲ Web services for JavaScript, Angular.js, React.js, Vue.js, Meteor.js, Node.js, and other JavaScript-based websites, web apps, single page applications (SPA), and progressive web applications (PWA). Our services: Pre-rendering, Monitoring, Web Analytics, WebSec, and Web-CRON
rahulrajpl/netizenship
a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
SecuringTheStack/tutorials
Additional Resources For Securing The Stack Tutorials
ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
ducdatdau/Writeups
writeups/solvers for CTF challenges
foospidy/sigsci-power-rules
Rule packs for Signal Sciences power rules platform.
t0nyc23/condi
Content Discovery/Directory Brute-forcing using Python3
VulnCode1337/VulnCode
VulnCode: Secure Code Review Training -- This application allows the user to practice identifying vulnerabilities within codeblocks. Each codeblock was engineered to contain a single vulnerability. There are three difficulty levels. Each exercise contains a detailed explanation which becomes available after a correct answer or three wrong answers.
alessiovierti/blindpie
Automatically exploit time-based blind SQL injection vulnerabilities
Drayko/Web-Elements-List
Lists of elements that compose HTML and SVG structure to fuzz in security testing checks
Az3z3l/Az3z3l.github.io
The B.L.O.G experiment
Az3z3l/webXtools
A collection of often-used scripts and tools
DarkPurple141/xss-test
A utility to test the success of xss payloads on a target website. Use responsibly.
dkasak/relative-urls
Extract endpoints from stdin or files.
h4fan/SecurityBlog
安全博客,web sec | bug bounty | web安全 | 网络安全
Kaiser784/Web-sec-challenges
A collection of small web-security challenges
rarecoil/overthewire
Writeups for Over The Wire wargames, for total security noobs.
Jflye/netsec
Some netsec workflow notes
kraloveckey/add-on
🤖 Telegram Bot written on Python for basic web-app analysis.
cybersecurityhq/cybersecurityhq.github.io
Yet another security blog