web-application-security

There are 20 repositories under web-application-security topic.

• codingo / NoSQLMap

  Automated NoSQL database enumeration and web application exploitation tool.

  nosqlnosql-databasespenetration-testingscannersecurity-auditsecurity-toolssecurity-toolsetoffensive-securityenumerationdatabasesmongodbcouchdbweb-application-securitybugbountyredismongodb-databasesql-injectionhackinghacking-toolhacktoberfest
  Language:Python 2759

• owtf / owtf

  Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

  securityowaspowtfpythonpentestkali-linuxframeworkweb-application-security
  Language:Python 1764

• 0xInfection / TIDoS-Framework

  The Offensive Manual Web Application Penetration Testing Framework.

  web-penetration-testingreconnaissancevulnerability-analysisscanning-enumerationweb-fuzzerosintvulnerability-detectionfootprintingintelligence-gatheringexploitationweb-application-securitytidos-frameworkenumeration
  Language:Python 1732

• wallarm / gotestwaf

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  owaspapi-securitysecuritybugbountysecurity-toolswafweb-application-securityweb-application-firewallsecurity-testinggraphql-securitygrpc-securityrest-security
  Language:Go 1409

• codingo / VHostScan

  A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

  security-auditpenetration-testingpenetration-testvirtual-hostsweb-application-securitydiscovery-servicehackinghacking-toolvirtual-hostvhostvhostssecurity-toolssecurityhacktheboxoscpctf-toolsoffensive-securitybugbountyreverse-lookupsscanner
  Language:Python 1159

• Janusec / janusec

  JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

  wafweb-application-firewallapplication-gatewayload-balancegatewayapplication-securitygolangsecurityweb-application-securitysql-injectionjanusec-application-gatewayweb-sshjanusecport-forwardingacmek8s-ingress-controllercookie-bannergslbcookie-compliance
  Language:Go 1105

• payloadbox / xxe-injection-payload-list

  🎯 XML External Entity (XXE) Injection Payload List

  xxexxe-injectionxxe-payloadsxxe-examplexmlwebsecuritywebsecurity-referenceinfosecbugbountybug-bountyweb-application-securitycybersecuritycyber-securityinformation-securityxml-entitypayloadxxe-payloadxxe-payload-listpayloadshacking
  1019
• api-firewall

  wallarm / api-firewall

  Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

  proxyfirewallwafapi-gatewayapigatewayapi-wrappersecurity-toolssecurityapi-securityapiapi-firewallopenapi-specificationopenapiswaggeropenapi-securityrest-securityapi-wafweb-application-securityweb-application-firewallopenapi-spec
  Language:Go 533

• payloadbox / rfi-lfi-payload-list

  🎯 RFI/LFI Payload List

  rfilfirfi-exploitonlfi-exploitationlfi-vulnerabilityrfi-vulnerabillitywebsecurityappsecapplication-securityweb-application-securitypayloadpayloadspayload-listbugbountybug-bountysecuritysecurity-researchsecurity-researchersecurity-researchersweb-hacking
  504

• Anon-Exploiter / SiteBroker

  A cross-platform python based utility for information gathering and penetration testing automation!

  pythonpenetration-testingweb-application-securitycross-platform-pythonpenetration-automationinformation-gatheringdocker-imagewapt
  Language:Python 415

• gildasio / h2t

  h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

  securityweb-application-securitydefensehardeninghttpheaders
  Language:Python 386

• mhmdiaa / second-order

  Second-order subdomain takeover scanner

  securitysecurity-toolswordlistwordlist-generatorpenetration-testingpentestinginfosecreconreconnaissancemappingweb-application-securitypenetration-testing-toolscrawlercrawling
  Language:Go 359

• security-checklist / php-security-check-list

  PHP Security Check List [ EN ] 🌋 ☣️

  phpphp-libraryphp-frameworksecuritysecurity-auditchecklistsecurity-checklistphp-securityphp-security-checkerwebapplicationweb-application-securitybugbountysecurity-researchsecurity-researcherweb-applicationweb-application-frameworksecurity-testing
  292

• PalindromeLabs / STEWS

  A Security Tool for Enumerating WebSockets

  securitywebsocketwebsocketspenetration-testingweb-application-securitypenetration-testing-toolswebsocket-securitywebsockets-security
  Language:Python 291
• cut-cdn

  ImAyrix / cut-cdn

  ✂️ Removing CDN IPs from the list of IP addresses

  bugbountybugbounty-toolcdngolangpenetration-testingpentestreconreconnaissanceweb-applicationweb-application-security
  Language:Go 261

• cyb3rzest / Burp-Suite-Pro

  A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

  burpsuitepenetration-testingburpsuite-crackedburpsuite-proburploaderhacking-toolsjavakali-linuxkali-scriptskali-toolspentest-scriptspentest-toolpentestingpentesting-toolssecurity-toolsweb-applicationweb-application-security
  Language:PowerShell 255

• PalindromeLabs / awesome-websocket-security

  Awesome information for WebSockets security research

  securitywebsocketwebsocketssecurity-toolswebsocket-securitywebsockets-securityweb-application-security
  237
• go-agent

  sqreen / go-agent

  Sqreen's Application Security Management for the Go language

  securitygolangweb-application-securitymicroservices-securitysqreenowaspraspwafsecurity-agentscansagentprotectionattacksinstrumentation
  Language:Go 202

• codingo / crithit

  Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

  bugbountyenumerationhackinghacking-toolinfosecoffensive-securitypenetration-testingpentest-toolspentestingsecuritysecurity-auditsecurity-toolssecurity-vulnerabilityweb-application-security
  Language:Makefile 201

• tprynn / web-methodology

  Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

  websecurityweb-applicationweb-application-securityapplication-securityappsecsecurity-testingdocumentation
  200

• migueltc13 / TryHackMe

  Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.

  cryptographyctf-challengesinjection-attackslinux-privilege-escalationpenetration-testingweb-application-securitymetasploit-and-exploitationnetwork-scanning-and-enumerationowasp-top-10-vulnerabilitiespassword-cracking-and-hash-crackingosinttryhackmetryhackme-writeupsctfctf-toolsexploitationhackingcollaboratelearn
  Language:Shell 189

• Mehdi0x90 / Web_Hacking

  Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

  api-pentestbugbountyhackingpayloadspenetration-testingreconweb-application-securitywebhackingwebsecuritybypasscheatsheetpentestsecurityvulnerabilityexploitapi-securitybug-bounty-huntersowaspenumerationredteam
  186

• ImAyrix / fallparams

  Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

  bug-bounty-huntersbugbountypenetration-testingpentestssrfweb-application-securityweb-securitywordlistwordlist-generatorxss
  Language:Go 150

• mhmdiaa / chronos

  Extract pieces of info from a web page's Wayback Machine history

  securityreconreconnaissancewayback-machinewordlistwordlistswordlist-generatormappingweb-application-securitypentestingpenetration-testingpenetration-testing-toolsinfosecsecurity-tools
  Language:Go 127
• SuperLibrary

  MrM8BRH / SuperLibrary

  Information Security Library

  cybersecurityinfosecnetwork-securityreverse-engineeringmalware-analysisdigital-forensicsweb-application-securityoffensive-securityec-councilsansisc2comptiabookshackingkali-linuxpentestingbugbountysuperlibrarysecuritycourses
  107
• WebSecProbe

  spyboy-productions / WebSecProbe

  Bypass 403

  bypass-403header-injectionhistorical-analysisthreat-detectionurl-manipulationvulnerability-assessmentweb-application-securityhttp-request-analysispayload-variationssecurity-assessment-toolwayback-machine-integrationweb-security-auditweb-vulnerability-detectionaccess-403
  Language:Jupyter Notebook 102

• VainlyStrain / Vaile

  Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

  vulnerability-analysisreconnaissanceweb-application-securityscannerosintenumerationexploitation-frameworkpentestingpentest-toolpython3exploitationscanningwebappsectidos-frameworkvulnerability-scannerspenetration-testing-frameworkweb-pentestinformation-disclosure
  Language:Python 65

• oshp / headers

  An application to catch, search and analyze HTTP secure headers.

  owaspsecuritypythondefenseweb-application-security
  Language:Python 62
• lazyGrandma

  AhmedConstant / lazyGrandma

  a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

  sellbashinformation-gatheringreconnaissancebug-huntingsubdomain-enumerationgoogle-dorksgithub-dorkshttp-headersweb-application-securityweb-application-security-scanner
  Language:Shell 61

• vatsalgupta67 / All-In-One-CyberSecurity-Resources

  List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

  cybersecuritycollectionsicsinfoseclearningpenetration-testingredteamingresourcesscadaweb-application-securityawesomeawesome-listbinary-exploitationexploit-developmenthackingprerequisites
  52

• 0xM5awy / WebApplicationSecurityWithPHP

  This project is a personal learning, so you will find errors or disorganization, so if you find anything wrong, please let me know :)

  phpweb-application-securityweb-securitywebapplicationweb-application-security-with-phpphp-security
  Language:PHP 47
• xforwardy

  roottusk / xforwardy

  Host Header Injection Scanner

  bug-bountyhackinghacktoberfesthacktoberfest2020host-header-injectionhost-header-manipulationsecurity-toolsvulnerability-scannerweb-application-security
  Language:Python 45

• kljunowsky / CVE-2023-36845

  Juniper Firewalls CVE-2023-36845 - RCE

  bug-bounty-huntingbugbountybugbountytipsbugbountytrickscve-2023-36845cybersecurityhackingpocproof-of-conceptrceremote-code-executionremote-command-executionsecurityweb-application-securityjuniperjuniper-networksjuniper-srxjuniper-firewall
  Language:Python 43

• vs4vijay / MultiScanner

  Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan result.

  security-toolssecurity-auditsecurity-scannersecurity-vulnerabilitysecurity-testingopenvasopenvas-cliopenvas-reportsnexposecliapplication-securityweb-application-securityzapowaspowasp-zapowasp-top
  Language:Python 42

• kitabisa / teler-proxy

  🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷

  firewallintrusion-detectionintrusion-preventionproxy-serverreverse-proxysecure-by-defaulttelerteler-waftunnel-serverwafweb-application-firewallweb-application-securityteler-proxy
  Language:Go 37

• bkimminich / webappsec-nutshell

  An ultra-compact intro (or refresher) to Web Application Security.

  owaspapplication-securityweb-application-securitysecuritysecurity-awarenesstraining-materials
  Language:JavaScript 31