web-penetration-testing

There are 32 repositories under web-penetration-testing topic.

• FinalRecon

  thewhiteh4t / FinalRecon

  All In One Web Recon

  python3pentestingpentest-toolpentesting-toolswebpentestreconnaissanceweb-reconnaissanceweb-penetration-testingthewhiteh4tfinalreconssl-certificatedns-enumerationtraceroutewhoiscrawlerdirectory-searchjavascript-crawlerheaderssubdomain-enumerationport-scanning
  Language:Python 2041

• 0xInfection / TIDoS-Framework

  The Offensive Manual Web Application Penetration Testing Framework.

  web-penetration-testingreconnaissancevulnerability-analysisscanning-enumerationweb-fuzzerosintvulnerability-detectionfootprintingintelligence-gatheringexploitationweb-application-securitytidos-frameworkenumeration
  Language:Python 1733
• toxssin

  t3l3machus / toxssin

  An XSS exploitation command-line interface and payload generator.

  cross-site-scriptingexploitationjavascriptpenetration-testingpentesting-toolspythonweb-penetration-testingxss-exploitationxss-vulnerabilityhackingxss
  Language:Python 1138

• ivan-sincek / penetration-testing-cheat-sheet

  Work in progress...

  bug-bountyethical-hackingoffensive-securitypenetration-testingred-team-engagementsecuritywebweb-penetration-testing
  Language:PHP 571

• ivan-sincek / php-reverse-shell

  PHP shells that work on Linux OS, macOS, and Windows OS.

  phpreverse-tcpreverse-shellnetworkingethical-hackingsecurityoffensive-securitywindowslinuxmacososcpweb-shellred-team-engagementpenetration-testingwebweb-penetration-testingtcpbind-shellbind-tcp
  Language:PHP 421

• ivan-sincek / forbidden

  Bypass 4xx HTTP response status codes and more. Based on PycURL and Python Requests.

  ethical-hackingoffensive-securitypenetration-testingsecuritywebweb-penetration-testingbug-bounty401403brute-forcebypasscurlopen-redirectowasp-top-10pythonred-team-engagementfuzzingbroken-access-controlspycurlpython-requests
  Language:Python 214

• D4Vinci / Clickjacking-Tester

  A python script designed to check if the website if vulnerable of clickjacking and create a poc

  pocpython-scriptclickjackingweb-penetration-testingbugbug-bountybug-hunter
  Language:Python 126
• N-WEB

  Nabil-Official / N-WEB

  WEB PENETRATION TESTING TOOL 💥

  webwebappwebapplicationwebscannerscannerweb-toolweb-toolsweb-scanwordpresswordpress-useradmin-finderadmin-scannernmapweb-pentestweb-penetration-testing
  Language:Python 74

• t3l3machus / OWASP-Testing-Guide-Checklist

  OWASP based Web Application Security Testing Checklist

  owasppentestingweb-penetration-testingwebapp
  59

• pentagridsec / PentagridScanController

  Improve automated and semi-automated active scanning in Burp Pro

  burp-extensionsburp-pluginowaspweb-scannerpentesting-toolweb-penetration-testing
  Language:Kotlin 58

• ivan-sincek / java-reverse-tcp

  JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.

  securitynetworkingreverse-shelljava-8offensive-securityethical-hackingbind-shellreverse-tcpbind-tcpweb-shelllog4jred-team-engagementbug-bountypenetration-testingwebweb-penetration-testing
  Language:Java 53

• sil3ntH4ck3r / WebVulnLab

  Herramienta donde puedes practicar las vulnerabilidades web más conocidas

  hackinglaboratorypentestingphpwebhackingweb-penetration-testing
  Language:PHP 52

• shadforth / pentesterlab-bootcamp

  My notes on PentesterLab's Bootcamp series 🕵️

  bootcamphacktoberfestpenetration-testingpentesterlabpentesterlab-bootcampphppythonweb-penetration-testing
  Language:Python 42

• an4kein / _sql_injections

  Hello my friends, it is my repo about sql injections. Call me in Telegram: @anakein

  hackingblackhatinjectionsqlinjectionsqliawesome-sqliredteamreadteamingpentestpentestingwebweb-penetration-testingwebhackingoscposcp-preposcp-journeysql-injectionsextractextract-database
  41

• zAbuQasem / MyNotes

  My notes from courses,books ..etc

  penetration-testingnotesred-teamactive-directoryowasp-top-10web-penetration-testingcheatsheet
  39

• ivan-sincek / xss-catcher

  Simple API for storing all incoming XSS requests.

  phpapijavascriptcross-site-scriptingcross-site-request-forgeryethical-hackingsecurityoffensive-securityred-team-engagementbug-bountycorscross-origin-resource-sharingcsrfpenetration-testingwebweb-penetration-testingxssblind-xss
  Language:HTML 29
• white-dav

  WH1T3-E4GL3 / white-dav

  This is a website penetration testing tool for testing webdav server vulnerabilities.

  cadaverdavtestdefacedefacementhackingwebdavwebdav-cliwebdav-serverwebhackingwebsite-hackingwhite-defacepenetration-testingpentestingweb-penetration-testingweb-pentestingpentesting-tools
  Language:Python 20

• ivan-sincek / chad

  Search Google Dorks like Chad. / Social media takeover tool.

  bug-bountychromiumethical-hackinggoogle-dorkingoffensive-securitypenetration-testingplaywrightpythonred-team-engagementscrapesecuritysocial-mediathreat-huntingthreat-intelligencewebweb-penetration-testingextractgoogle-dorkssearch-enginesocial-media-takeover
  Language:Python 19

• MrPr0fessor / Google-Dorks-for-Cross-site-Scripting-XSS

  Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML content. Widespread due to input validation lapses.

  cross-site-scriptingcybercyber-securityethical-hacking-toolsgoogle-dorkspenetration-testing-toolsvulnerability-assessmentvulnerability-detectionvulnerability-scannersweb-application-securityweb-penetration-testingxssxss-payloadxss-payloadsxss-vulnerabilityfind-xss
  17

• fxrhan / Web-Recon-Automation

  A bash script to automate the necessary Reconnaissance task for websites.

  reconnaissanceweb-penetration-testingbashbash-scriptbug-bountybug-bounty-automation
  Language:Shell 15

• Malwareman007 / Hacking_Tools

  All Type Of Tools written in multipule language .

  ftphackinghacking-toolsmalwarenetwork-analysisransomwarescannervirusweb-penetration-testingwormshacking-toolowasp-top-10penetration-testing
  Language:Python 15

• ivan-sincek / metagoofeel

  Web crawler and downloader based on GNU Wget.

  bashweb-crawlerdownloadergnu-wgetethical-hackingsecurityoffensive-securitybug-bountyred-team-engagementwebweb-penetration-testing
  Language:Shell 13

• thenurhabib / maincoon

  MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

  pythonreconinformation-gatheringosinttoolhackingpentestinglinuxweb-penetration-testingsecurity
  Language:Python 11

• fxrhan / all-XSS-Payloads

  This is a list contains 7000+ Cross Site Scripting Payloads.

  cross-site-scriptingxssxss-vulnerabilityweb-penetration-testingpayloadhacking-tools
  10

• ivan-sincek / jwt-bf

  Brute force a JWT token. Script uses multithreading.

  pythonsecurityoffensive-securityethical-hackingjwtcrackingdictionary-attackbug-bountypenetration-testingred-team-engagementwebweb-penetration-testingbrute-force
  Language:Python 10

• pentagridsec / PentagridResponseOverview

  Response Overview Extension for BurpSuite

  burp-extensionsburp-pluginowasppentesting-toolweb-penetration-testing
  Language:Kotlin 10

• meuzgebre / linux-cheatsheet

  This checklist provides a comprehensive guide for conducting a website pentest.

  pentestingwebsecwebsecuritywebsecurity-referenceweb-penweb-penetration-testingweb-security
  9

• TorhamDev / Death-engine

  A powerful recon tool

  reconinformation-gatheringhacking-toolgoogle-dorksscannerweb-hackingwebhackingcrawlerdirectory-searchpentestingpentesting-toolsport-scanningpython3web-penetration-testingwhoisrecon-toolswebpentestdeath-engine
  Language:Python 9

• ivan-sincek / dnsrecon-chunked

  Brute force subdomains in multiple smaller iterations. Based on DNSRecon.

  bug-bountydnsdnsreconethical-hackingoffensive-securitypenetration-testingred-team-engagementsecuritywebweb-penetration-testingbash
  Language:Shell 8

• pentagridsec / PentagridBurpTransportEncoding

  Burp Suite extensions if you want to teach Burp a new Transport-Encoding

  burp-extensionsburp-pluginburpsuitestubpentesting-toolweb-penetration-testing
  Language:Python 8

• LighTend3r / generate-file-upload

  Generate some payload to bypass restriction when you perform a file upload

  ctffile-uploadpythonwebfile-upload-vulnerabilityhackingpenetration-testingpentesting-toolsweb-penetration-testing
  Language:Python 6

• purvasingh96 / GHCI-2019

  :neckbeard: This repository contains slides and notes from my workshop at the Grace Hopper Conference, India (2019).

  kali-linuxkali-setuppenetration-testingvirtual-machinevirtualboxvirtual-machines-installationn-mapwireless-penetration-testingweb-penetration-testingethical-hackinggrace-hopper-celebration
  6

• c0brabaghdad1 / cve_Directory

  This script take a URL or list of subdomain and the required DIR for specific CVE and give the response code for each url

  cvedir-scannerbug-bountyweb-penetration-testingbug-bounty-tools
  Language:Perl 5

• x86xFX / CORS_exploiter

  This tool build for test Cross Origin Sharing vulnerabilities

  corsjavajavafxweb-penetration-testing
  Language:Java 5

• ivan-sincek / scrapy-scraper

  Web crawler and scraper based on Scrapy and Playwright's headless browser.

  bug-bountycrawlercrawlingheadless-browseroffensive-securitypythonscraperscrapingscrapysecuritydownloaderdownloadingethical-hackingjavascriptpenetration-testingred-team-engagementwebweb-penetration-testingspideringspider
  Language:Python 4

• n0mi1k / cacheblaster

  A python tool to test for web cache poisoning denial of service (CPDoS) vulnerabilities.

  pentest-scriptspentesting-toolsweb-applicationweb-penetration-testingcache-bustingcache-poisoningpenetration-testingredteam-tools
  Language:Python 4