web-security

There are 76 repositories under web-security topic.

Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk rest cwe owasp mstg masvs mastg
Language:JavaScript 16768
Hacker0x01 / hacker101
Source code for Hacker101.com - a free online web and mobile security class.
clickjacking csrf education hacker101 hackerone hacking mobile-security security session-fixation sql-injection unchecked-redirects vulnerability web-security xss
Language:SCSS 13671
SafeLine
chaitin / SafeLine
A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss
Language:Go 11176
nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
bug-bounty-hunters hackers xss bug-bounty learn2hack hacking pentest web-security education ssrf bugbounty
10399
infoslack / awesome-web-hacking
A list of web application security
appsec hacking hacking-tools metasploit owasp penetration-testing pentesting scanner security vulnerabilities vulnerability web-hacking web-security
5619
bunkerweb
bunkerity / bunkerweb
🛡️ Make your web services secure by default !
antibot bunkerized-nginx cybersecurity devops devsecops dnsbl docker hardening hosting kubernetes letsencrypt modsecurity nginx reverse-proxy security security-tuning swarm waf web-application-firewall web-security
Language:Python 5067
vavkamil / awesome-bugbounty-tools
A curated list of various bug bounty tools
awesome awesome-list bugbounty security-tools tools web-security
3871
awesome-nodejs-security
lirantal / awesome-nodejs-security
Awesome Node.js Security resources
cybersecurity hacktoberfest infosec nodejs owasp pentest security vulnerabilities web-security
2669
DDoS-Ripper
palahsu / DDoS-Ripper
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
attack-defense attack-server ddos ddos-attack ddos-attack-tool ddos-attack-tools ddos-attacks ddos-protection ddos-ripper ddos-tool deface-website denial-of-service hacking-tool hacking-tools internet-traffic linux-tools protection security sql-injection web-security
Language:Python 2027
0xSobky / HackVault
A container repository for my public web hacks!
exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss
Language:JavaScript 1892
lunasec-io / lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
tokenization web-security compliance security soc2 pci-dss gdpr zero-trust devsecops log4shell dependency-analysis scanning cybersecurity security-tools scanning-tool cve-scanning sbom sbom-generator continuous-delivery software-composition-analysis
Language:TypeScript 1424
WangYihang / GitHacker
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
git githack web-security
Language:Python 1353
qi4L / JYso
It can be either a JNDIExploit or a ysoserial.
attack gadget java jndi jndi-injection ldap mem-shell middleware-echo rmi web-security ysoserial
Language:Java 1327
Ge0rg3 / requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security
Language:Python 1275
4ra1n / super-xray
Web漏洞扫描工具XRAY的GUI启动器
vulnerability-scanners web-security
Language:Java 1230
devanshbatham / FavFreak
Making Favicon.ico based Recon Great again !
bugbounty bughunting hacking information-gathering osint recon reconnaissance web-security webappsec
Language:Python 1099
cherrybomb
blst-security / cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity
Language:Rust 1080
chenjj / CORScanner
🎯 Fast CORS misconfiguration vulnerabilities scanner
cors cors-misconfigurations cors-policy python web-security vulnerability-scanners cors-scanner python3
Language:Python 1007
pushsecurity / saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
offensive-security saas web-security
954
Zeyad-Azima / Offensive-Resources
A Huge Learning Resources with Labs For Offensive Security Players
api infrastructure learning security mobile web hack hacking owasp cybersecurity web-security mobile-security offensive offensive-security red-team owasp-top-10 redteam cloud-security api-security red-teaming
870
backdoorhub / shell-backdoor-list
🎯 PHP / ASP - Shell Backdoor List 🎯
shell backdoor shell-backdoor web-shell hacking hackingcode web-hacking r57 c99 b374k kacak web hack websecurity web-security wso php php-backdoor asp-net asp-backdoor
Language:PHP 686
Lookyloo / lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
information-security privacy web-security dfir capture scraping lookyloo
Language:Python 668
incredibleindishell / SSRF_Vulnerable_Lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
web-security ssrf attack lab exploitation server-side-request-forgery hacking
Language:PHP 660
turbo / openftp4
A list of all FTP servers in IPv4 that allow anonymous logins.
ftp web-security
650
4ra1n / mysql-fake-server
MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)
fake-server jdbc mysql vulnerability web-security
Language:Java 636
madneal / articles-translator
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
article codeql css javascript memory-management npm parcel pwa react security security-tools vue web web-security webpack
620
tempesta-tech / tempesta
All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
bots database ddos-protection high-performance http-accelerator http2 linux-kernel load-balancer security tls web-application-firewall web-performance web-security
Language:C 608
trailofbits / twa
A tiny web auditor with strong opinions.
security web-security auditing hacktoberfest
Language:Shell 578
Harmoc / CTFTools
Personal CTF Toolkit
hacking ctf-tools web-security hacking-tool
569
Raven-Storm
Tmpertor / Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
denial-of-service protection security security-tools web-security ddos-attacks dos attacks stress-testing ddos-script server ddos-tool pentesting python penetration-tests ddos-attack-tools termux botnet mitm ddos
Language:Python 561
hueristiq / xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security
Language:Go 538
Cryin / JavaID
java source code static code analysis and danger function identify prog
java-code-audit web-security
Language:Python 522
splitline / How-to-Hack-Websites
開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall
web-security ctf security
Language:PHP 487
0x4D31 / burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
automation burp burpsuite devops python security security-automation security-scanner security-tools web-security
Language:Python 481
pyhtools
dmdhrumilmistry / pyhtools
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
python python3 hacking-tools hackingwithpython hacking telegram-hack remoteaccess hacking-tool ransomware dmdhrumilmistry malware-development penetration-testing apihacking web-security web-hac
Language:Python 461
enkomio / Taipan
Web application vulnerability scanner
security-tools security-scanner security-automation web-security application-security security security-audit security-testing hacking-tool taipan hacking web web-application web-sec-scanner web-security-research
457