web-security

There are 80 repositories under web-security topic.

• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  android-securityapi-testingapkcwedevsecopsdynamic-analysisios-securitymalware-analysismastgmasvsmobile-securitymobsfmstgowasprestruntime-securitystatic-analysisweb-securitywindows-mobile-security
  Language:JavaScript 19429
• SafeLine

  chaitin / SafeLine

  SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

  firewallhttp-floodsecuritysql-injectionwafweb-application-firewallweb-securityxsscaptchaapi-gatewayappseccvecybersecurityhackersvulnerabilitywebsecurityapplication-securitybruteforceblueteamself-hosted
  Language:Go 17682

• Hacker0x01 / hacker101

  Source code for Hacker101.com - a free online web and mobile security class.

  educationhackingsecurityhackeronehacker101xssclickjackingcsrfweb-securitysession-fixationunchecked-redirectssql-injectionmobile-securityvulnerability
  Language:SCSS 14213

• nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

  A list of resources for those interested in getting started in bug bounties

  bug-bounty-huntershackersxssbug-bountylearn2hackhackingpentestweb-securityeducationssrfbugbounty
  11508
• bunkerweb

  bunkerity / bunkerweb

  🛡️ Open-source and next-generation Web Application Firewall (WAF)

  nginxmodsecuritydockersecuritydnsblreverse-proxybunkerized-nginxhardeningweb-securitysecurity-tuningcybersecuritydevsecopsantibotletsencryptswarmkubernetesdevopshostingwafweb-application-firewall
  Language:Python 9069

• infoslack / awesome-web-hacking

  A list of web application security

  penetration-testingweb-hackingvulnerabilitiesscannerhackinghacking-toolsmetasploitweb-securityappsecowasppentestingsecurityvulnerability
  6411

• vavkamil / awesome-bugbounty-tools

  A curated list of various bug bounty tools

  awesomeawesome-listbugbountysecurity-toolstoolsweb-security
  5317
• awesome-nodejs-security

  lirantal / awesome-nodejs-security

  Awesome Node.js Security resources

  cybersecurityhacktoberfestinfosecnodejsowasppentestsecurityvulnerabilitiesweb-security
  2802
• DDoS-Ripper

  palahsu / DDoS-Ripper

  DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

  ddos-attacksddos-toolddos-attack-toolsddos-protectionddosddos-attack-tooldenial-of-serviceattack-defensedeface-websitehacking-toolshacking-toolddos-ripperddos-attackinternet-trafficprotectionweb-securitysecurityattack-serversql-injectionlinux-tools
  Language:Python 2499

• 0xSobky / HackVault

  A container repository for my public web hacks!

  payloadsweb-securitypentestingtrackingfuzzingregexreconnaissancexssexploit
  Language:JavaScript 2010

• qi4L / JYso

  JNDIExploit or a ysoserial.

  attackgadgetjavajndijndi-injectionldapmem-shellmiddleware-echormiweb-securityysoserial
  Language:Java 1570

• WangYihang / GitHacker

  🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

  gitgithackweb-security
  Language:Python 1505

• lunasec-io / lunasec

  LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

  compliancecontinuous-deliverycve-scanningcybersecuritydependency-analysisdevsecopsgdprlog4shellpci-dsssbomsbom-generatorscanningscanning-toolsecuritysecurity-toolssoc2software-composition-analysistokenizationweb-securityzero-trust
  Language:TypeScript 1456

• Ge0rg3 / requests-ip-rotator

  A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

  security-toolssecurityipbypassnetworkingawsapigatewaybugbountyweb-securityhacktoberfest
  Language:Python 1420

• pushsecurity / saas-attacks

  Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

  offensive-securitysaasweb-security
  1375

• 4ra1n / super-xray

  Web漏洞扫描工具XRAY的GUI启动器

  vulnerability-scannersweb-security
  Language:Java 1305
• cherrybomb

  blst-security / cherrybomb

  Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

  apiapi-securitybest-practicesblstbusiness-logicclicybercybersecurityfirecrackerhttpopen-sourceopenapiopenapi3securitysecurity-toolsweb-sec-scannerweb-securitywebsecurity
  Language:Rust 1178

• devanshbatham / FavFreak

  Making Favicon.ico based Recon Great again !

  bugbountybughuntinghackinginformation-gatheringosintreconreconnaissanceweb-securitywebappsec
  Language:Python 1177

• chenjj / CORScanner

  🎯 Fast CORS misconfiguration vulnerabilities scanner

  corscors-misconfigurationscors-policycors-scannerpythonpython3vulnerability-scannersweb-security
  Language:Python 1074

• Zeyad-Azima / Offensive-Resources

  A Huge Learning Resources with Labs For Offensive Security Players

  apiinfrastructurelearningsecuritymobilewebhackhackingowaspcybersecurityweb-securitymobile-securityoffensiveoffensive-securityred-teamowasp-top-10redteamcloud-securityapi-securityred-teaming
  987

• TypeError / secure

  Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

  content-security-policydjangofastapiflaskheadersheaders-securityhttp-headerspythonpython-securityreferrer-policysecure-headerssecuritysecurity-headersstrict-transport-securityweb-security
  Language:Python 930

• backdoorhub / shell-backdoor-list

  🎯 PHP / ASP - Shell Backdoor List 🎯

  shellbackdoorshell-backdoorweb-shellhackinghackingcodeweb-hackingr57c99b374kkacakwebhackwebsecurityweb-securitywsophpphp-backdoorasp-netasp-backdoor
  Language:PHP 768

• 4ra1n / mysql-fake-server

  纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用

  jdbcmysqlfake-servervulnerabilityweb-security
  Language:Java 741

• incredibleindishell / SSRF_Vulnerable_Lab

  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

  attackexploitationhackinglabserver-side-request-forgeryssrfweb-security
  Language:PHP 710

• Lookyloo / lookyloo

  Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

  information-securityprivacyweb-securitydfircapturescrapinglookyloo
  Language:Python 706

• tempesta-tech / tempesta

  Web application acceleration, advanced DDoS protection and web security

  web-application-firewalllinux-kernelhigh-performancehttp-acceleratorload-balancerdatabasetlshttp2securitybotsddos-protectionweb-performanceweb-securityddoswaf
  Language:C 666

• turbo / openftp4

  A list of all FTP servers in IPv4 that allow anonymous logins.

  ftpweb-security
  654
• Raven-Storm

  Tmpertor / Raven-Storm

  Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

  denial-of-serviceprotectionsecuritysecurity-toolsweb-securityddos-attacksdosattacksstress-testingddos-scriptserverddos-toolpentestingpythonpenetration-testsddos-attack-toolstermuxbotnetmitmddos
  Language:Python 637

• hueristiq / xurlfind3r

  A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

  osintpenetration-testingpenetration-testing-toolsbug-bountybug-bounty-toolsethical-hackingethical-hacking-toolsosint-toolsred-teamingred-teaming-toolsweb-securitycontentdiscoveryreconnaissancegogolang
  Language:Go 636

• madneal / articles-translator

  :books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.

  articlejavascriptvuewebpackmemory-managementnpmpwareactsecuritycssparcelcodeqlsecurity-toolswebweb-security
  621

• Harmoc / CTFTools

  Personal CTF Toolkit

  hackingctf-toolsweb-securityhacking-tool
  595

• trailofbits / twa

  A tiny web auditor with strong opinions.

  securityweb-securityauditinghacktoberfest
  Language:Shell 587
• pyhtools

  dmdhrumilmistry / pyhtools

  A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

  pythonpython3hacking-toolshackingwithpythonhackingtelegram-hackremoteaccesshacking-toolransomwaredmdhrumilmistrymalware-developmentpenetration-testingapihackingweb-securityweb-hac
  Language:Python 546

• luigigubello / PayloadsAllThePDFs

  PDF Files for Pentesting

  pentestingweb-pentestweb-security
  545

• Cryin / JavaID

  java source code static code analysis and danger function identify prog

  java-code-auditweb-security
  Language:Python 532

• splitline / How-to-Hack-Websites

  開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

  ctfsecurityweb-security
  Language:PHP 525