There are 76 repositories under web-security topic.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Source code for Hacker101.com - a free online web and mobile security class.
A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.
A list of resources for those interested in getting started in bug bounties
A list of web application security
A curated list of various bug bounty tools
Awesome Node.js Security resources
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Making Favicon.ico based Recon Great again !
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
🎯 Fast CORS misconfiguration vulnerabilities scanner
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
A Huge Learning Resources with Labs For Offensive Security Players
🎯 PHP / ASP - Shell Backdoor List 🎯
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.