#Appsec

Showing 60 of 148 repositories tagged #appsec, ranked by stars

sqlmapproject
sqlmapproject
sqlmap

Automatic SQL injection and database takeover tool

Score
100
★ 37.8k ⑂ 6.3k +43/day
Python
OWASP
OWASP
CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Score
89
★ 32.5k ⑂ 4.5k +5/day
Python
chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
100
★ 21.7k ⑂ 1.4k +40/day
Go
zaproxy
zaproxy
zaproxy

The ZAP by Checkmarx Core project

Score
99
★ 15.4k ⑂ 2.6k +3/day
Java
maurosoria
maurosoria
dirsearch

Web path scanner

Score
78
★ 14.5k ⑂ 2.4k +7/day
Python
juice-shop
juice-shop
juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Score
100
★ 13.5k ⑂ 18.6k +3/day
TypeScript
OWASP
OWASP
wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Score
98
★ 9.6k ⑂ 1.6k +16/day
infoslack
infoslack
awesome-web-hacking

A list of web application security

Score
97
★ 7.0k ⑂ 1.3k +6/day
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
96
★ 6.7k ⑂ 999 +14/day
Ruby
microsoft
microsoft
Security-101

8 Lessons, Kick-start Your Cybersecurity Learning.

Score
94
★ 6.7k ⑂ 904 +12/day
HTML
infobyte
infobyte
faraday

Open Source Vulnerability Management Platform

Score
56
★ 6.6k ⑂ 1.1k +5/day
Python
OWASP
OWASP
Go-SCP

Golang Secure Coding Practices guide

Score
0
★ 5.3k ⑂ 406
Go
jassics
jassics
security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Score
94
★ 5.0k ⑂ 628 +3/day
andresriancho
andresriancho
w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Score
83
★ 4.9k ⑂ 1.2k +1/day
Python
DefectDojo
DefectDojo
django-DefectDojo

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Score
67
★ 4.8k ⑂ 1.9k +1/day
HTML
projectdiscovery
projectdiscovery
interactsh

An OOB interaction gathering server and client library

Score
88
★ 4.4k ⑂ 467 +7/day
Go
openziti
openziti
ziti

The parent project for OpenZiti. Here you will find the executables for a fully zero-trust, programmable network @OpenZiti

Score
75
★ 4.3k ⑂ 256 +14/day
Go
DependencyTrack
DependencyTrack
dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Score
95
★ 4.0k ⑂ 775 +6/day
Java
foospidy
foospidy
payloads

Git All the Payloads! A collection of web attack payloads.

Score
79
★ 4.0k ⑂ 991 +2/day
Shell
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
93
★ 2.7k ⑂ 141 +2/day
Go
Checkmarx
Checkmarx
kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Score
62
★ 2.7k ⑂ 373 +2/day
Open Policy Agent
Crypto-Cat
Crypto-Cat
CTF

CTF challenge (mostly pwn) files, scripts etc

Score
89
★ 2.5k ⑂ 461 +4/day
Python
cider-security-research
cider-security-research
cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Score
70
★ 2.3k ⑂ 414
Python
m14r41
m14r41
PentestingEverything

Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...

Score
92
★ 1.8k ⑂ 406 +72/day
TypeScript
lirantal
lirantal
npq

safely install npm packages by auditing them pre-install stage

Score
88
★ 1.8k ⑂ 41
JavaScript
summitt
summitt
Nope-Proxy

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Score
65
★ 1.7k ⑂ 240 +1/day
Java
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
100
★ 1.6k ⑂ 127 +3/day
C++
webpwnized
webpwnized
mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Score
90
★ 1.5k ⑂ 561 +2/day
PHP
roottusk
roottusk
vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Score
40
★ 1.3k ⑂ 337 +2/day
HTML
six2dez
six2dez
burp-ai-agent

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

Score
100
★ 1.3k ⑂ 203 +4/day
Kotlin
OWASP
OWASP
www-project-top-10-for-large-language-model-applications

OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)

Score
100
★ 1.3k ⑂ 331 +5/day
Python
httpvoid
httpvoid
writeups
Score
60
★ 1.2k ⑂ 174
ayoubfathi
ayoubfathi
leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Score
85
★ 1.2k ⑂ 171
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
87
★ 1.2k ⑂ 192 +75/day
TypeScript
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
100
★ 965 ⑂ 80 +4/day
Rust
zaproxy
zaproxy
zap-extensions

ZAP Add-ons

Score
91
★ 934 ⑂ 796
HTML
Soluto
Soluto
kamus

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

Score
80
★ 934 ⑂ 66
C#
OWASP
OWASP
railsgoat

A vulnerable version of Rails that follows the OWASP Top 10

Score
86
★ 922 ⑂ 820
HTML
UCYBERS
UCYBERS
Awesome-Blackhat-Tools

A curated list of tools officially presented at Black Hat events

Score
84
★ 915 ⑂ 90 +96/day
JoasASantos
JoasASantos
n8n-CyberSecurity-Workflows

Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.

Score
66
★ 880 ⑂ 172 +3/day
ghostsecurity
ghostsecurity
reaper

Live validation proxy tool for testing web app vulnerabilities

Score
38
★ 873 ⑂ 92
Go
numirias
numirias
security

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Score
56
★ 866 ⑂ 158
DataDog
DataDog
dd-trace-go

Datadog Go Library including APM tracing, profiling, and security monitoring.

Score
50
★ 847 ⑂ 535
Go
blacklanternsecurity
blacklanternsecurity
badsecrets

A library for detecting known secrets across many web frameworks

Score
44
★ 809 ⑂ 82 +4/day
Python
FuzzingLabs
FuzzingLabs
secpipe

MCP server for AI-driven security pipelines

Score
82
★ 798 ⑂ 95
Python
MobSF
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

Score
75
★ 770 ⑂ 121 +4/day
Python
MattKeeley
MattKeeley
Spoofy

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Score
33
★ 768 ⑂ 82
Python
dependency-check
dependency-check
dependency-check-sonar-plugin

Integrates Dependency-Check reports into SonarQube

Score
68
★ 693 ⑂ 146
Java
Anof-cyber
Anof-cyber
Application-Security

Resources for Application Security including Web, API, Android, iOS and Thick Client

Score
25
★ 686 ⑂ 62
TheHackerDev
TheHackerDev
race-the-web

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Score
50
★ 633 ⑂ 72
Go
OWASP
OWASP
cve-lite-cli

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.

Score
83
★ 629 ⑂ 105 +1/day
TypeScript
tianchong-zerotemp
tianchong-zerotemp
dianxing

DianXing - AI-Driven End-to-End Code Security Auditing

Score
81
★ 610 ⑂ 57 +165/day
TupleType
TupleType
awesome-cicd-attacks

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

Score
80
★ 608 ⑂ 57 +3/day
praetorian-inc
praetorian-inc
titus

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.

Score
25
★ 605 ⑂ 68 +3/day
Go
cc1a2b
cc1a2b
JShunter

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Score
12
★ 528 ⑂ 59 +2/day
Go
ajinabraham
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Score
49
★ 434 ⑂ 106
JavaScript
FrancescoStabile
FrancescoStabile
numasec

The AI Agent for Cyber Security.

Score
76
★ 419 ⑂ 49 +4/day
TypeScript
volkandindar
volkandindar
agartha

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.

Score
78
★ 400 ⑂ 81
Python
ispras
ispras
casr

Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

Score
75
★ 355 ⑂ 36
Rust
mercedes-benz
mercedes-benz
sechub

SecHub provides a central API to test software with different security tools.

Score
67
★ 353 ⑂ 80
Java
Related Topics
#security#pentesting#cybersecurity#owasp#penetration-testing#devsecops#security-tools#hacking#application-security#infosec#security-automation

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly