#Owasp

Showing 60 of 193 repositories tagged #owasp, ranked by stars

OWASP
OWASP
CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Score
100
โ˜… 32.5k โ‘‚ 4.5k +5/day
Python
MobSF
MobSF
Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Score
99
โ˜… 21.4k โ‘‚ 3.7k +52/day
JavaScript
vitalysim
vitalysim
Awesome-Hacking-Resources

A collection of hacking / penetration testing resources to make you better!

Score
99
โ˜… 17.2k โ‘‚ 2.2k +29/day
owasp-amass
owasp-amass
amass

In-depth attack surface mapping and asset discovery

Score
100
โ˜… 14.8k โ‘‚ 2.1k +38/day
Go
juice-shop
juice-shop
juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Score
100
โ˜… 13.5k โ‘‚ 18.6k +3/day
TypeScript
OWASP
OWASP
wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Score
98
โ˜… 9.6k โ‘‚ 1.6k +16/day
infoslack
infoslack
awesome-web-hacking

A list of web application security

Score
97
โ˜… 7.0k โ‘‚ 1.3k +6/day
paragonie
paragonie
awesome-appsec

A curated list of resources for learning about application security

Score
84
โ˜… 7.0k โ‘‚ 797 +7/day
PHP
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
97
โ˜… 6.7k โ‘‚ 999 +14/day
Ruby
madhuakula
madhuakula
kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐Ÿš€

Score
96
โ˜… 5.7k โ‘‚ 1.0k +7/day
HTML
OWASP
OWASP
Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Score
60
โ˜… 5.3k โ‘‚ 1.1k +8/day
Python
DefectDojo
DefectDojo
django-DefectDojo

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Score
80
โ˜… 4.8k โ‘‚ 1.9k +1/day
HTML
microsoft
microsoft
agent-governance-toolkit

AI Agent Governance Toolkit โ€” Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.

Score
40
โ˜… 4.7k โ‘‚ 689 +6/day
Python
DependencyTrack
DependencyTrack
dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Score
95
โ˜… 4.0k โ‘‚ 775 +6/day
Java
microcosm-cc
microcosm-cc
bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Score
20
โ˜… 3.7k โ‘‚ 193 +1/day
Go
corazawaf
corazawaf
coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Score
90
โ˜… 3.6k โ‘‚ 334 +37/day
Go
husnainfareed
husnainfareed
awesome-ethical-hacking-resources

๐Ÿ˜Ž ๐Ÿ”— Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.

Score
94
โ˜… 3.6k โ‘‚ 556 +28/day
coreruleset
coreruleset
coreruleset

OWASP CRS (Official Repository)

Score
95
โ˜… 3.2k โ‘‚ 460 +3/day
Python
lirantal
lirantal
awesome-nodejs-security

Awesome Node.js Security resources

Score
93
โ˜… 3.0k โ‘‚ 294 +1/day
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
93
โ˜… 2.7k โ‘‚ 141 +2/day
Go
flipkart-incubator
flipkart-incubator
Astra

Automated Security Testing For REST API's

Score
73
โ˜… 2.6k โ‘‚ 413 โ€”
Python
phongnguyend
phongnguyend
Practical.CleanArchitecture

Full-stack .Net 10 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 22, React 19, Vue 3.5, BFF with YARP, NextJs 16, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, EF Core, OpenTelemetry, SignalR, Background Services, Health Checks, Rate Limiting, Clouds (Azure, AWS, GCP), ...

Score
100
โ˜… 2.4k โ‘‚ 607 +1/day
C#
find-sec-bugs
find-sec-bugs
find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Score
90
โ˜… 2.4k โ‘‚ 484 โ€”
Java
OWASP
OWASP
masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Score
88
โ˜… 2.4k โ‘‚ 700 +5/day
Python
0xRadi
0xRadi
OWASP-Web-Checklist

OWASP Web Application Security Testing Checklist

Score
71
โ˜… 2.2k โ‘‚ 412 +3/day
cossacklabs
cossacklabs
themis

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Score
80
โ˜… 2.0k โ‘‚ 159 โ€”
C
owtf
owtf
owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Score
90
โ˜… 1.9k โ‘‚ 487 +1/day
TypeScript
xalgord
xalgord
Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Score
74
โ˜… 1.8k โ‘‚ 297 โ€”
wallarm
wallarm
gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Score
68
โ˜… 1.8k โ‘‚ 257 โ€”
Go
Safe3
Safe3
uusec-waf

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Score
89
โ˜… 1.7k โ‘‚ 168 +2/day
Shell
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
83
โ˜… 1.6k โ‘‚ 127 +3/day
C++
webpwnized
webpwnized
mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Score
91
โ˜… 1.5k โ‘‚ 561 +2/day
PHP
OWASP
OWASP
wrongsecrets

Vulnerable app with examples showing how to not use secrets

Score
92
โ˜… 1.4k โ‘‚ 589 โ€”
Java
owasp-noir
owasp-noir
noir

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Score
88
โ˜… 1.3k โ‘‚ 141 โ€”
Crystal
roottusk
roottusk
vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Score
58
โ˜… 1.3k โ‘‚ 337 +2/day
HTML
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
87
โ˜… 1.2k โ‘‚ 192 +75/day
TypeScript
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
80
โ˜… 1.2k โ‘‚ 244 +1/day
daveshanley
daveshanley
vacuum

vacuum is the worlds fastest and most versatile OpenAPI, AsyncAPI & JSON Schema linter, docs generator and toolkit. It tears through API specs at light speed. 100% compatible with Spectral rulesets, and OpenAPI 3.0, 3.1 and 3.2

Score
60
โ˜… 1.1k โ‘‚ 86 +5/day
Go
OWASP
OWASP
DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Score
86
โ˜… 1.1k โ‘‚ 253 +3/day
Python
cdxgen
cdxgen
cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Score
75
โ˜… 1.0k โ‘‚ 254 +5/day
JavaScript
secureCodeBox
secureCodeBox
secureCodeBox

secureCodeBox (SCB) - continuous secure delivery out of the box

Score
70
โ˜… 983 โ‘‚ 182 +2/day
Go
security-code-scan
security-code-scan
security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

Score
61
โ˜… 978 โ‘‚ 160 โ€”
C#
Baroshem
Baroshem
nuxt-security

๐Ÿ›ก Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

Score
86
โ˜… 976 โ‘‚ 78 โ€”
TypeScript
Cyber-Buddy
Cyber-Buddy
APKHunt

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Score
10
โ˜… 968 โ‘‚ 102 โ€”
Go
whgojp
whgojp
JavaSecLab

JavaSecLab is a comprehensive Java vulnerability platform๏ฝœโ€‹ JavaSecLabๆ˜ฏไธ€ๆฌพ็ปผๅˆๅž‹Javaๆผๆดžๅนณๅฐ๏ผŒๆไพ›็›ธๅ…ณๆผๆดž็ผบ้™ทไปฃ็ ใ€ไฟฎๅคไปฃ็ ใ€ๆผๆดžๅœบๆ™ฏใ€ๅฎก่ฎกSINK็‚นใ€ๅฎ‰ๅ…จ็ผ–็ ่ง„่Œƒ๏ผŒ่ฆ†็›–ๅคš็งๆผๆดžๅœบๆ™ฏ๏ผŒๅ‹ๅฅฝ็”จๆˆทไบคไบ’UIโ€ฆโ€ฆ

Score
84
โ˜… 858 โ‘‚ 75 โ€”
Java
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
85
โ˜… 790 โ‘‚ 149 +4/day
fabriziosalmi
fabriziosalmi
caddy-waf

Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)

Score
50
โ˜… 787 โ‘‚ 30 +4/day
Go
actuator
actuator
Android-Security-Exploits-YouTube-Curriculum

๐Ÿ”“A Curated List Of Modern Android Exploitation Conference Talks

Score
100
โ˜… 781 โ‘‚ 66 โ€”
appsecco
appsecco
dvna

Damn Vulnerable NodeJS Application

Score
69
โ˜… 778 โ‘‚ 919 โ€”
SCSS
asamassekou10
asamassekou10
ship-safe

CLI security scanner built for the agentic era. Detects CI/CD misconfigs, agent permission risks, MCP tool injection, hardcoded secrets, and DMCA-flagged AI dependencies.

Score
82
โ˜… 758 โ‘‚ 83 +17/day
JavaScript
dependency-check
dependency-check
dependency-check-sonar-plugin

Integrates Dependency-Check reports into SonarQube

Score
69
โ˜… 693 โ‘‚ 146 โ€”
Java
bmarsh9
bmarsh9
gapps

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking

Score
83
โ˜… 685 โ‘‚ 150 +2/day
HTML
corazawaf
corazawaf
coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

Score
40
โ˜… 643 โ‘‚ 72 +1/day
Go
cloudcomponents
cloudcomponents
cdk-constructs

A collection of higher-level reusable cdk constructs

Score
33
โ˜… 635 โ‘‚ 101 โ€”
TypeScript
OWASP
OWASP
cve-lite-cli

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.

Score
82
โ˜… 629 โ‘‚ 105 +1/day
TypeScript
OWASP
OWASP
www-project-kubernetes-top-ten

OWASP Foundation Web Respository

Score
78
โ˜… 614 โ‘‚ 98 +1/day
HTML
kac89
kac89
vulnrepo

VULNRฮžPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!

Score
81
โ˜… 564 โ‘‚ 118 +1/day
TypeScript
insidersec
insidersec
insider

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Score
0
โ˜… 552 โ‘‚ 80 โ€”
Go
MyuriKanao
MyuriKanao
src-hunter-skill

ๅฎžๆˆ˜ SRC / ไผ—ๆต‹ / Bug bounty ๆผๆดžๆŒ–ๆŽ˜ Claude Code skill โ€” 19 ไธชๆ”ปๅ‡ป็ฑป playbookใ€305 ไธช็ป“ๆž„ๅŒ– payloadใ€263 ไธช WAF/EDR ็ป•่ฟ‡ใ€2887 ไปฝ HackerOne ็œŸๅฎžๆกˆไพ‹ใ€88,636 WooYun ๆกˆไพ‹็ปŸ่ฎก

Score
79
โ˜… 539 โ‘‚ 69 +23/day
CycloneDX
CycloneDX
specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

Score
100
โ˜… 521 โ‘‚ 88 โ€”
XSLT
Related Topics
#security#appsec#security-tools#devsecops#hacking#penetration-testing#pentesting#application-security#static-analysis#web-security#owasp-top-10

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly