#Web-application-security

Showing 43 of 43 repositories tagged #web-application-security, ranked by stars

codingo
codingo
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

Score
100
★ 3.3k ⑂ 625
Python
owtf
owtf
owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Score
98
★ 1.9k ⑂ 487 +1/day
TypeScript
wallarm
wallarm
gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Score
83
★ 1.8k ⑂ 257
Go
codingo
codingo
VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Score
78
★ 1.3k ⑂ 239 +1/day
Python
Janusec
Janusec
janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

Score
80
★ 1.2k ⑂ 268
Go
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
0
★ 965 ⑂ 80 +4/day
Rust
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
95
★ 790 ⑂ 149 +4/day
ZishanAdThandar
ZishanAdThandar
pentest

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Score
93
★ 727 ⑂ 105 +1/day
PHP
wallarm
wallarm
api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Score
90
★ 652 ⑂ 61
Go
vatsalgupta67
vatsalgupta67
All-In-One-CyberSecurity-Resources

List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

Score
63
★ 574 ⑂ 70 +1/day
ImAyrix
ImAyrix
fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Score
56
★ 433 ⑂ 53
Go
Anon-Exploiter
Anon-Exploiter
SiteBroker

A cross-platform python based utility for information gathering and penetration testing automation!

Score
61
★ 429 ⑂ 101 +1/day
Python
gildasio
gildasio
h2t

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

Score
85
★ 409 ⑂ 36
Python
mhmdiaa
mhmdiaa
second-order

Second-order subdomain takeover scanner

Score
88
★ 405 ⑂ 68
Go
migueltc13
migueltc13
TryHackMe

Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.

Score
73
★ 379 ⑂ 153
Shell
PalindromeLabs
PalindromeLabs
STEWS

A Security Tool for Enumerating WebSockets

Score
54
★ 376 ⑂ 42
Python
ImAyrix
ImAyrix
cut-cdn

✂️ Removing CDN IPs from the list of IP addresses

Score
51
★ 348 ⑂ 53
Go
mhmdiaa
mhmdiaa
chronos

Wayback Machine OSINT Framework

Score
44
★ 233 ⑂ 42
Go
codingo
codingo
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Score
41
★ 213 ⑂ 44
Makefile
MrM8BRH
MrM8BRH
SuperLibrary

A massive, curated collection of information security books, study guides, cheat sheets, and resources. This library is intended for educational purposes and to help those who cannot otherwise access this material.

Score
76
★ 161 ⑂ 41
Python
stone-rhino
stone-rhino
wge

A high-performance web application firewall (WAF) library based on C++

Score
68
★ 102 ⑂ 7 +1/day
C++
3ls3if
3ls3if
Cybersecurity-Notes

Cybersecurity Notes For Intermediate and Advanced Hackers | CEH Exam Prep Also Included

Score
66
★ 83 ⑂ 27
sagsooz
sagsooz
Webshell-bypass

A collection of advanced PHP and ASPX web shells designed to bypass security measures.

Score
71
★ 73 ⑂ 31 +2/day
PHP
oshp
oshp
headers

An application to catch, search and analyze HTTP secure headers.

Score
27
★ 64 ⑂ 10
Python
Piyush-2975
Piyush-2975
Advanced-WAF-WAFinity

An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.

Score
24
★ 56 ⑂ 14
Python
kljunowsky
kljunowsky
CVE-2023-36845

Juniper Firewalls CVE-2023-36845 - RCE

Score
22
★ 55 ⑂ 13
Python
roottusk
roottusk
xforwardy

Host Header Injection Scanner

Score
20
★ 50 ⑂ 14
Python
paulveillard
paulveillard
cybersecurity-ethical-hacking

An ongoing collection of awesome ethical hacking tools, software, libraries, learning tutorials, frameworks, academic and practical resources

Score
10
★ 42 ⑂ 4
Python
AnonKryptiQuz
AnonKryptiQuz
TimeVault

TimeVault is a specialized automated tool designed to detect potential information disclosure vulnerabilities in web applications by leveraging archived URLs from the Wayback Machine.

Score
15
★ 42 ⑂ 11
Python
Indrajith-S
Indrajith-S
CEH-Lab-Notes

Step into my GitHub treasure trove—an immersive collection of comprehensive notes chronicling my Certified Ethical Hacker (CEH) lab escapades. Journey through the intricate art of hacking, traversing from covert reconnaissance to the boundless realms of cloud computing. Prepare to illuminate your path in the captivating cosmos of ethical hacking.

Score
17
★ 39 ⑂ 13 +1/day
ShubhamTuts
ShubhamTuts
ShubhamWebScript-Website-vulnerability-Checker

Find any website vulnerability and bugs in few second.

Score
59
★ 38 ⑂ 13
Python
keusuanl-sec
keusuanl-sec
Advanced-Web-Application-Firewall

An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.

Score
12
★ 34 ⑂ 4
HTML
intrudir
intrudir
BypassFuzzer-Burp

The Java Burp Extension version of my BypassFuzzer tool

Score
46
★ 33 ⑂ 3
Java
nr-yolo
nr-yolo
Vulnshop

Web Application Pentesting Lab with over 40 plus vulnerability, which covers all the owasp top 10 issues.

Score
37
★ 30 ⑂ 0
JavaScript
uttambodara
uttambodara
Awesome-Hacking-Learning-Path

A comprehensive hacking learning path covering Pentesting, OSINT, Linux, Networking, Web Application Security, Cryptography, Exploitation, Reverse Engineering, Forensics, CVEs, and CTF challenges. Perfect for beginners and professionals to master ethical hacking, penetration testing, and cybersecurity step by step. 🚀

Score
49
★ 29 ⑂ 6 +1/day
Irench1k
Irench1k
unsafe-code

Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.

Score
39
★ 29 ⑂ 1
Python
binarymist
binarymist
HolisticInfoSec-For-WebDevelopers-Fascicle1

:books: VPS :lock: Network :lock: Cloud :lock: Web Applications :books:

Score
32
★ 26 ⑂ 12
kaiiyer
kaiiyer
web-app-pentesting

Web Application Penetration Testing tools and Materials for Ethical Hackers.

Score
7
★ 21 ⑂ 6
Python
Nuknov
Nuknov
DeConfigro

DeConfigro is a tool that scans WordPress websites for the WordPress Setup Config Vulnerability. If exposed, this page indicates an incomplete installation and can be exploited, posing a security risk.

Score
34
★ 19 ⑂ 3
Shell
DanaEpp
DanaEpp
CodeArgos

A python module for red teams to support the continuous recon of JavaScript files and HTML script blocks in an active web application.

Score
5
★ 14 ⑂ 6
Python
Superjulien
Superjulien
Bruteweb

Bruteweb is a Python script for web security testing. It conducts brute-force attacks to assess web application security. Customize your tests with various options and verbosity levels. Use the command line or GUI for flexibility. Strengthen your web security assessments with Bruteweb.

Score
0
★ 11 ⑂ 3
Python
blendF
blendF
harpoon

Autonomous Black-Box Pentesting for Web Applications.

Score
29
★ 10 ⑂ 2
Python
ImKKingshuk
ImKKingshuk
StealthNewSQL

StealthNewSQL : The Ultimate NewSQL Injection Tool - Your All-in-One Solution for NewSQL Database Security! 🛡️ Uncover, exploit, and secure NewSQL database vulnerabilities with this feature-packed command-line tool. Whether you're a penetration tester, security researcher, or developer, StealthNewSQL equips you with the ultimate power! 💥

Score
2
★ 10 ⑂ 5
Shell
Related Topics
#penetration-testing#hacking#security#bugbounty#security-tools#cybersecurity#pentesting#web-security#ethical-hacking#offensive-security#python#waf

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly