#Web-application-security
Showing 43 of 43 repositories tagged #web-application-security, ranked by stars
Automated NoSQL database enumeration and web application exploitation tool.
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
A cross-platform python based utility for information gathering and penetration testing automation!
h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply
Second-order subdomain takeover scanner
Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.
A Security Tool for Enumerating WebSockets
✂️ Removing CDN IPs from the list of IP addresses
Wayback Machine OSINT Framework
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
A massive, curated collection of information security books, study guides, cheat sheets, and resources. This library is intended for educational purposes and to help those who cannot otherwise access this material.
A high-performance web application firewall (WAF) library based on C++
Cybersecurity Notes For Intermediate and Advanced Hackers | CEH Exam Prep Also Included
A collection of advanced PHP and ASPX web shells designed to bypass security measures.
An application to catch, search and analyze HTTP secure headers.
An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.
Juniper Firewalls CVE-2023-36845 - RCE
Host Header Injection Scanner
An ongoing collection of awesome ethical hacking tools, software, libraries, learning tutorials, frameworks, academic and practical resources
TimeVault is a specialized automated tool designed to detect potential information disclosure vulnerabilities in web applications by leveraging archived URLs from the Wayback Machine.
Step into my GitHub treasure trove—an immersive collection of comprehensive notes chronicling my Certified Ethical Hacker (CEH) lab escapades. Journey through the intricate art of hacking, traversing from covert reconnaissance to the boundless realms of cloud computing. Prepare to illuminate your path in the captivating cosmos of ethical hacking.
Find any website vulnerability and bugs in few second.
An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.
The Java Burp Extension version of my BypassFuzzer tool
Web Application Pentesting Lab with over 40 plus vulnerability, which covers all the owasp top 10 issues.
A comprehensive hacking learning path covering Pentesting, OSINT, Linux, Networking, Web Application Security, Cryptography, Exploitation, Reverse Engineering, Forensics, CVEs, and CTF challenges. Perfect for beginners and professionals to master ethical hacking, penetration testing, and cybersecurity step by step. 🚀
Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.
:books: VPS :lock: Network :lock: Cloud :lock: Web Applications :books:
Web Application Penetration Testing tools and Materials for Ethical Hackers.
DeConfigro is a tool that scans WordPress websites for the WordPress Setup Config Vulnerability. If exposed, this page indicates an incomplete installation and can be exploited, posing a security risk.
A python module for red teams to support the continuous recon of JavaScript files and HTML script blocks in an active web application.
Bruteweb is a Python script for web security testing. It conducts brute-force attacks to assess web application security. Customize your tests with various options and verbosity levels. Use the command line or GUI for flexibility. Strengthen your web security assessments with Bruteweb.
Autonomous Black-Box Pentesting for Web Applications.
StealthNewSQL : The Ultimate NewSQL Injection Tool - Your All-in-One Solution for NewSQL Database Security! 🛡️ Uncover, exploit, and secure NewSQL database vulnerabilities with this feature-packed command-line tool. Whether you're a penetration tester, security researcher, or developer, StealthNewSQL equips you with the ultimate power! 💥