#Web-security

Showing 60 of 166 repositories tagged #web-security, ranked by stars

chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
100
★ 21.7k ⑂ 1.4k +40/day
Go
MobSF
MobSF
Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Score
100
★ 21.4k ⑂ 3.7k +52/day
JavaScript
Hacker0x01
Hacker0x01
hacker101

Source code for Hacker101.com - a free online web and mobile security class.

Score
97
★ 14.5k ⑂ 2.7k +3/day
SCSS
nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
96
★ 12.1k ⑂ 2.0k +7/day
bunkerity
bunkerity
bunkerweb

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Score
100
★ 10.7k ⑂ 633 +3/day
Python
infoslack
infoslack
awesome-web-hacking

A list of web application security

Score
99
★ 7.0k ⑂ 1.3k +6/day
lirantal
lirantal
awesome-nodejs-security

Awesome Node.js Security resources

Score
98
★ 3.0k ⑂ 294 +1/day
palahsu
palahsu
DDoS-Ripper

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Score
99
★ 2.8k ⑂ 685 +9/day
Python
Ge0rg3
Ge0rg3
requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Score
97
★ 1.7k ⑂ 173 +1/day
Python
WangYihang
WangYihang
GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Score
75
★ 1.7k ⑂ 248 +1/day
Python
lunasec-io
lunasec-io
lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Score
79
★ 1.5k ⑂ 167
TypeScript
lissy93
lissy93
domain-locker

🌐 The all-in-one tool, for keeping track of your domain name portfolio. Got domain names? Get Domain Locker!

Score
0
★ 1.4k ⑂ 114 +32/day
TypeScript
six2dez
six2dez
burp-ai-agent

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

Score
0
★ 1.3k ⑂ 203 +4/day
Kotlin
devanshbatham
devanshbatham
FavFreak

Making Favicon.ico based Recon Great again !

Score
78
★ 1.3k ⑂ 175 +1/day
Python
blst-security
blst-security
cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Score
77
★ 1.2k ⑂ 84
Rust
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
95
★ 1.2k ⑂ 192 +75/day
TypeScript
chenjj
chenjj
CORScanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

Score
25
★ 1.2k ⑂ 184
Python
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
90
★ 1.2k ⑂ 244 +1/day
TypeError
TypeError
secure

Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).

Score
95
★ 1.0k ⑂ 32 +3/day
Python
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
0
★ 965 ⑂ 80 +4/day
Rust
whgojp
whgojp
JavaSecLab

JavaSecLab is a comprehensive Java vulnerability platform|​ JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……

Score
93
★ 858 ⑂ 75
Java
fabriziosalmi
fabriziosalmi
caddy-waf

Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)

Score
80
★ 787 ⑂ 30 +4/day
Go
incredibleindishell
incredibleindishell
SSRF_Vulnerable_Lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Score
77
★ 780 ⑂ 238
PHP
Tmpertor
Tmpertor
Raven-Storm

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Score
0
★ 733 ⑂ 181
Python
aaPanel
aaPanel
aaWAF

aawaf 是一款基于语义分析的Web应用防火墙

Score
92
★ 715 ⑂ 135 +1/day
Go
tempesta-tech
tempesta-tech
tempesta

Web application acceleration, advanced DDoS protection and web security

Score
94
★ 708 ⑂ 110
C
hueristiq
hueristiq
xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
20
★ 706 ⑂ 78
Go
dmdhrumilmistry
dmdhrumilmistry
pyhtools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Score
50
★ 644 ⑂ 99
Python
madneal
madneal
articles-translator

:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Score
88
★ 621 ⑂ 65
Harmoc
Harmoc
CTFTools

Personal CTF Toolkit

Score
74
★ 620 ⑂ 139
cyproxio
cyproxio
mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Score
89
★ 619 ⑂ 99
TypeScript
trailofbits
trailofbits
twa

A tiny web auditor with strong opinions.

Score
72
★ 594 ⑂ 52
Shell
yyhuni
yyhuni
xingrin

Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, and security result management.

Score
91
★ 593 ⑂ 83 +6/day
TypeScript
splitline
splitline
How-to-Hack-Websites

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Score
71
★ 577 ⑂ 52
PHP
JasonLovesDoggo
JasonLovesDoggo
caddy-defender

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

Score
90
★ 562 ⑂ 21
Go
0x4D31
0x4D31
burpa

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Score
73
★ 535 ⑂ 116
Python
ByCh4n
ByCh4n
BCHackTool

🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.

Score
85
★ 531 ⑂ 88 +1/day
Shell
cc1a2b
cc1a2b
JShunter

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Score
60
★ 528 ⑂ 59 +2/day
Go
LING71671
LING71671
open-reverselab

Open-source reverse engineering lab: 197-article knowledge base + MCP tools + CTF/APK/PE automation toolchain. Agent-native. Note:由于场景原因,目前有让几乎所有AI都会越狱的bug,暂时不修😉

Score
92
★ 526 ⑂ 153 +187/day
Python
edoardottt
edoardottt
csprecon

Discover new target domains using Content Security Policy

Score
40
★ 515 ⑂ 52
Go
Fausto-404
Fausto-404
js-reverse-automation--skill

结合chrome-devtools-mcp的能力并加上Skill的规范,实现JSRPC+Flask+autoDecoder方案的前端JS逆向自动化分析,提升JS逆向的效率

Score
100
★ 515 ⑂ 75 +6/day
Python
asdfgh1445
asdfgh1445
ctf-super-hub

面向小白用户的 CTF / 逆向 Skills 整合包:自动分流、头脑风暴、教学模式、比赛模式、只提示模式

Score
88
★ 489 ⑂ 74 +12/day
JavaScript
enkomio
enkomio
Taipan

Web application vulnerability scanner

Score
68
★ 463 ⑂ 91
burpheart
burpheart
koko-moni

一个基于网络空间搜索引擎的攻击面管理平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗

Score
62
★ 461 ⑂ 25
ossamayasserr
ossamayasserr
WebAppPentestRoadmap

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

Score
68
★ 447 ⑂ 87
Python
3516634930
3516634930
Payloader

渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript

Score
86
★ 438 ⑂ 112 +4/day
TypeScript
Brum3ns
Brum3ns
firefly

Black box fuzzer for web applications

Score
63
★ 438 ⑂ 41
Go
ImAyrix
ImAyrix
fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Score
64
★ 433 ⑂ 53
Go
FrancescoStabile
FrancescoStabile
numasec

The AI Agent for Cyber Security.

Score
86
★ 419 ⑂ 49 +4/day
TypeScript
dckc
dckc
awesome-ocap

Awesome Object Capabilities and Capability Security

Score
87
★ 409 ⑂ 28 +1/day
JavaScript
multiparty
multiparty
jiff

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

Score
83
★ 274 ⑂ 53
JavaScript
chrispetrou
chrispetrou
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Score
58
★ 272 ⑂ 80
Python
edoardottt
edoardottt
pphack

Advanced Client-Side Prototype Pollution Scanner

Score
84
★ 250 ⑂ 27
Go
yz9yt
yz9yt
BugTrace-AI

[ARCHIVED] Evolved into BugTraceAI v2 — github.com/BugTraceAI/BugTraceAI

Score
82
★ 250 ⑂ 51
TypeScript
WangYihang
WangYihang
Reverse-Shell-Manager

:hammer: A multiple reverse shell session/client manager via terminal

Score
56
★ 244 ⑂ 60
Python
cypherpunk-symposium
cypherpunk-symposium
security-pentesting-toolkit

👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.

Score
82
★ 240 ⑂ 25
C
serain
serain
bbrecon

Python library and CLI for the Bug Bounty Recon API

Score
84
★ 228 ⑂ 39 +1/day
Python
codingo
codingo
Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Score
51
★ 203 ⑂ 47
Python
voorhoede
voorhoede
lighthouse-security

Runs the default Google Lighthouse tests with additional security tests

Score
0
★ 198 ⑂ 13
JavaScript
telekom-security
telekom-security
explo

Human and machine readable web vulnerability testing format

Score
50
★ 194 ⑂ 49
Python
Related Topics
#security#security-tools#cybersecurity#hacking#penetration-testing#pentesting#owasp#bugbounty#bug-bounty#security-automation#appsec#waf

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly