#Web-security
Showing 60 of 166 repositories tagged #web-security, ranked by stars
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Source code for Hacker101.com - a free online web and mobile security class.
A list of resources for those interested in getting started in bug bounties
🛡️ Open-source and cloud-native Web Application Firewall (WAF)
A list of web application security
Awesome Node.js Security resources
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
🌐 The all-in-one tool, for keeping track of your domain name portfolio. Got domain names? Get Domain Locker!
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
Making Favicon.ico based Recon Great again !
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
🎯 Fast CORS misconfiguration vulnerabilities scanner
A Huge Learning Resources with Labs For Offensive Security Players
Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
aawaf 是一款基于语义分析的Web应用防火墙
Web application acceleration, advanced DDoS protection and web security
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Personal CTF Toolkit
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
A tiny web auditor with strong opinions.
Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, and security result management.
開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall
Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.
Open-source reverse engineering lab: 197-article knowledge base + MCP tools + CTF/APK/PE automation toolchain. Agent-native. Note:由于场景原因,目前有让几乎所有AI都会越狱的bug,暂时不修😉
Discover new target domains using Content Security Policy
结合chrome-devtools-mcp的能力并加上Skill的规范,实现JSRPC+Flask+autoDecoder方案的前端JS逆向自动化分析,提升JS逆向的效率
面向小白用户的 CTF / 逆向 Skills 整合包:自动分流、头脑风暴、教学模式、比赛模式、只提示模式
Web application vulnerability scanner
一个基于网络空间搜索引擎的攻击面管理平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript
Black box fuzzer for web applications
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
The AI Agent for Cyber Security.
Awesome Object Capabilities and Capability Security
JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Advanced Client-Side Prototype Pollution Scanner
[ARCHIVED] Evolved into BugTraceAI v2 — github.com/BugTraceAI/BugTraceAI
:hammer: A multiple reverse shell session/client manager via terminal
👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.
Python library and CLI for the Bug Bounty Recon API
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Runs the default Google Lighthouse tests with additional security tests
Human and machine readable web vulnerability testing format