#Websecurity
Showing 52 of 52 repositories tagged #websecurity, ranked by stars
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
🐶 A curated list of Web Security materials and resources.
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Tool to scan for secret files on HTTP servers
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
CyberSecurityRSS: A collection of cybersecurity rss to make you better!
Useful Google Dorks for WebSecurity and Bug Bounty
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
网络安全学习资料,欢迎补充
An HTTP/HTTPS intercept proxy written in Go.
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Web漏洞演练平台
Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
A tool to test security of json web token
Cyber Security Notes, Methodology, Resources and Tips
Anonymous automation with fingerprint replacement technology.
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.
Some good resources for getting started with application security
This repository contains cheatsheets and payloads compiled from completing the labs at PortSwigger Academy.
Powerful Visual Subdomain Enumeration at the Click of a Mouse
Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Lucideus CyberGym is the internal CTF event we organise for our security professionals to grow and learn together. Now everyone can access the challenges that can be easily setup and start playing.
RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
This is the open sourced code for the extension, EndPointer
AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.
CLI tool for filtering URLs/IPs with automatically-updated Bug Bounty program scope rules.
HTTP client with built-in SSRF protection, compatible with Tesla and HTTPoison
:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
Exercises for (legacy) Computer Security course in the University of Oulu
A powerful WAF (HTTP 403/401) and URL parser bypass tool developed in Go, designed to preserve exact URL paths and structures during testing.
SQL Injection Payloads List.
This repository is about sharing knowledge of Hacking to Beginners and is dedicated to @i_amsphinx 365 days of Learning and the Tweets collection.
Collection of quirky behaviours of code and the CTF challenges that I made around them.
Every Hacker's Go to Fuzzing List. Introducing the Ultimate Fuzzing Directory: Your Go-To Resource for Penetration Testers and Bug Bounty Hunters! Unlock the power of comprehensive fuzzing with our meticulously curated Fuzzing Directory, a one-stop solution designed to streamline your penetration testing and bug bounty hunting endeavors.
A tech enumeration toolkit focused on 404 Not found pages.
OWASP Web Security Testing Guide (fa-IR)
URL / IP / Email defanging with Golang. Make IoC harmless.
SWS-Recon is a Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan.
🐶 A curated list of Web Security materials and resources. With repository stars⭐ and forks🍴
Common Errors,self-written scripts related to information security,CTF challenges,steganography,forensics,web,crypto or OSINT and more
Pointer is a Fast Simple Lightweight Tool for Endpoint Discovery.
Automate JS analysis on modern JS apps
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
自学时写的适合Java安全小白用来学习Java反序列化漏洞的文章和Demo。(随懒狗的学习进度持续更新🐶)。Some articles and demos written during self-study which are suitable for Java Security beginner to learn the Insecure Deserialization.
Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.
Master web security: OWASP Top 10, XSS, SQLi, CSRF, and secure coding practices. Includes labs, tools, and examples for secure web development.