#Websecurity

Showing 52 of 52 repositories tagged #websecurity, ranked by stars

chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
100
★ 21.7k ⑂ 1.4k +40/day
Go
qazbnm456
qazbnm456
awesome-web-security

🐶 A curated list of Web Security materials and resources.

Score
0
★ 13.6k ⑂ 1.8k +13/day
Python
greenpau
greenpau
caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

Score
100
★ 2.2k ⑂ 101 +3/day
Go
hannob
hannob
snallygaster

Tool to scan for secret files on HTTP servers

Score
96
★ 2.1k ⑂ 230
Python
HolyBugx
HolyBugx
HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Score
84
★ 2.0k ⑂ 335 +1/day
zer0yu
zer0yu
CyberSecurityRSS

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

Score
98
★ 1.9k ⑂ 249 +3/day
Python
Proviesec
Proviesec
google-dorks

Useful Google Dorks for WebSecurity and Bug Bounty

Score
89
★ 1.3k ⑂ 238
blst-security
blst-security
cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Score
82
★ 1.2k ⑂ 84
Rust
findneo
findneo
Newbie-Security-List

网络安全学习资料,欢迎补充

Score
93
★ 1.1k ⑂ 158 +4/day
rhaidiz
rhaidiz
broxy

An HTTP/HTTPS intercept proxy written in Go.

Score
80
★ 1.0k ⑂ 54
Go
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
0
★ 965 ⑂ 80 +4/day
Rust
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
91
★ 790 ⑂ 149 +4/day
YagamiiLight
YagamiiLight
Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Score
78
★ 647 ⑂ 129
Python
710leo
710leo
ZVulDrill

Web漏洞演练平台

Score
76
★ 479 ⑂ 197
CSS
flipkart-incubator
flipkart-incubator
RTA

Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.

Score
71
★ 416 ⑂ 121
Python
MindPatch
MindPatch
lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

Score
67
★ 297 ⑂ 45
Rust
DontPanicO
DontPanicO
jwtXploiter

A tool to test security of json web token

Score
64
★ 290 ⑂ 33
Python
h0tak88r
h0tak88r
Sec-88

Cyber Security Notes, Methodology, Resources and Tips

Score
87
★ 250 ⑂ 67 +1/day
bablosoft
bablosoft
browser-with-fingerprints

Anonymous automation with fingerprint replacement technology.

Score
0
★ 243 ⑂ 43
JavaScript
VainlyStrain
VainlyStrain
Vailyn

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Score
56
★ 200 ⑂ 24
Python
bhavesh-pardhi
bhavesh-pardhi
Wordlist-Hub

Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.

Score
49
★ 154 ⑂ 26
security-prince
security-prince
Resources-for-Application-Security

Some good resources for getting started with application security

Score
44
★ 149 ⑂ 22
ChrisM-X
ChrisM-X
PortSwigger-Academy-CheatSheets

This repository contains cheatsheets and payloads compiled from completing the labs at PortSwigger Academy.

Score
53
★ 140 ⑂ 54
Python
JannisKirschner
JannisKirschner
Horn3t

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Score
42
★ 138 ⑂ 26
Python
odino
odino
wasec

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

Score
47
★ 96 ⑂ 56
JavaScript
lucideus-repo
lucideus-repo
cybergym

Lucideus CyberGym is the internal CTF event we organise for our security professionals to grow and learn together. Now everyone can access the challenges that can be easily setup and start playing.

Score
38
★ 91 ⑂ 14
Java
zer0yu
zer0yu
RedTeam_CheetSheets

RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Score
40
★ 90 ⑂ 23 +1/day
gbiagomba
gbiagomba
Sherlock

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Score
73
★ 87 ⑂ 12
Shell
AtlasWiki
AtlasWiki
EndPointer

This is the open sourced code for the extension, EndPointer

Score
31
★ 79 ⑂ 10
TypeScript
alpernae
alpernae
AIHTTPAnalyzer

AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.

Score
0
★ 77 ⑂ 20 +1/day
Java
ItsIgnacioPortal
ItsIgnacioPortal
Hacker-Scoper

CLI tool for filtering URLs/IPs with automatically-updated Bug Bounty program scope rules.

Score
0
★ 76 ⑂ 9
Go
slab
slab
safeurl-elixir

HTTP client with built-in SSRF protection, compatible with Tesla and HTTPoison

Score
27
★ 72 ⑂ 2
Elixir
binarymist
binarymist
HolisticInfoSec-For-WebDevelopers-Fascicle0

:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:

Score
58
★ 50 ⑂ 13
rahulrajpl
rahulrajpl
netizenship

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Score
24
★ 49 ⑂ 12
Python
ouspg
ouspg
CompSec

Exercises for (legacy) Computer Security course in the University of Oulu

Score
60
★ 46 ⑂ 108
Python
slicingmelon
slicingmelon
gobypass403

A powerful WAF (HTTP 403/401) and URL parser bypass tool developed in Go, designed to preserve exact URL paths and structures during testing.

Score
69
★ 46 ⑂ 3
Go
Ninja-Yubaraj
Ninja-Yubaraj
SQL-Injection-Payloads-List

SQL Injection Payloads List.

Score
22
★ 43 ⑂ 9
pathakabhi24
pathakabhi24
Learn-Hacking-365-Days-

This repository is about sharing knowledge of Hacking to Beginners and is dedicated to @i_amsphinx 365 days of Learning and the Tweets collection.

Score
20
★ 33 ⑂ 9
shoebpate1
shoebpate1
Web-CTF-Challenges

Collection of quirky behaviours of code and the CTF challenges that I made around them.

Score
16
★ 27 ⑂ 5
Handlebars
0xelixer
0xelixer
Fuzzout

Every Hacker's Go to Fuzzing List. Introducing the Ultimate Fuzzing Directory: Your Go-To Resource for Penetration Testers and Bug Bounty Hunters! Unlock the power of comprehensive fuzzing with our meticulously curated Fuzzing Directory, a one-stop solution designed to streamline your penetration testing and bug bounty hunting endeavors.

Score
11
★ 27 ⑂ 4
Python
umair9747
umair9747
4oFour

A tech enumeration toolkit focused on 404 Not found pages.

Score
9
★ 27 ⑂ 3
Go
whoismh11
whoismh11
owasp-wstg-fa

OWASP Web Security Testing Guide (fa-IR)

Score
13
★ 26 ⑂ 5
edoardottt
edoardottt
defango

URL / IP / Email defanging with Golang. Make IoC harmless.

Score
18
★ 22 ⑂ 0
Go
ShobhitMishra-bot
ShobhitMishra-bot
SWS-Recon-Tool

SWS-Recon is a Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan.

Score
7
★ 21 ⑂ 4
Python
Correia-jpv
Correia-jpv
fucking-awesome-web-security

🐶 A curated list of Web Security materials and resources. With repository stars⭐ and forks🍴

Score
62
★ 21 ⑂ 3
Python
echobash
echobash
CTF-Toolkit

Common Errors,self-written scripts related to information security,CTF challenges,steganography,forensics,web,crypto or OSINT and more

Score
36
★ 14 ⑂ 10
JavaScript
imhego
imhego
pointer

Pointer is a Fast Simple Lightweight Tool for Endpoint Discovery.

Score
4
★ 14 ⑂ 1
Shell
shriyanss
shriyanss
js-recon

Automate JS analysis on modern JS apps

Score
51
★ 13 ⑂ 5
TypeScript
Rahulgarg2206
Rahulgarg2206
Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Score
0
★ 12 ⑂ 2
chenlvtang
chenlvtang
JavaUnserialization

自学时写的适合Java安全小白用来学习Java反序列化漏洞的文章和Demo。(随懒狗的学习进度持续更新🐶)。Some articles and demos written during self-study which are suitable for Java Security beginner to learn the Insecure Deserialization.

Score
0
★ 12 ⑂ 2
Java
aw-junaid
aw-junaid
golang-web-security

Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.

Score
29
★ 11 ⑂ 0
aw-junaid
aw-junaid
Web-Security

Master web security: OWASP Top 10, XSS, SQLi, CSRF, and secure coding practices. Includes labs, tools, and examples for secure web development.

Score
33
★ 11 ⑂ 1
Related Topics
#security#penetration-testing#cybersecurity#pentesting#bugbounty#hacking#security-tools#web-security#web#ctf#infosec#application-security

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly