Trending repositories for topic web-security

serve as a reverse proxy to protect your web services from attacks and exploits.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A curated list of various bug bounty tools

A list of resources for those interested in getting started in bug bounties

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A list of web application security

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

serve as a reverse proxy to protect your web services from attacks and exploits.

A curated list of various bug bounty tools

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A list of web application security

A list of resources for those interested in getting started in bug bounties

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

serve as a reverse proxy to protect your web services from attacks and exploits.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A curated list of various bug bounty tools

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A list of resources for those interested in getting started in bug bounties

A list of web application security

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Source code for Hacker101.com - a free online web and mobile security class.

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

This repo contains a complete guidance for Frontend Interview Preparation.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

🎯 PHP / ASP - Shell Backdoor List 🎯

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

PDF Files for Pentesting

Web漏洞扫描工具XRAY的GUI启动器

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

This repo contains a complete guidance for Frontend Interview Preparation.

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

🛡️ Open-source and next-generation Web Application Firewall (WAF)

serve as a reverse proxy to protect your web services from attacks and exploits.

A curated list of various bug bounty tools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

🎯 PHP / ASP - Shell Backdoor List 🎯

A list of web application security

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

PDF Files for Pentesting

A list of resources for those interested in getting started in bug bounties

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Web漏洞扫描工具XRAY的GUI启动器

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Source code for Hacker101.com - a free online web and mobile security class.

serve as a reverse proxy to protect your web services from attacks and exploits.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A curated list of various bug bounty tools

A list of resources for those interested in getting started in bug bounties

A list of web application security

Source code for Hacker101.com - a free online web and mobile security class.

JNDIExploit or a ysoserial.

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

PDF Files for Pentesting

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

This repo contains a complete guidance for Frontend Interview Preparation.

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

🎯 PHP / ASP - Shell Backdoor List 🎯

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

serve as a reverse proxy to protect your web services from attacks and exploits.

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

🛡️ Open-source and next-generation Web Application Firewall (WAF)

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、奇安信防火墙

This repo contains a complete guidance for Frontend Interview Preparation.

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

PDF Files for Pentesting

An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security

Collection of mine and others presentations on various topics like application security, python, cloud security, DevSecOps and so on... These are free to use and publicly available slides. But, don't ...

A curated list of various bug bounty tools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

perhaps the best CORS middleware library for Go

👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities,...

Black box fuzzer for web applications

JNDIExploit or a ysoserial.

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、奇安信防火墙

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB

The Most Advanced Client-Side Prototype Pollution Scanner

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

perhaps the best CORS middleware library for Go

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

CLI tool for fetching URLs from Wayback Machine, Common Crawl, and VirusTotal.

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

serve as a reverse proxy to protect your web services from attacks and exploits.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A curated list of various bug bounty tools

JNDIExploit or a ysoserial.

A list of resources for those interested in getting started in bug bounties

A list of web application security

Source code for Hacker101.com - a free online web and mobile security class.

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Awesome Node.js Security resources

This repo contains a complete guidance for Frontend Interview Preparation.

PDF Files for Pentesting

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、奇安信防火墙

The Most Advanced Client-Side Prototype Pollution Scanner

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

JNDIExploit or a ysoserial.

This repo contains a complete guidance for Frontend Interview Preparation.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

🛡️ Open-source and next-generation Web Application Firewall (WAF)

Safeguard your online experience with Anti-Phishing Extension! This extension is meticulously developed to protect users from potential phishing attacks by actively scanning the websites visited in re...

serve as a reverse proxy to protect your web services from attacks and exploits.

Scripts for solving WebSecurity Academy labs of PortSwigger using Rust

PDF Files for Pentesting

Scripts for solving WebSecurity Academy labs of PortSwigger using Python

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.