Trending repositories for topic web-security

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

A curated list of various bug bounty tools

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Awesome Node.js Security resources

🛡️ Make your web services secure by default !

A list of resources for those interested in getting started in bug bounties

This repo contains a complete guidance for Frontend Interview Preparation.

It can be either a JNDIExploit or a ysoserial.

A list of web application security

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

The Most Advanced Client-Side Prototype Pollution Scanner

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

A Huge Learning Resources with Labs For Offensive Security Players

Making Favicon.ico based Recon Great again !

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

Source code for Hacker101.com - a free online web and mobile security class.

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

The Most Advanced Client-Side Prototype Pollution Scanner

This repo contains a complete guidance for Frontend Interview Preparation.

A curated list of various bug bounty tools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Awesome Node.js Security resources

It can be either a JNDIExploit or a ysoserial.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

🛡️ Make your web services secure by default !

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

A Huge Learning Resources with Labs For Offensive Security Players

Making Favicon.ico based Recon Great again !

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

A list of resources for those interested in getting started in bug bounties

A list of web application security

Source code for Hacker101.com - a free online web and mobile security class.

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

A curated list of various bug bounty tools

🛡️ Make your web services secure by default !

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A list of resources for those interested in getting started in bug bounties

Awesome Node.js Security resources

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

A list of web application security

It can be either a JNDIExploit or a ysoserial.

Source code for Hacker101.com - a free online web and mobile security class.

This repo contains a complete guidance for Frontend Interview Preparation.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

The Most Advanced Client-Side Prototype Pollution Scanner

A Huge Learning Resources with Labs For Offensive Security Players

DOM Clobbering Wiki, Browser Testing, and Payload Generation

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

No description

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

DOM Clobbering Wiki, Browser Testing, and Payload Generation

The Most Advanced Client-Side Prototype Pollution Scanner

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

This repo contains a complete guidance for Frontend Interview Preparation.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

📚 An ultimate collection wordlists of the best-known CMS

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

A curated list of various bug bounty tools

🛡️ Make your web services secure by default !

It can be either a JNDIExploit or a ysoserial.

Awesome Node.js Security resources

No description

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

A Huge Learning Resources with Labs For Offensive Security Players

Security Testing Scripts for JWT

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A curated list of various bug bounty tools

🛡️ Make your web services secure by default !

A list of resources for those interested in getting started in bug bounties

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

It can be either a JNDIExploit or a ysoserial.

Awesome Node.js Security resources

A list of web application security

The Most Advanced Client-Side Prototype Pollution Scanner

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

This repo contains a complete guidance for Frontend Interview Preparation.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Source code for Hacker101.com - a free online web and mobile security class.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Web漏洞扫描工具XRAY的GUI启动器

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Security Testing Scripts for JWT

The Most Advanced Client-Side Prototype Pollution Scanner

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

perhaps the best CORS middleware library for Go

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

This repo contains a complete guidance for Frontend Interview Preparation.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

DOM Clobbering Wiki, Browser Testing, and Payload Generation

A curated list of various bug bounty tools

It can be either a JNDIExploit or a ysoserial.

🛡️ Make your web services secure by default !

Security Testing Scripts for JWT

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Scripts for solving WebSecurity Academy labs of PortSwigger using Rust

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

No description

📚 An ultimate collection wordlists of the best-known CMS

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

This repo contains a complete guidance for Frontend Interview Preparation.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

The Most Advanced Client-Side Prototype Pollution Scanner

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

Scripts for solving WebSecurity Academy labs of PortSwigger using Python

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Scripts for solving WebSecurity Academy labs of PortSwigger using Rust

perhaps the best CORS middleware library for Go

Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

Safeguard your online experience with Anti-Phishing Extension! This extension is meticulously developed to protect users from potential phishing attacks by actively scanning the websites visited in re...

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

It can be either a JNDIExploit or a ysoserial.

A list of resources for those interested in getting started in bug bounties

A curated list of various bug bounty tools

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Source code for Hacker101.com - a free online web and mobile security class.

🛡️ Make your web services secure by default !

A list of web application security

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Awesome Node.js Security resources

Web漏洞扫描工具XRAY的GUI启动器

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

This repo contains a complete guidance for Frontend Interview Preparation.

A Huge Learning Resources with Labs For Offensive Security Players

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

The Most Advanced Client-Side Prototype Pollution Scanner

It can be either a JNDIExploit or a ysoserial.

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

Scripts for solving WebSecurity Academy labs of PortSwigger using Python

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it opera...

Scripts for solving WebSecurity Academy labs of PortSwigger using Rust

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

An experimental CORS middleware library for Go. Consider using jub0bs/cors (its successor) instead.

👾 𝘁𝗼𝗼𝗹𝘀 𝗳𝗼𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀: 𝗽𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴, 𝗖𝗧𝗙𝘀 & 𝘄𝗮𝗿𝗴𝗮𝗺𝗲𝘀

DOM Clobbering Wiki, Browser Testing, and Payload Generation

Black box fuzzer for web applications