Trending repositories for topic web-security
serve as a reverse proxy to protect your web services from attacks and exploits.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
A list of resources for those interested in getting started in bug bounties
A Huge Learning Resources with Labs For Offensive Security Players
Source code for Hacker101.com - a free online web and mobile security class.
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
🛡️ Open-source and next-generation Web Application Firewall (WAF)
serve as a reverse proxy to protect your web services from attacks and exploits.
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
A list of resources for those interested in getting started in bug bounties
Source code for Hacker101.com - a free online web and mobile security class.
A Huge Learning Resources with Labs For Offensive Security Players
serve as a reverse proxy to protect your web services from attacks and exploits.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
A list of resources for those interested in getting started in bug bounties
A Huge Learning Resources with Labs For Offensive Security Players
Source code for Hacker101.com - a free online web and mobile security class.
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
🛡️ Open-source and next-generation Web Application Firewall (WAF)
serve as a reverse proxy to protect your web services from attacks and exploits.
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
A list of resources for those interested in getting started in bug bounties
Source code for Hacker101.com - a free online web and mobile security class.
A Huge Learning Resources with Labs For Offensive Security Players
serve as a reverse proxy to protect your web services from attacks and exploits.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
A list of resources for those interested in getting started in bug bounties
Source code for Hacker101.com - a free online web and mobile security class.
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
This repo contains a complete guidance for Frontend Interview Preparation.
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
A command-line utility designed to help you discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interac...
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Scripts for solving WebSecurity Academy labs of PortSwigger using Python
An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security
This repo contains a complete guidance for Frontend Interview Preparation.
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities,...
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
serve as a reverse proxy to protect your web services from attacks and exploits.
A command-line utility designed to help you discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interac...
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁:RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断(无需设备配合)
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
serve as a reverse proxy to protect your web services from attacks and exploits.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
A list of resources for those interested in getting started in bug bounties
Source code for Hacker101.com - a free online web and mobile security class.
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
This repo contains a complete guidance for Frontend Interview Preparation.
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Scripts for solving WebSecurity Academy labs of PortSwigger using Python
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
This repo contains a complete guidance for Frontend Interview Preparation.
Scripts for solving WebSecurity Academy labs of PortSwigger using Rust
Safeguard your online experience with Anti-Phishing Extension! This extension is meticulously developed to protect users from potential phishing attacks by actively scanning the websites visited in re...
serve as a reverse proxy to protect your web services from attacks and exploits.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester cred...
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities,...
An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security