Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with web-application-security

A curated list of projects in awesome lists tagged with web-application-security .

https://github.com/owtf/owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

framework kali-linux owasp owtf pentest python security web-application-security

Last synced: 11 Mar 2026

https://github.com/wallarm/gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security

Last synced: 14 May 2025

https://github.com/codingo/vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 08 Apr 2025

https://github.com/codingo/VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

bugbounty ctf-tools discovery-service hacking hacking-tool hackthebox offensive-security oscp penetration-test penetration-testing reverse-lookups scanner security security-audit security-tools vhost vhosts virtual-host virtual-hosts web-application-security

Last synced: 30 Mar 2025

https://github.com/janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 11 Jan 2026

https://github.com/Janusec/Application-Gateway

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 05 Apr 2025

https://github.com/Janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 30 Mar 2025

https://github.com/anon-exploiter/sitebroker

A cross-platform python based utility for information gathering and penetration testing automation!

cross-platform-python docker-image information-gathering penetration-automation penetration-testing python wapt web-application-security

Last synced: 02 Apr 2025

https://github.com/ImAyrix/fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

bug-bounty-hunters bugbounty penetration-testing pentest ssrf web-application-security web-security wordlist wordlist-generator xss

Last synced: 01 Mar 2026

https://github.com/gildasio/h2t

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

defense hardening headers http security web-application-security

Last synced: 14 Mar 2025

https://github.com/codingo/crithit

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

bugbounty enumeration hacking hacking-tool infosec offensive-security penetration-testing pentest-tools pentesting security security-audit security-tools security-vulnerability web-application-security

Last synced: 19 Jun 2025

https://github.com/tprynn/web-methodology

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

application-security appsec documentation security security-testing web web-application web-application-security

Last synced: 13 Feb 2026

https://github.com/teler-sh/teler-proxy

🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷

firewall intrusion-detection intrusion-prevention proxy-server reverse-proxy secure-by-default teler teler-proxy teler-waf tunnel-server waf web-application-firewall web-application-security

Last synced: 28 Oct 2025

https://github.com/vs4vijay/scanmaster

A security tool designed to perform thorough scans on a target using OpenVAS, Zap, and Nexpose. It seamlessly consolidates and integrates the scan results, providing a comprehensive overview of the security vulnerabilities identified.

application-security cli nexpose openvas openvas-cli openvas-reports owasp owasp-top owasp-zap security-audit security-scanner security-testing security-tools security-vulnerability web-application-security zap

Last synced: 29 Apr 2025

https://github.com/timokoessler/easy-waf

An easy-to-use Web Application Firewall (WAF) for Node.js. Can be used with Express, Fastify, NextJS, NuxtJS ... or plain Node.js http.

javascript mit-license nodejs security typescript waf web-application-firewall web-application-security

Last synced: 07 Apr 2025

https://github.com/bkimminich/webappsec-nutshell

An ultra-compact intro (or refresher) to Web Application Security.

application-security owasp security security-awareness training-materials web-application-security

Last synced: 04 Sep 2025

https://github.com/janusec/janusec-admin

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

application-gateway gateway-waf waf web-application-firewall web-application-security

Last synced: 29 Apr 2025

https://github.com/sergio11/eclipserecon

🌑 EclipseRecon is a personal project developed during my cybersecurity learning journey 🛡️. It helps practice web reconnaissance 🌐 by identifying subdomains 🧩, site structures 🧭, and vulnerabilities 🐞 in a controlled environment 🧪.

blue-team bug-bounty cybersecurity ethical-hacking information-gathering owasp penetration-testing reconnaissance red-team scan-tools security security-analysis security-reporting security-tools subdomain-scanner vulnerability vulnerability-scanner web-application-security web-crawler web-security

Last synced: 06 Sep 2025

https://github.com/ariary/domxssfinder

Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰

bug-bounty dom-xss pentest pentest-tool scanner security web-application-security web-application-security-scanner xss

Last synced: 26 Apr 2025

https://github.com/airlock/microgateway

Artifacts for Airlock Microgateway, a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.

airlock cilium ergon gateway-api istio k8s kubernetes kubernetes-operator microgateway openshift security waap waf web-application-security

Last synced: 13 May 2026

https://github.com/eliranmaman/elro-security-project

ELRO-Security is an advance & free WAF (Web Application Firewall), It is using to defend servers and especially websites around the internet. It is very easy to install and allow websites owner to add their own website via a web application interface which makes it accessible for almost everyone regardless of the level of codding.

firewalls security waf web web-application-firewall web-application-security web-application-security-scanner web-secure web-security webapplication webapplicationhacking

Last synced: 26 Apr 2025

https://github.com/imkkingshuk/stealthnewsql

StealthNewSQL : The Ultimate NewSQL Injection Tool - Your All-in-One Solution for NewSQL Database Security! 🛡️ Uncover, exploit, and secure NewSQL database vulnerabilities with this feature-packed command-line tool. Whether you're a penetration tester, security researcher, or developer, StealthNewSQL equips you with the ultimate power! 💥

advanced-sql-injection automated-exploitation-tool ci-cd-security-integration devsecops dns-exfiltration dynamic-payload-generation ethical-hacking-tools newsql newsql-hacking newsql-injection-tool penetration-testing penetration-testing-tools real-time-monitoring-for-security sql-injection stealthnewsql vulnerability-scanner waf-bypass waf-bypass-tool web-application-firewall-bypass web-application-security

Last synced: 06 Mar 2026

https://github.com/mhmdiaa/acumen

A clean UI with a modular structure to enhance security researchers' ability to work with data

penetration-testing penetration-testing-tools pentesting recon security security-tools user-interface visualization web-application-security

Last synced: 19 Apr 2025

https://github.com/imkkingshuk/stealthsql

StealthSQL: The Ultimate SQL Injection Tool - Dive into the shadows of web security with StealthSQL. Harness the power of StealthSQL to silently unveil vulnerabilities in SQL databases. Conduct stealthy SQL injections, expose misconfigurations, and empower your security journey. 🕵️‍♂️🔐

blind-sql-injection hacking-tool pentest-tool sql-injection sql-injection-attacks sql-injection-exploitation sql-injection-filterer sql-injection-payloads sql-injection-sqli sql-injection-tool sql-injection-vulnerability sql-injections sql-tools web-application-security

Last synced: 09 Sep 2025

https://github.com/rootshelll/webshell

Web Shell Detector is a PHP script designed to identify PHP, CGI (Perl), ASP/ASPX shells. It uses a "web shells" signature database to detect shells with up to 99% accuracy. The tool features a lightweight and user-friendly interface built with modern JavaScript and CSS technologies.

asp-shell backdoors cyber-security ethical-hacking hacking-tools jsp-shell open-source-tools penetration-testing php-shell security-research web-application-security web-shells webshell

Last synced: 12 May 2025

https://github.com/zbo14/sourcery

A CLI that starts a Chromium browser window and parses URLs, domains, and endpoints from response payloads

browser-automation cli endpoints puppeteer source-files urls web-application-security web-security

Last synced: 16 May 2025

https://github.com/garnetred/let-there-be-light

A Chrome extension to limit clickjacking by setting the opacity of all iframes to 1 by default.

appsec browser-extension chrome-extension clickjacking clickjacking-vulnerability css web-application-security

Last synced: 27 Feb 2026

https://github.com/imkkingshuk/stealthnosql

StealthNoSQL : The Ultimate NoSQL Injection Tool - Unleash the power of advanced NoSQL injection techniques with this comprehensive command-line tool! Whether you’re pentesting MongoDB, CouchDB, or any other NoSQL database, StealthNoSQL has you covered. 🚀💻

automated-nosql-testing couchdb-injection database-security ethical-hacking hacking-tools infosec injection-attacks mongodb-injection nosql nosql-exploits nosql-hacking-tool nosql-injection penetration-testing stealthnosql tor-integration vulnerability-scanner vulnerability-scanner-nosql web-application-security

Last synced: 18 Jul 2025

https://github.com/h0x0er/headlysis

A tool for checking security headers present in a website.

golang owasp secureheaders security-audit security-tools web-application-security

Last synced: 31 Mar 2025

https://github.com/uttambodara/Awesome-Hacking-Learning-Path

A comprehensive hacking learning path covering Pentesting, OSINT, Linux, Networking, Web Application Security, Cryptography, Exploitation, Reverse Engineering, Forensics, CVEs, and CTF challenges. Perfect for beginners and professionals to master ethical hacking, penetration testing, and cybersecurity step by step. 🚀

bug-bounty cryptography ctf cybersecurity-learning-path ethical-hacking hacking hackthebox linux metasploit networking osint penetration-testing privilege-escalation reverse-engineering tryhackme web-application-security

Last synced: 14 Apr 2026

https://github.com/imkkingshuk/miscors

MisCORS - Unleash CORS Misconfigurations Like a Digital Phantom! 🌐✨ Harness the power of MisCORS to silently unveil vulnerabilities in Cross-Origin Resource Sharing. Stealthily analyze web defenses, expose misconfigurations, and empower your security journey. 🕵️‍♂️🔓 Dive into the shadows of web security with MisCORS. #WebSecurity #CORSExposure

cors cors-hack cors-misconfiguration-scanner cors-misconfigurations cors-proxy cors-scanner cors-vulnerability cross-origin-resource-sharing ethical-hacking hacking-tools penetration-testing penetration-testing-tool vulnerability-scanner web-application-security web-security-tool

Last synced: 04 Mar 2026

https://github.com/eviltik/evilshot

Web Application (Security?) Monitoring Tool

web-application-monitoring web-application-security web-application-status

Last synced: 19 Oct 2025

https://github.com/lamcodeofpwnosec/it_infrastructure_security

IT Infrastructure Security Project aimed at analyzing and protecting against various attacks on servers, applications, and websites, we would need to combine several technologies and implement multiple layers of security.

it-infrastructure-managment it-infrastructure-optimization penetration-testing penetration-testing-tools vulnerability-detection web-application-firewall web-application-penetration-testing web-application-security web-application-server

Last synced: 13 Aug 2025

https://github.com/lucianoscarpaci/project-wp-vs-kali

🐉 Experience a detailed showcase of exploit discovery, analysis, reproduction, and documentation of five XSS vulnerabilities impacting an outdated WordPress version. 🔍💻📄

ethical-hacking exploit-exercises exploit-research outdated penetration-testing security-assessments security-best-practices threat-modeling web-application-security wordpress-security xss-vulnerability

Last synced: 11 Feb 2026

https://github.com/charliewu0788/local-wpctf

A lightweight local WordPress CTF reconnaissance framework for detecting attack surfaces including login endpoints, SQLi, XSS, and WordPress-specific misconfigurations.

attack-surface automation bug-bounty ctf cybersecurity ethical-hacking information-gathering penetration-testing python reconnaissance security-tools sql-injection vulnerability-scanners web-application-security web-security wordpress wordpress-security xss

Last synced: 15 Jun 2026

https://github.com/abdiel-moyano/cloud-devops-labs

A comprehensive collection of hands-on labs covering DevOps and cloud topics, from AWS and Kubernetes to CI/CD and Infrastructure as Code. Organized from basic to advanced levels, this repository is ideal for learning and improving skills in modern cloud and DevOps technologies.

automation aws ci-cd cloud-computing configuration-management containers devops http-https infrastructure-as-code istio kubernetes linux microservices python security service-mesh tcp-ip terraform web-application-security

Last synced: 05 Mar 2025

https://github.com/BalaElangovan/Web-App-Security-Automation-Tool

This repository hosts a powerful web app security automation tool developed in Python and Bash scripting. The tool automates essential tasks in web application security testing and reconnaissance, significantly reducing manual effort and time required for these critical processes.

automated-testing bugbounty penetration-testing reconnaissance web-application-security

Last synced: 10 Mar 2025

https://github.com/cipherkrish69x/security-headers-tool

Welcome to the Security Headers Tool, developed by Cipherkrish69x. This tool provides a set of scripts to analyze and check security headers in HTTP responses. It includes scripts to perform various security header checks and a web crawler to gather URLs for testing.

security security-headers-scanner securityheaders web-application-penetration-testing web-application-security

Last synced: 18 Jun 2025

https://github.com/fionn/web-security-labs

Portswigger web application security solutions

web-application-security

Last synced: 02 Mar 2025

https://github.com/rootshelll/mini-shell

Explore the dangers of the Mini Shell PHP script, a powerful web shell that allows unauthorized access to server files and commands. Learn about its functionalities, security implications, and essential recommendations for server administrators to protect against potential threats. Stay informed and secure your web environment.

cybersecurity-awareness file-manager-php-script mini-shell-php php-code-injection php-security-vulnerabilities php-web-shell-vulnerabilities server-administration-tips server-file-management unauthorized-server-access web-application-security web-shell-security

Last synced: 18 Oct 2025

https://github.com/gigachad80/checklist

The only bug hunting checklist you need with 13 comprehensive phases & 400+ specific test cases organized by category

bug-hunting bug-hunting-checklist bugbounty bugbountytips checklist checklists ethical-hacking pentesting readme reconnaissance web-application-security

Last synced: 12 Feb 2026

https://github.com/lucianoscarpaci/pen-testing-live-targets

Immerse yourself in a practical hacking exercise to gain valuable experience with prevalent security exploits. Explore six key vulnerabilities, including SQL injection, session hijacking, username enumeration, IDOR, XSS, and CSRF, for a comprehensive cybersecurity learning experience.

csrf-attacks cybersecurity ethical-hacking idor-attack penetration-testing practical-hacking-framework session-hijacking sqli-injection username-enumeration vulnerability-assessment web-application-security xss-attacks

Last synced: 28 Jan 2026

https://github.com/galihap76/web-app-idor

This repository is designed for IDOR vulnerabilities in a web application.

exploitation idor penetration-testing vulnerability web-application-security

Last synced: 26 Mar 2025