Projects in Awesome Lists tagged with web-security

https://github.com/mobsf/mobile-security-framework-mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 17 Dec 2024

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 27 Oct 2024

https://github.com/Hacker0x01/hacker101

Source code for Hacker101.com - a free online web and mobile security class.

clickjacking csrf education hacker101 hackerone hacking mobile-security security session-fixation sql-injection unchecked-redirects vulnerability web-security xss

Last synced: 25 Oct 2024

https://github.com/hacker0x01/hacker101

Source code for Hacker101.com - a free online web and mobile security class.

clickjacking csrf education hacker101 hackerone hacking mobile-security security session-fixation sql-injection unchecked-redirects vulnerability web-security xss

Last synced: 29 Nov 2024

https://github.com/chaitin/SafeLine

serve as a reverse proxy to protect your web services from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 29 Oct 2024

https://github.com/chaitin/safeline

serve as a reverse proxy to protect your web services from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 16 Dec 2024

https://github.com/nahamsec/resources-for-beginner-bug-bounty-hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 03 Dec 2024

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss

Last synced: 31 Oct 2024

https://github.com/bunkerity/bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)

antibot bunkerized-nginx cybersecurity devops devsecops dnsbl docker hardening hosting kubernetes letsencrypt modsecurity nginx reverse-proxy security security-tuning swarm waf web-application-firewall web-security

Last synced: 17 Dec 2024

https://github.com/palahsu/ddos-ripper

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

attack-defense attack-server ddos ddos-attack ddos-attack-tool ddos-attack-tools ddos-attacks ddos-protection ddos-ripper ddos-tool deface-website denial-of-service hacking-tool hacking-tools internet-traffic linux-tools protection security sql-injection web-security

Last synced: 18 Dec 2024

https://github.com/palahsu/DDoS-Ripper

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

attack-defense attack-server ddos ddos-attack ddos-attack-tool ddos-attack-tools ddos-attacks ddos-protection ddos-ripper ddos-tool deface-website denial-of-service hacking-tool hacking-tools internet-traffic linux-tools protection security sql-injection web-security

Last synced: 05 Nov 2024

https://github.com/0xsobky/hackvault

A container repository for my public web hacks!

exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss

Last synced: 21 Dec 2024

https://github.com/0xSobky/HackVault

A container repository for my public web hacks!

exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss

Last synced: 25 Oct 2024

https://github.com/qi4L/JYso

JNDIExploit or a ysoserial.

attack gadget java jndi jndi-injection ldap mem-shell middleware-echo rmi web-security ysoserial

Last synced: 05 Nov 2024

https://github.com/qi4l/jyso

JNDIExploit or a ysoserial.

attack gadget java jndi jndi-injection ldap mem-shell middleware-echo rmi web-security ysoserial

Last synced: 19 Dec 2024

https://github.com/wangyihang/githacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

git githack web-security

Last synced: 20 Dec 2024

https://github.com/lunasec-io/lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust

Last synced: 20 Dec 2024

https://github.com/WangYihang/GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

git githack web-security

Last synced: 31 Oct 2024

https://github.com/ge0rg3/requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security

Last synced: 20 Dec 2024

https://github.com/Ge0rg3/requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

apigateway aws bugbounty bypass hacktoberfest ip networking security security-tools web-security

Last synced: 07 Nov 2024

https://github.com/4ra1n/super-xray

Web漏洞扫描工具XRAY的GUI启动器

vulnerability-scanners web-security

Last synced: 21 Nov 2024

https://github.com/blst-security/cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity

Last synced: 17 Dec 2024

https://github.com/devanshbatham/favfreak

Making Favicon.ico based Recon Great again !

bugbounty bughunting hacking information-gathering osint recon reconnaissance web-security webappsec

Last synced: 17 Dec 2024

https://github.com/devanshbatham/FavFreak

Making Favicon.ico based Recon Great again !

bugbounty bughunting hacking information-gathering osint recon reconnaissance web-security webappsec

Last synced: 06 Nov 2024

https://github.com/chenjj/corscanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

cors cors-misconfigurations cors-policy cors-scanner python python3 vulnerability-scanners web-security

Last synced: 20 Dec 2024

https://github.com/chenjj/CORScanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

cors cors-misconfigurations cors-policy cors-scanner python python3 vulnerability-scanners web-security

Last synced: 08 Nov 2024

https://github.com/typeerror/secure

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

content-security-policy django fastapi flask headers headers-security http-headers python python-security referrer-policy secure-headers security security-headers strict-transport-security web-security

Last synced: 17 Dec 2024

https://github.com/pushsecurity/saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

offensive-security saas web-security

Last synced: 08 Nov 2024

https://github.com/TypeError/secure

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

content-security-policy django fastapi flask headers headers-security http-headers python python-security referrer-policy secure-headers security security-headers strict-transport-security web-security

Last synced: 29 Oct 2024

https://github.com/Zeyad-Azima/Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

api api-security cloud-security cybersecurity hack hacking infrastructure learning mobile mobile-security offensive offensive-security owasp owasp-top-10 red-team red-teaming redteam security web web-security

Last synced: 21 Nov 2024

https://github.com/backdoorhub/shell-backdoor-list

🎯 PHP / ASP - Shell Backdoor List 🎯

asp-backdoor asp-net b374k backdoor c99 hack hacking hackingcode kacak php php-backdoor r57 shell shell-backdoor web web-hacking web-security web-shell websecurity wso

Last synced: 17 Dec 2024

https://github.com/Lookyloo/lookyloo

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

capture dfir information-security lookyloo privacy scraping web-security

Last synced: 03 Nov 2024

https://github.com/incredibleindishell/SSRF_Vulnerable_Lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

attack exploitation hacking lab server-side-request-forgery ssrf web-security

Last synced: 10 Nov 2024

https://github.com/incredibleindishell/ssrf_vulnerable_lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

attack exploitation hacking lab server-side-request-forgery ssrf web-security

Last synced: 03 Nov 2024

https://github.com/turbo/openftp4

A list of all FTP servers in IPv4 that allow anonymous logins.

ftp web-security

Last synced: 15 Nov 2024

https://github.com/4ra1n/mysql-fake-server

MySQL Fake Server (纯Java实现，支持GUI版和命令行版，提供Dockerfile，支持多种常见JDBC利用)

fake-server jdbc mysql vulnerability web-security

Last synced: 05 Nov 2024

https://github.com/tempesta-tech/tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks

bots database ddos-protection high-performance http-accelerator http2 linux-kernel load-balancer security tls web-application-firewall web-performance web-security

Last synced: 21 Dec 2024

https://github.com/madneal/articles-translator

:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.

article codeql css javascript memory-management npm parcel pwa react security security-tools vue web web-security webpack

Last synced: 15 Dec 2024

https://github.com/harmoc/ctftools

Personal CTF Toolkit

ctf-tools hacking hacking-tool web-security

Last synced: 03 Nov 2024

https://github.com/trailofbits/twa

A tiny web auditor with strong opinions.

auditing hacktoberfest security web-security

Last synced: 14 Dec 2024

https://github.com/Harmoc/CTFTools

Personal CTF Toolkit

ctf-tools hacking hacking-tool web-security

Last synced: 25 Oct 2024

https://github.com/Tmpertor/Raven-Storm

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

attacks botnet ddos ddos-attack-tools ddos-attacks ddos-script ddos-tool denial-of-service dos mitm penetration-tests pentesting protection python security security-tools server stress-testing termux web-security

Last synced: 12 Nov 2024

https://github.com/cryin/javaid

java source code static code analysis and danger function identify prog

java-code-audit web-security

Last synced: 15 Dec 2024

https://github.com/hueristiq/xurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 21 Dec 2024

https://github.com/Cryin/JavaID

java source code static code analysis and danger function identify prog

java-code-audit web-security

Last synced: 25 Oct 2024

https://github.com/dmdhrumilmistry/pyhtools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

apihacking dmdhrumilmistry hacking hacking-tool hacking-tools hackingwithpython malware-development penetration-testing python python3 ransomware remoteaccess telegram-hack web-hac web-security

Last synced: 15 Dec 2024

https://github.com/splitline/How-to-Hack-Websites

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

ctf security web-security

Last synced: 03 Nov 2024

https://github.com/0x4D31/burpa

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

automation burp burpsuite devops python security security-automation security-scanner security-tools web-security

Last synced: 07 Nov 2024

https://github.com/enkomio/taipan

Web application vulnerability scanner

application-security hacking hacking-tool security security-audit security-automation security-scanner security-testing security-tools taipan web web-application web-sec-scanner web-security web-security-research

Last synced: 16 Nov 2024

https://github.com/enkomio/Taipan

Web application vulnerability scanner

application-security hacking hacking-tool security security-audit security-automation security-scanner security-testing security-tools taipan web web-application web-sec-scanner web-security web-security-research

Last synced: 03 Nov 2024

https://github.com/burpheart/koko-moni

一个基于网络空间搜索引擎的攻击面管理平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

blueteam easm fofa hunter infosec pentest-tool quake redteam security security-tools threatbook web-security zoomeye

Last synced: 21 Nov 2024

https://github.com/luigigubello/PayloadsAllThePDFs

PDF Files for Web Pentesting

pentesting web-pentest web-security

Last synced: 23 Nov 2024

https://github.com/Brum3ns/firefly

Black box fuzzer for web applications

black-box-testing blackbox bugbounty fuzz fuzzer fuzzing penetration-testing pentesting security-tools web-security

Last synced: 09 Nov 2024

https://github.com/Yavuzlar/VulnLab

web-security web-security-lab

Last synced: 10 Nov 2024

https://github.com/mazen160/jwt-pwn

Security Testing Scripts for JWT

jwt jwt-cracker jwt-pwn web-security

Last synced: 17 Dec 2024

https://github.com/Rizer0/Log-killer

Clear all your logs in [linux/windows] servers 🛡️

hacking logs security server-management web-security

Last synced: 06 Nov 2024

https://github.com/rizer0/log-killer

Clear all your logs in [linux/windows] servers 🛡️

hacking logs security server-management web-security

Last synced: 03 Nov 2024

https://github.com/chrispetrou/FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

directory-traversal directory-traversal-vulnerability enumeration exploitation file-include fuzzing hacking inclusion lfi lfi-shells lfi-vulnerability oscp owasp path-traversal penetration-testing pentesting rfi security security-tools web-security

Last synced: 03 Nov 2024

https://github.com/wangyihang/reverse-shell-manager

:hammer: A multiple reverse shell session/client manager via terminal

attack-defense command-and-control ctf exploit pentesting pty python reverse-shell socket web-security

Last synced: 20 Dec 2024

https://github.com/zhuyingda/veneno

security web-security xss

Last synced: 20 Dec 2024

https://github.com/WangYihang/Reverse-Shell-Manager

:hammer: A multiple reverse shell session/client manager via terminal

attack-defense command-and-control ctf exploit pentesting pty python reverse-shell socket web-security

Last synced: 21 Nov 2024

https://github.com/serain/bbrecon

Python library and CLI for the Bug Bounty Recon API

bug-bounty-recon bugbounty bugbountytips bugcrowd cybersecurity federacy hackenproof hackerone hacking osint recon security web-security yeswehack

Last synced: 21 Nov 2024

https://github.com/feross/cs253.stanford.edu

CS 253 Web Security course at Stanford University

javascript security stanford web web-security

Last synced: 19 Dec 2024

https://github.com/voorhoede/lighthouse-security

Runs the default Google Lighthouse tests with additional security tests

audit cli developer-tools lighthouse reporting security web-security

Last synced: 06 Nov 2024

https://github.com/codingo/Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

bitcoin blacklist blacklist-extension bugbounty burp-extensions burp-plugin burpsuite burpsuitepro coinhive coinhive-miners cryptocurrency cryptojacking hacking hacking-tool penetration-testing security-audit security-scanner security-tools web-application-hacking web-security

Last synced: 09 Nov 2024

https://github.com/codingo/minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

bitcoin blacklist blacklist-extension bugbounty burp-extensions burp-plugin burpsuite burpsuitepro coinhive coinhive-miners cryptocurrency cryptojacking hacking hacking-tool penetration-testing security-audit security-scanner security-tools web-application-hacking web-security

Last synced: 18 Dec 2024

https://github.com/yaph/domxssscanner

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

dom domxss online-tool scanner web-security xss-vulnerability

Last synced: 03 Nov 2024

https://github.com/telekom-security/explo

Human and machine readable web vulnerability testing format

automation pentesting security web-security

Last synced: 05 Nov 2024

https://github.com/hueristiq/web-hacking-toolkit

A web hacking toolkit (docker image).

bug-bounty bugbounty bugbounty-tool docker docker-image docker-images dockerhub hacker-tools hacking nmap osint penetration-testing pentesting recon reconnaissance web-hacking web-hacking-tool web-hacking-toolkit web-security

Last synced: 19 Dec 2024

https://github.com/AvalZ/WAF-A-MoLE

A guided mutation-based fuzzer for ML-based Web Application Firewalls

adversarial-machine-learning machine-learning web web-application-firewall web-security

Last synced: 21 Nov 2024

https://github.com/sec-report/secautoban

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、奇安信防火墙、旁路阻断（无需设备配合）

docker firewall hids sec security security-tools waf web-security

Last synced: 18 Dec 2024

https://github.com/sec-report/secreport

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

ai chatgpt collaboration collaborations docker openai pentest privacy rce report retest sec security security-tools sql-injection vulnerabilities web-security xss

Last synced: 17 Dec 2024

https://github.com/codedamn/roadmaps

Curriculum for full-stack learning path on codedamn. Become a full-stack web developer with relevant technologies of 2022

css graphql html javascript mongodb nodejs react rest web-security

Last synced: 08 Nov 2024

https://github.com/turbo/c4

Open IP cameras in IPv4

camera web-security

Last synced: 15 Nov 2024

https://github.com/sec-report/SecAutoBan

安全设备告警IP全自动封禁平台，支持百万IP秒级分析处理。

docker sec security security-tools web-security

Last synced: 10 Sep 2024

https://github.com/sec-report/SecReport

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

ai chatgpt collaboration collaborations docker openai pentest privacy rce report retest sec security security-tools sql-injection vulnerabilities web-security xss

Last synced: 10 Sep 2024

https://github.com/0xAwali/Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

blindssrf bugbounty nuclei nuclei-templates ssrf web-security

Last synced: 21 Nov 2024

https://github.com/purpleteam-labs/purpleteam

CLI component of OWASP PurpleTeam

application-security build-tool ci cli cloud-security devsecops devsecops-pipeline hacktoberfest purpleteam security-regression-testing security-testing web-security

Last synced: 02 Nov 2024

https://github.com/KajanM/DirBuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

bruteforce forced-browse fuzz owasp web-security

Last synced: 11 Nov 2024

https://github.com/4ra1n/poc-runner

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 可执行文件体积仅 2 MB

poc security vulnerability vulnerability-detection vulnerability-scanner web-security web-vulnerability-scanner

Last synced: 09 Nov 2024

https://github.com/yuvadm/viewstate

ASP.NET View State Decoder

asp-net dotnet hacktoberfest python python3 scraping security viewstate web-security

Last synced: 16 Dec 2024

https://github.com/hueristiq/xcrawl3r

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

bug-bounty bug-bounty-tools contentdiscovery crawler ethical-hacking ethical-hacking-tools go golang penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 17 Dec 2024

https://github.com/etherdream/https_hijack_demo

HTTPS Frontend Hijack

javascript mitm-attacks web-security

Last synced: 10 Nov 2024

https://github.com/EtherDream/https_hijack_demo

HTTPS Frontend Hijack

javascript mitm-attacks web-security

Last synced: 27 Oct 2024

https://github.com/etherdream/mitm-http-cache-poisoning

HTTP Cache Poisoning Demo

javascript mitm-attacks web-security

Last synced: 10 Nov 2024

https://github.com/JavierOlmedo/UltimateCMSWordlists

📚 An ultimate collection wordlists of the best-known CMS

cms cms-framework dictionary drupal fuzz fuzzing hacking joomla security web-security web-security-research wordlist wordpress

Last synced: 21 Nov 2024

https://github.com/javierolmedo/ultimatecmswordlists

📚 An ultimate collection wordlists of the best-known CMS

cms cms-framework dictionary drupal fuzz fuzzing hacking joomla security web-security web-security-research wordlist wordpress

Last synced: 16 Dec 2024

https://github.com/jub0bs/fcors

a principled CORS middleware library for Go... but consider using jub0bs/cors (its successor) instead

cors go golang http middleware server web-security

Last synced: 17 Dec 2024

https://github.com/edoardottt/pphack

The Most Advanced Client-Side Prototype Pollution Scanner

frontend-security hacking javascript-security offensive-security offensivesecurity prototype-pollution red-team redteam-tools redteaming scanner-web security security-tools web-scanner web-sec-scanner web-security web-security-audit web-security-research

Last synced: 27 Oct 2024

https://github.com/alokmenghrajani/alokmenghrajani.github.com

Alok Menghrajani's Blog

blog javascript marquee math puzzle random web-security

Last synced: 17 Dec 2024

https://github.com/pwnpad/pwnpad

🐳 VMs are bloat. Dockerise your VAPT environment

archlinux binary-exploitation capture-the-flag ctf ctf-tools hacking hacking-tools ocsp penetration-testing pentesting pentesting-tools pwnbox pwnpad web-security

Last synced: 21 Nov 2024

https://github.com/ronin-rb/ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

hacktoberfest lfi open-redirect pentest-tool pentesting rfi ronin-rb ruby security sql-injection sqli ssti vulnerability-detection vulnerability-scanners web-security xss