Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with websecurity
A curated list of projects in awesome lists tagged with websecurity .
https://github.com/chaitin/SafeLine
serve as a reverse proxy to protect your web services from attacks and exploits.
api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss
Last synced: 29 Oct 2024
https://github.com/chaitin/safeline
serve as a reverse proxy to protect your web services from attacks and exploits.
api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss
Last synced: 16 Dec 2024
https://github.com/payloadbox/xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
bugbounty cross-site-scripting dom-based payload payloads reflected-xss-vulnerabilities self-xss websecurity website-vulnerability xss xss-attacks xss-detection xss-exploitation xss-injection xss-payload xss-payloads xss-poc xss-scanner xss-scanners xss-vulnerability
Last synced: 01 Dec 2024
https://github.com/payloadbox/sql-injection-payload-list
🎯 SQL Injection Payload List
attacker bugbounty hacking injection injection-attacks injection-payloads owasp-top-10 payload payloads security-research sql-inject sql-injection sql-injection-attack sql-injection-attacks sql-injection-exploitation sql-injection-filterer sql-injection-payloads sql-injection-proof sql-injections websecurity
Last synced: 03 Dec 2024
https://github.com/insightglacier/dictionary-of-pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi
Last synced: 15 Dec 2024
https://github.com/insightglacier/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi
Last synced: 21 Nov 2024
https://github.com/0Chencc/CTFCrackTools
China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
ctf ctf-tools framework java jython kotlin-java python websecurity
Last synced: 21 Nov 2024
https://github.com/0chencc/ctfcracktools
China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
ctf ctf-tools framework java jython kotlin-java python websecurity
Last synced: 21 Dec 2024
https://github.com/HolyBugx/HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups
Last synced: 21 Nov 2024
https://github.com/zer0yu/cybersecurityrss
CyberSecurityRSS: A collection of cybersecurity rss to make you better!
cyberspace-security knowledgebase redteam rss rss-subscription security websecurity
Last synced: 04 Dec 2024
https://github.com/zer0yu/CyberSecurityRSS
CyberSecurityRSS: A collection of cybersecurity rss to make you better!
cyberspace-security knowledgebase redteam rss rss-subscription security websecurity
Last synced: 21 Nov 2024
https://github.com/greenpau/caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
access-control acl auth authentication authorization caddy-plugin caddy2 jwt ldap oauth2 openid paseto paseto-tokens saml secdevops secops security sso webauthn websecurity
Last synced: 20 Dec 2024
https://github.com/blst-security/cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity
Last synced: 17 Dec 2024
https://github.com/payloadbox/xxe-injection-payload-list
🎯 XML External Entity (XXE) Injection Payload List
bug-bounty bugbounty cyber-security cybersecurity hacking information-security infosec payload payloads web-application-security websecurity websecurity-reference xml xml-entity xxe xxe-example xxe-injection xxe-payload xxe-payload-list xxe-payloads
Last synced: 04 Dec 2024
https://github.com/rhaidiz/broxy
An HTTP/HTTPS intercept proxy written in Go.
broxy go golang hacking http-interceptor http-proxy http-security interceptor penetration-testing penetration-testing-tools proxy qt-wrapper qt5-gui security wapt websecurity
Last synced: 18 Dec 2024
https://github.com/yeswehack/vulnerable-code-snippets
Twitter vulnerable snippets
bugbounty code code-analyze example-code owasp snippets vulnerable web-application websecurity worst-practices
Last synced: 06 Dec 2024
https://github.com/findneo/newbie-security-list
网络安全学习资料,欢迎补充
ctf greenhand resource-list security websecurity
Last synced: 03 Nov 2024
https://github.com/findneo/Newbie-Security-List
网络安全学习资料,欢迎补充
ctf greenhand resource-list security websecurity
Last synced: 25 Oct 2024
https://github.com/backdoorhub/shell-backdoor-list
🎯 PHP / ASP - Shell Backdoor List 🎯
asp-backdoor asp-net b374k backdoor c99 hack hacking hackingcode kacak php php-backdoor r57 shell shell-backdoor web web-hacking web-security web-shell websecurity wso
Last synced: 17 Dec 2024
https://github.com/YagamiiLight/Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
bypass hacking-tool middleware penetration-testing proxy python security-tools sql-injection ssrf waf websecurity xss
Last synced: 19 Nov 2024
https://github.com/security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss
Last synced: 08 Nov 2024
https://github.com/glebarez/cero
Scrape domain names from SSL certificates of arbitrary hosts
domain-names recon scrape ssl tls websecurity
Last synced: 09 Nov 2024
https://github.com/payloadbox/ssti-payloads
🎯 Server Side Template Injection Payloads
bounty bugbounty bugbountytips code code-security injection payload payloadbox payloads security security-audit server-side-template-injection source source-code-analysis ssti web websecurity
Last synced: 15 Nov 2024
https://github.com/payloadbox/rfi-lfi-payload-list
🎯 RFI/LFI Payload List
application-security appsec bug-bounty bugbounty lfi lfi-exploitation lfi-vulnerability payload payload-list payloads rfi rfi-exploiton rfi-vulnerabillity security security-research security-researcher security-researchers web-application-security web-hacking websecurity
Last synced: 15 Nov 2024
https://github.com/payloadbox/open-redirect-payload-list
🎯 Open Redirect Payload List
open-redirect openredirect payload payload-list payloads security websecurity
Last synced: 15 Nov 2024
https://github.com/flipkart-incubator/rta
Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
nessus python security security-tools websecurity
Last synced: 15 Dec 2024
https://github.com/wangyihang/sourceleakhacker
:bug: A multi threads web application source leak scanner
hacking-tool scanner webscanner websecurity
Last synced: 22 Dec 2024
https://github.com/WangYihang/SourceLeakHacker
:bug: A multi threads web application source leak scanner
hacking-tool scanner webscanner websecurity
Last synced: 11 Nov 2024
https://github.com/mindpatch/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity
Last synced: 16 Dec 2024
https://github.com/MindPatch/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity
Last synced: 03 Nov 2024
https://github.com/dontpanico/jwtxploiter
A tool to test security of json web token
ctf ctf-tools jku jsonwebtoken jwks jwt jwt-cracker jwt-exploit jwt-security penetration-testing penetration-testing-tools pentest pentest-tool pentesting pentesting-tools security security-tools websecurity x5u-injection
Last synced: 15 Dec 2024
https://github.com/DontPanicO/jwtXploiter
A tool to test security of json web token
ctf ctf-tools jku jsonwebtoken jwks jwt jwt-cracker jwt-exploit jwt-security penetration-testing penetration-testing-tools pentest pentest-tool pentesting pentesting-tools security security-tools websecurity x5u-injection
Last synced: 18 Nov 2024
https://github.com/xinali/articles
Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)
binary binary-security blogs websecurity
Last synced: 21 Nov 2024
https://github.com/VainlyStrain/Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
directory-traversal exploitation filter-evasion information-leak lfi lfi-exploitation lfi-shells local-file-inclusion path-traversal penetration-testing pentest-tool pentesting rce security takeover vulnerability-assessment vulnerability-detection vulnerability-scanners websec websecurity
Last synced: 21 Nov 2024
https://github.com/wossl33/wossl
OpenSSL对称算法、哈希校验、非对称算法、证书管理、SSL安全
flask-web openssl pyopenssl python ssl-certificate ssllabs websecurity
Last synced: 29 Oct 2024
https://github.com/payloadbox/csv-injection-payloads
🎯 CSV Injection Payloads
bug-bounty bugbounty bugbountytips code-security csv csv-exploit csv-injection csv-payload csv-payloads payload payloadbox payloads security websec websecurity
Last synced: 15 Nov 2024
https://github.com/janniskirschner/horn3t
Powerful Visual Subdomain Enumeration at the Click of a Mouse
enumeration penetration-testing pentesting security-audit security-tools selenium selenium-webdriver subdomain-bruteforcing subdomain-enumeration subdomain-scanner subdomain-takeover subdomainsbrute sublist3r websecurity
Last synced: 11 Oct 2024
https://github.com/cheshirecaat/browser-with-fingerprints
Anonymous automation with fingerprint replacement technology.
automation browser browser-fingerprint browser-fingerprinting chrome chromium detection-evasion device-fingerprint device-fingerprinting devtools fingerprint fingerprinting headless privacy privacy-protection security stealth stealth-mode web websecurity
Last synced: 17 Dec 2024
https://github.com/security-prince/resources-for-application-security
Some good resources for getting started with application security
application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference
Last synced: 18 Nov 2024
https://github.com/quarantyne/quarantyne
Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
account-takeover automation bots fraud security websecurity
Last synced: 26 Sep 2024
https://github.com/dubs3c/Injectus
CRLF and open redirect fuzzer
crlf-injection open-redirect-injection python scanner websecurity
Last synced: 03 Nov 2024
https://github.com/probely/security_checklist
Web Application Security Checklist
checklist prevention security vulnerability web websecurity
Last synced: 18 Nov 2024
https://github.com/odino/wasec
Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
book clickjacking csp security wasec websecurity xss
Last synced: 27 Oct 2024
https://github.com/zer0yu/RedTeam_CheetSheets
RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
Last synced: 21 Nov 2024
https://github.com/zer0yu/redteam_cheetsheets
RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
Last synced: 01 Dec 2024
https://github.com/veliovgroup/ostrio
▲ Web services for modern and legacy websites, web apps, e-commerce shops, social and corporate portals, and IoT devices. Made for top-notch experience with monitoring, security, web analytics, SEO, and DevOps in the cloud, virtual, and bare-metal environments
analytics crawlable gdpr monitoring prerender prerendering privacy-policy protection seo sms-notifications snmp spiderable web-analytics web-cron webcron websec websecurity
Last synced: 12 Nov 2024
https://github.com/rahulrajpl/netizenship
a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
cybersecurity information-gathering information-retrieval information-security infosec osint-python websec websecurity
Last synced: 13 Nov 2024
https://github.com/binarymist/holisticinfosec-for-webdevelopers-fascicle0
:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
agile book books devops devsecops hacking infosec people people-security people-test physical physical-security physical-test security security-audit security-review security-testing social-engineering threat-modeling websecurity
Last synced: 19 Nov 2024
https://github.com/ronin-rb/ronin-code-sql
A Ruby DSL for crafting SQL Injections
dsl infosec ronin-rb ruby sql sql-injections websecurity
Last synced: 20 Dec 2024
https://github.com/karthi-the-hacker/crlfi
CRLF Bug scanner for WebPentesters and Bugbounty Hunters
bugbounty bugbounty-tool bugbounty-tools crlf-injection crlf-injection-scanner webpentesting websecurity
Last synced: 10 Sep 2024
https://github.com/mrnazu/learn-365-days
Learn 365 Days Challenge
365daysofcode algorithms-and-data-structures articles bugbounty bugcrowd certfication coding cybersecurity hacking learn365 learn365days learning security web websecurity writeups
Last synced: 17 Nov 2024
https://github.com/imfht/websecurityscannerwhitepaper
收集网络上公开的漏洞扫描器的白皮书。
security-scanner websecurity whitepapers
Last synced: 18 Nov 2024
https://github.com/ariary/httpcustomhouse
HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets
bug-bounty burp cli http-client http-request-smuggling infosec learning pentest-tool request-smuggling security websecurity
Last synced: 11 Nov 2024
https://github.com/ItsIgnacioPortal/hacker-scoper
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity
Last synced: 21 Nov 2024
https://github.com/gdgd009xcd/AutoMacroBuilderForZAP
A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.
activescan addon authentication csrf multistep multistep-form security security-testing security-tools vulnerability-scanners web-security webcrawler websecurity zap-extension zaproxy
Last synced: 21 Nov 2024
https://github.com/umair9747/4ofour
A tech enumeration toolkit focused on 404 Not found pages.
bounty bug-bounty bugbounty cybersecurity cybersecurity-tools ethical-hacking infosec linux osint penetration-testing pentesting recon reconnaissance webappsecurity websec websecurity
Last synced: 08 Nov 2024
https://github.com/sqlsec/xssgame
test.xss.tv 的源码,自己删掉了后面失效的Flash XSS题目,替换了一些无聊的表情包
javascript pentesters websecurity xss
Last synced: 09 Nov 2024
https://github.com/edoardottt/defango
URL / IP / Email defanging with Golang. Make IoC harmless.
defang defanging defense defensive-security email-security go golang golang-module golang-package indicators-of-compromise ioc malware malware-analysis malware-protection malware-research phishing phishing-protection security web-security websecurity
Last synced: 28 Oct 2024
https://github.com/tkmru/nginx-alias-traversal-sample
Nginx alias traversal vulnerable environments for study
demo-app nginx vulnerability-environment websecurity
Last synced: 15 Oct 2024
https://github.com/spacewander/lua-resty-mime-sniff
Sniff the real MIME type of given data in your OpenResty app
openresty security websecurity
Last synced: 16 Oct 2024
https://github.com/foospidy/sigsci-power-rules
Rule packs for Signal Sciences power rules platform.
appsec powerrules rules signal-sciences signal-sciences-api signalsciences sigsci websec websecurity
Last synced: 07 Nov 2024
https://github.com/0xpugal/hacktheweb
Things to do while Hacking/Hunting in Web Applications
bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity
Last synced: 08 Nov 2024
https://github.com/0xrar/cve-2021-29447-poc
A proof of concept exploit for a wordpress 5.6 media library vulnerability
cve cve-2021-29447 exploit-development python3 websecurity wordpress
Last synced: 14 Dec 2024
https://github.com/ariary/cssrf
Ease CSS exfiltration
csrf css exfiltration pentest-tool websecurity
Last synced: 11 Nov 2024
https://github.com/mrnazu/2023-ctf
CTF challenges
api bugbounty ctf ctf-challenges ctf-solutions ctf-tools ctf-writeups hacking hackthebox-writeups rootme tryhackme tryhackme-writeups websecurity website
Last synced: 17 Nov 2024
https://github.com/jenkinsci/probely-security-plugin
Integrate our security scans with your Jenkins CI/CD pipeline
dast devsecops jenkins jenkins-plugin owasp owasp-top-10 pentesting scanner security security-scanner security-testing vulnerability vulnerability-scanner web-application websecurity
Last synced: 27 Sep 2024
https://github.com/tkmru/nginx-http-splitting-sample
Nginx HTTP response splitting vulnerable environments for study
demo-app nginx vulnerability-environment websecurity
Last synced: 06 Dec 2024
https://github.com/webship/websecurity
Most needed contributed modules and configurations to manage a secure website.
drupal security web websecurity
Last synced: 26 Nov 2024
https://github.com/wirzka/cipherhound
Cipherhound is an automated tool to check if SSL/TLS certificates are compliant with AgID last guidelines.
agid blueteam cybersecurity python ssl-certificates tls-certificate websecurity
Last synced: 29 Nov 2024
https://github.com/emrekybs/sonic
Web Headers Security Scanner
apache apache2 headers scanner scanner-web sql webscanner websecurity xss
Last synced: 18 Nov 2024
https://github.com/mop9/redactor
A UserScript that redacts predefined sensitive information on webpages, ensuring privacy by replacing specific text patterns with redacted strings. Easily customizable and optimized for performance and security.
anonymization greasemonkey privacy redaction tampermonkey userscript violentmonkey websecurity
Last synced: 30 Sep 2024
https://github.com/tkmru/client-side-template-injection-sample
Client-Side Template Injection Sample App with AngularJS
angularjs demo-app websecurity
Last synced: 06 Dec 2024
https://github.com/mrnazu/nazu-s-articles-in-english
Hello hackers and developers, I am samuel(nazu) from Ethiopia. Here we will see some IT stuff like web security, development etc. We will learn more from here.
bash-script bugbounty-writeups coding cybersecurity development hacking javascript linux programming python websecurity
Last synced: 17 Nov 2024
https://github.com/bjoern-hempel/bash-securizer
A tool to check the security of web applications.
bash dns email header security security-tools websecurity
Last synced: 07 Nov 2024
https://github.com/priyankasingh2907/laravelautherisation
This project showcases a comprehensive implementation of authorization and middleware in a Laravel application. The focus is on demonstrating how to manage user permissions and protect routes using Laravel’s built-in authorization features and custom middleware.
apisecurity authentication authorization backenddevelopment code developers fullstackdevelopment laravel laravelprojects middleware opensource php softwareengineering webapps webdevelopment websecurity
Last synced: 11 Nov 2024
https://github.com/egida-kassandra/egida-api-worker
EGIDA API Worker node
ansible api-rest egida harden hardening rest security websecurity
Last synced: 11 Nov 2024
https://github.com/emrekybs/web-auditchain
Automated script for advanced web security reconnaissance and enumeration, integrating popular tools to streamline the information gathering phase
bash bugbounty enumeration information-extraction information-gathering owasp reconnaissance websecurity
Last synced: 18 Nov 2024
https://github.com/pankaj0038/v-web
Vulnerable Web Application (yt: https://www.youtube.com/channel/UCXGKOGW3vbeTIyU8TWQ6vJw)
backend cybersecurity mern-stack vulnerability websecurity
Last synced: 29 Nov 2024
https://github.com/nagipragalathan/django_otp_login
This repository provides a Django example implementation of OTP (One-Time Password) login functionality. Users can receive an OTP via email and use it for authentication.
authentication django djangoprojects opensource otplogin programming python signup twofactorauthentication websecurity
Last synced: 18 Dec 2024
https://github.com/alerighi/web-ctf-introduction
These slides (in Italian) where used to give two introductory lesson in the course of Software Engineering at the University of Verona.
Last synced: 02 Dec 2024
https://github.com/ji-podhead/web-and-cloudsecurity
Attack Vectors, Tools, Monitoring&SIEM, Intrusion Detection
automatic-testing burpsuite cloudsecurity continous-monitoring ddos e2e intrusion-detection owasp-zap siem sql-injection-attacks websecurity
Last synced: 28 Nov 2024
https://github.com/ichbinbork/JS_lookup
Tool that helps javascript source code analysis processes
bugbounty codereview websecurity
Last synced: 23 Oct 2024
https://github.com/0xrar/overthewire-natas
Writeups for OverTheWire Natas (0-8) (Web Security Challenges)
ctf ctf-writeups web websecurity writeups
Last synced: 14 Dec 2024
https://github.com/ray8118/smarthomecontrolv3
IoT Smart Control App: A React-based Progressive Web App (PWA) that enables users to manage IoT devices through Firebase. It features user authentication, secure device control, providing a seamless and app-like experience. Built with React, Firebase, and React Router, this project showcases modern web development practice and PWA features.
esp32 firebase-auth firebase-realtime-database front-end-development iot-application javascript netlify-deployment pwa-app react responsive-design websecurity
Last synced: 22 Dec 2024
https://github.com/neospl0it/dorks
Google dork queries targeting URLs with potential vulnerabilities
bugbounty cybersecurity dork google-dorking google-dorking-payloads quries websecurity
Last synced: 17 Nov 2024
https://github.com/bnoufel/darkly
Find all security breach
42projects darkly security websecurity
Last synced: 21 Nov 2024
https://github.com/devmuhammadzaki/php-developer-roadmap
A step-by-step learning roadmap for aspiring PHP developers, covering PHP, Laravel, MySQL, RESTful APIs, front-end basics, and modern development tools and practices.
aws composer css docker html javascript laravel mysql oop php react vue websecurity
Last synced: 09 Nov 2024
