Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with websecurity

A curated list of projects in awesome lists tagged with websecurity .

https://github.com/chaitin/safeline

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 14 May 2025

https://github.com/chaitin/SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 25 Mar 2025

https://github.com/insightglacier/Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 11 Jul 2025

https://github.com/insightglacier/dictionary-of-pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 05 Apr 2025

https://github.com/0chencc/ctfcracktools

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

ctf ctf-tools framework java jython kotlin-java python websecurity

Last synced: 06 Feb 2026

https://github.com/0Chencc/CTFCrackTools

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

ctf ctf-tools framework java jython kotlin-java python websecurity

Last synced: 11 Jul 2025

https://github.com/HolyBugx/HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups

Last synced: 11 Jul 2025

https://github.com/zer0yu/cybersecurityrss

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

cyberspace-security knowledgebase redteam rss rss-subscription security websecurity

Last synced: 24 Jan 2026

https://github.com/zer0yu/CyberSecurityRSS

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

cyberspace-security knowledgebase redteam rss rss-subscription security websecurity

Last synced: 11 Jul 2025

https://github.com/greenpau/caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

access-control acl auth authentication authorization caddy-plugin caddy2 jwt ldap oauth2 openid paseto paseto-tokens saml secdevops secops security sso webauthn websecurity

Last synced: 14 May 2025

https://github.com/blst-security/cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity

Last synced: 10 Apr 2025

https://github.com/findneo/Newbie-Security-List

网络安全学习资料,欢迎补充

ctf greenhand resource-list security websecurity

Last synced: 13 Mar 2025

https://github.com/findneo/newbie-security-list

网络安全学习资料,欢迎补充

ctf greenhand resource-list security websecurity

Last synced: 02 Apr 2025

https://github.com/security-prince/Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss

Last synced: 17 Apr 2025

https://github.com/YagamiiLight/Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

bypass hacking-tool middleware penetration-testing proxy python security-tools sql-injection ssrf waf websecurity xss

Last synced: 15 May 2025

https://github.com/glebarez/cero

Scrape domain names from SSL certificates of arbitrary hosts

domain-names recon scrape ssl tls websecurity

Last synced: 12 Apr 2025

https://github.com/710leo/ZVulDrill

Web漏洞演练平台

security websecurity

Last synced: 02 May 2025

https://github.com/710leo/zvuldrill

Web漏洞演练平台

security websecurity

Last synced: 05 Apr 2025

https://github.com/flipkart-incubator/rta

Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.

nessus python security security-tools websecurity

Last synced: 05 Apr 2025

https://github.com/wangyihang/sourceleakhacker

:bug: A multi threads web application source leak scanner

hacking-tool scanner webscanner websecurity

Last synced: 05 Apr 2025

https://github.com/WangYihang/SourceLeakHacker

:bug: A multi threads web application source leak scanner

hacking-tool scanner webscanner websecurity

Last synced: 30 Apr 2025

https://github.com/sqlsec/ssrf-vuls

国光的手把手带你用 SSRF 打穿内网靶场源码

ssrf vulhub websecurity

Last synced: 07 Apr 2025

https://github.com/mindpatch/lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity

Last synced: 06 Apr 2025

https://github.com/MindPatch/lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity

Last synced: 02 Apr 2025

https://github.com/xinali/articles

Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)

binary binary-security blogs websecurity

Last synced: 11 Jul 2025

https://github.com/wossl33/wossl

OpenSSL对称算法、哈希校验、非对称算法、证书管理、SSL安全

flask-web openssl pyopenssl python ssl-certificate ssllabs websecurity

Last synced: 26 Mar 2025

https://github.com/Probely/security_checklist

Web Application Security Checklist

checklist prevention security vulnerability web websecurity

Last synced: 20 Sep 2025

https://github.com/quarantyne/quarantyne

Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

account-takeover automation bots fraud security websecurity

Last synced: 27 Sep 2025

https://github.com/doyensec/csptplayground

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

appsec-testing cspt csrf websec websecurity

Last synced: 14 Jun 2025

https://github.com/probely/security_checklist

Web Application Security Checklist

checklist prevention security vulnerability web websecurity

Last synced: 13 May 2025

https://github.com/odino/wasec

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

book clickjacking csp security wasec websecurity xss

Last synced: 16 Mar 2025

https://github.com/zer0yu/redteam_cheetsheets

RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

hacking redteam websecurity

Last synced: 10 Apr 2025

https://github.com/zer0yu/RedTeam_CheetSheets

RedTeam参考,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

hacking redteam websecurity

Last synced: 11 Jul 2025

https://github.com/veliovgroup/ostrio

▲ SEO Middleware • Web Analytics • Web CRON • WebSec • HTTP & SNMP Monitoring • ostr.io is a unified web-services platform

analytics ccpa down-detector gdpr monitoring prerendering privacy-policy seo sms-notifications snmp web-analytics web-cron webcron websec websecurity

Last synced: 07 Feb 2026

https://github.com/rahulrajpl/netizenship

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

cybersecurity information-gathering information-retrieval information-security infosec osint-python websec websecurity

Last synced: 14 Jan 2026

https://github.com/ronin-rb/ronin-code-sql

A Ruby DSL for crafting SQL Injections

dsl infosec ronin-rb ruby sql sql-injections websecurity

Last synced: 07 Apr 2025

https://github.com/ariary/httpcustomhouse

HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets

bug-bounty burp cli http-client http-request-smuggling infosec learning pentest-tool request-smuggling security websecurity

Last synced: 26 Apr 2025

https://github.com/imfht/websecurityscannerwhitepaper

收集网络上公开的漏洞扫描器的白皮书。

security-scanner websecurity whitepapers

Last synced: 13 May 2025

https://github.com/itsignacioportal/hacker-scoper

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity

Last synced: 03 Sep 2025

https://github.com/ItsIgnacioPortal/hacker-scoper

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.

bugbounty bugcrowd enumeration filter go golang hackerone infosec pentesting recon scopes security security-tools websec websecurity

Last synced: 11 Jul 2025

https://github.com/gdgd009xcd/RequestRecorder

A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.

activescan addon authentication csrf multistep multistep-form security security-testing security-tools vulnerability-scanners web-security webcrawler websecurity zap-extension zaproxy

Last synced: 31 Oct 2025

https://github.com/sqlsec/xssgame

test.xss.tv 的源码,自己删掉了后面失效的Flash XSS题目,替换了一些无聊的表情包

javascript pentesters websecurity xss

Last synced: 22 Apr 2025

https://github.com/tkmru/nginx-alias-traversal-sample

Nginx alias traversal vulnerable environments for study

demo-app nginx vulnerability-environment websecurity

Last synced: 14 Apr 2025

https://github.com/dheerajjha451/websitethreatscan

A web tool to scan websites for common vulnerabilities like SQL Injection, CSRF protection checks, Cookie security configurations, and other sensitive information exposure.

collaborate cybersecurity hacking hackingtool nextjs python python3 security security-tools tailwindcss threatscanning websecurity website

Last synced: 14 Sep 2025

https://github.com/spacewander/lua-resty-mime-sniff

Sniff the real MIME type of given data in your OpenResty app

openresty security websecurity

Last synced: 15 Apr 2025

https://github.com/ganggreentempertatum/stickyburp

A Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.

api-hacking burpsuite burpsuite-extension hacking hacking-apis hacking-tool web-security-research websecurity

Last synced: 10 Apr 2025

https://github.com/rodnt/portswiggerlabs

Solutions from @PortSwigger labs

infosec portswigger portswigger-labs security websecurity

Last synced: 25 Jul 2025

https://github.com/ryru/hackingexposed

Kurs Hacking Exposed an Juventus Technikerschule HF

education hacking security websecurity

Last synced: 28 Apr 2025

https://github.com/ronin-rb/ronin-web-spider

A collection of common web spidering routines

crawler infosec recon ruby scraper spider utils web websecurity

Last synced: 01 Aug 2025

https://github.com/ariary/cssrf

Ease CSS exfiltration

csrf css exfiltration pentest-tool websecurity

Last synced: 26 Apr 2025

https://github.com/0xpugal/hacktheweb

Things to do while Hacking/Hunting in Web Applications

bugbounty bugbountytips hack recon subdomain-enumeration vulnerability web webappsec websecurity

Last synced: 25 Oct 2025

https://github.com/aw-junaid/golang-web-security

Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.

golang penetration-testing security websecurity

Last synced: 14 Apr 2025

https://github.com/aw-junaid/web-security

Master web security: OWASP Top 10, XSS, SQLi, CSRF, and secure coding practices. Includes labs, tools, and examples for secure web development.

csrf hacking hacking-tool owasp penetration-testing websecurity xss xss-exploitation xss-vulnerability

Last synced: 30 Oct 2025

https://github.com/neospl0it/dorks

Google dork queries targeting URLs with potential vulnerabilities

bugbounty cybersecurity dork google-dorking google-dorking-payloads quries websecurity

Last synced: 01 Feb 2026

https://github.com/0xrar/cve-2021-29447-poc

A proof of concept exploit for a wordpress 5.6 media library vulnerability

cve cve-2021-29447 exploit-development python3 websecurity wordpress

Last synced: 13 Aug 2025

https://github.com/devmuhammadzaki/php-developer-roadmap

A step-by-step learning roadmap for aspiring PHP developers, covering PHP, Laravel, MySQL, RESTful APIs, front-end basics, and modern development tools and practices.

aws composer css docker html javascript laravel mysql oop php react vue websecurity

Last synced: 11 Aug 2025

https://github.com/webship/websecurity

Most needed contributed modules and configurations to manage a secure website.

drupal security web websecurity

Last synced: 26 Aug 2025

https://github.com/tkmru/nginx-http-splitting-sample

Nginx HTTP response splitting vulnerable environments for study

demo-app nginx vulnerability-environment websecurity

Last synced: 01 Aug 2025

https://github.com/wirzka/cipherhound

Cipherhound is an automated tool to check if SSL/TLS certificates are compliant with AgID last guidelines.

agid blueteam cybersecurity python ssl-certificates tls-certificate websecurity

Last synced: 07 Sep 2025

https://github.com/fabian-hk/dnssec_scanner

DNSSEC scanner with detail error messages.

dnspython dnssec dnssec-scanner python37 websecurity

Last synced: 25 Oct 2025

https://github.com/destan0098/basicauthbruteforce

This App BruteForce Basic Auth Pages , Just For Education

brute-force brute-force-attacks bruteforce security websecurity

Last synced: 09 Nov 2025

https://github.com/seven1an/wafreport

绿盟WEB应用防护系统WAF的辅助工具,对Web安全日志模块自动采集,并加入企业微信机器人自动发送告警信息

automation golang nsfocus security-tool waf websecurity

Last synced: 18 Oct 2025

https://github.com/tkmru/client-side-template-injection-sample

Client-Side Template Injection Sample App with AngularJS

angularjs demo-app websecurity

Last synced: 01 Aug 2025

https://github.com/priyankasingh2907/laravelautherisation

This project showcases a comprehensive implementation of authorization and middleware in a Laravel application. The focus is on demonstrating how to manage user permissions and protect routes using Laravel’s built-in authorization features and custom middleware.

apisecurity authentication authorization backenddevelopment code developers fullstackdevelopment laravel laravelprojects middleware opensource php softwareengineering webapps webdevelopment websecurity

Last synced: 26 Feb 2025

https://github.com/denispythoneer/bruteforcessh

Инструмент для брутфорса SSH-соединений методом перебора паролей 🔓

bash linux python security security-tools ssh websecurity

Last synced: 02 Jul 2025

https://github.com/ctkqiang/dirleaks

dirleaks 是一款轻量级、高效的敏感路径扫描工具,专为 渗透测试人员、红队、安全研究员 设计。 它能够快速识别目标站点中常见的敏感文件、配置文件、备份文件和目录泄露问题,帮助安全从业者在信息收集阶段迅速发现潜在的攻击面。 本项目基于 C 语言 + libcurl 实现,保证了跨平台兼容性与性能,提供交互式终端菜单,简单易用,适合从个人测试到团队批量渗透任务。

c china chinese clang ctkqiang curl cybersecurity dirleaks hackertools redteam scanner websecurity

Last synced: 17 Sep 2025

https://github.com/bjoern-hempel/bash-securizer

A tool to check the security of web applications.

bash dns email header security security-tools websecurity

Last synced: 30 Jul 2025

https://github.com/nabilmouzouna/exp-v0

This website demonstrates SQL injection vulnerabilities by simulating weak database security and minimal input validation. It shows how attackers can exploit these flaws, underscoring the need for secure coding practices.

pentesting security sqlinjection vunerability websecurity

Last synced: 05 Feb 2026

https://github.com/hackfutsec/zonespy

ZoneSpy is a Python script for scraping Zone-H archives, checking notifiers and associated URLs, supporting bulk operations and session management.

bulk-data cyber-threat-intelligence cybersecurity defacement ethical-hacking hacking python python-webscraping security web webscraping webscraping-data webscrapping websecurity zone-h

Last synced: 02 Mar 2025

https://github.com/kshitijkota/portwine

CTF challenge involving Flask web applications running on multiple ports, requiring network scanning and exploitation to retrieve hidden flags.

brainfuck ctf cyberse encryption flask network-security nmap penetration-testing vulnerability-exploitation websecurity

Last synced: 18 Aug 2025

https://github.com/z3robyte/cswsh-lab

Laboratorio para aprender y explotar la vulnerabilidad Cross-Site WebSocket Hijacking

cybersecurity hacking nodejs websecurity websocket

Last synced: 02 Sep 2025

https://github.com/0xrar/overthewire-natas

Writeups for OverTheWire Natas (0-8) (Web Security Challenges)

ctf ctf-writeups web websecurity writeups

Last synced: 14 Oct 2025

https://github.com/letchupkt/webraptor

WebRaptor is a powerful terminal-based shell CLI for automated web penetration testing, designed to simplify and streamline common web security assessments.

bughunt cyber cyber-security cybersecurity lakshmikanthan lakshmikanthank letchu letchu-pkt letchupkt python vulnerability-scanners webraptor webrecon websecurity

Last synced: 12 Aug 2025

https://github.com/emrekybs/web-auditchain

Automated script for advanced web security reconnaissance and enumeration, integrating popular tools to streamline the information gathering phase

bash bugbounty enumeration information-extraction information-gathering owasp reconnaissance websecurity

Last synced: 26 Jul 2025