64 Open source projects that are alternatives of or similar to Awesome Ocap

Personal CTF Toolkit

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

A Router WiFi key recovery/cracking tool with a twist.

Web application vulnerability scanner

Modified Nuclei Templates Version to FUZZ Host Header

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

📚 An ultimate collection wordlists of the best-known CMS

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509

A list of all FTP servers in IPv4 that allow anonymous logins.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

HTTPS Frontend Hijack

java source code static code analysis and danger function identify prog

CS 253 Web Security course at Stanford University

Good resources about web security that I have read.

ASP.NET View State Decoder

A defense tool - detect web shells in local directories via md5sum

🛡️ Make your web services secure by default !

Deliberately vulnerable scripts for Web Security training

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Human and machine readable web vulnerability testing format

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

Fast CORS misconfiguration vulnerabilities scanner🍻

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

Nuclei Templates to reproduce Cracking the lens's Research

A curated list of various bug bounty tools

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Source code for Hacker101.com - a free online web and mobile security class.

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Awesome Node.js Security resources

A list of web application security

Security Testing Scripts for JWT

🎯 PHP / ASP - Shell Backdoor List 🎯

HTTP Cache Poisoning Demo

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Runs the default Google Lighthouse tests with additional security tests

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

A guided mutation-based fuzzer for ML-based Web Application Firewalls

A Deliberately Insecure Web Application

Open IP cameras in IPv4

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

A list of resources for those interested in getting started in bug bounties

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Python library and CLI for the Bug Bounty Recon API

guardrails.cs.virginia.edu

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Alok Menghrajani's Blog

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Making Favicon.ico based Recon Great again !

👨‍🏫 Mike's Web Security Course

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A container repository for my public web hacks!

A tiny web auditor with strong opinions.