1650 Open source projects that are alternatives of or similar to Gowapt

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

WAScan - Web Application Scanner

Quick SQLMap Tamper Suggester

🖤 网络安全与渗透测试工具导航

🎯 Command Injection Payload List

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Use SQL on various data sources

pentest framework

Source code for Hacker101.com - a free online web and mobile security class.

hacker, ready for more of our story ! 🚀

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Powerful dork searcher and vulnerability scanner for windows platform

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

An extremely fast and flexible web fuzzer

Powerfull XSS Scanning and Parameter analysis tool&gem

This repository contains payload to test NoSQL Injections

Small tool to package javascript into a valid image file.

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Getting started with java code auditing 代码审计入门的小项目

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Audit tool to find common vulnerabilities in PHP source code

A wiki focusing on aggregating and documenting various SQL injection methods

🎉 Bring SQL console to Slack

hack tools

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Extraction of iMessage Data via XSS

A vulnerability scanner for container images and filesystems

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

XSS in pastebin.com and reddit.com via unsanitized markdown output

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

Web path scanner

🔪Browser logic vulnerabilities ☠️

Find files with SQL-like queries

SQL Injection Payload List

A few SQL and XSS attack tools

Concuerror is a stateless model checking tool for Erlang programs.

A collection of datasets that pair questions with SQL queries.

Catch bad SQL queries before they cause problems in production

JSqlParser parses an SQL statement and translate it into a hierarchy of Java classes. The generated hierarchy can be navigated using the Visitor Pattern

Motionia is a lightweight simplified on demand animation library!

easily create postgresql extensions in golang; moved to gitlab.com/microo8/plgo

Business intelligence made simple

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Lightweight, simple structured NoSQL database for Android

SQL Query AST and Visitor for Rust

Tool to generate smart and powerful wordlists

An interpreted relational query language that compiles to SQL.

Open source billing and invoicing

A validating SQL lexer and parser with a focus on MySQL dialect.

Git repository summary on your terminal

Transform svg files to json notation

swiss-army knife for data

SQL de todos os Países e Nações (c/ Código do Portal do Comércio Exterior ou BACEN) + Estados e Federações Brasileiras (c/ DDD e Código do IBGE) + Cidades e Municípios Brasileiros (c/ Código do IBGE), incluindo as 31 regiões administrativas do DF, Ilhas e Áreas Remotas do Mundo.

TINU, the open tool to create bootable macOS installers

requery - modern SQL based query & persistence for Java / Kotlin / Android