64 Open source projects that are alternatives of or similar to Https_hijack_demo

guardrails.cs.virginia.edu

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

🎯 PHP / ASP - Shell Backdoor List 🎯

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Nuclei Templates to reproduce Cracking the lens's Research

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A Deliberately Insecure Web Application

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

A list of resources for those interested in getting started in bug bounties

Alok Menghrajani's Blog

A list of web application security

ScanT3r - Web Security Scanner

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

👨‍🏫 Mike's Web Security Course

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

🛡️ Make your web services secure by default !

Making Favicon.ico based Recon Great again !

CS 253 Web Security course at Stanford University

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Deliberately vulnerable scripts for Web Security training

Open IP cameras in IPv4

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Web application vulnerability scanner

Modified Nuclei Templates Version to FUZZ Host Header

ASP.NET View State Decoder

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

java source code static code analysis and danger function identify prog

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

A list of all FTP servers in IPv4 that allow anonymous logins.

Clear all your logs in [linux/windows] servers 🛡️

Personal CTF Toolkit

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Awesome Object Capabilities and Capability Security

Good resources about web security that I have read.

Runs the default Google Lighthouse tests with additional security tests

Fast CORS misconfiguration vulnerabilities scanner🍻

Security Testing Scripts for JWT

📚 An ultimate collection wordlists of the best-known CMS

Python library and CLI for the Bug Bounty Recon API

A Router WiFi key recovery/cracking tool with a twist.

Source code for Hacker101.com - a free online web and mobile security class.

A defense tool - detect web shells in local directories via md5sum

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

A tiny web auditor with strong opinions.

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

Awesome Node.js Security resources

HTTP Cache Poisoning Demo

A guided mutation-based fuzzer for ML-based Web Application Firewalls

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall