Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-49.55%)
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (-89.36%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+1488.33%)
Collection DocumentCollection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+79.9%)
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (-88.72%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-65.37%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-95.07%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (-79.51%)
Awesome Nginx Security🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (-45.91%)
ipns-linkExpose local http-server (web-app) through IPNS
Stars: ✭ 18 (-97.67%)
gatewayA high-performance API Gateway with middlewares, supporting HTTP and gRPC protocols.
Stars: ✭ 520 (-32.56%)
Annon.apiConfigurable API gateway that acts as a reverse proxy with a plugin system.
Stars: ✭ 306 (-60.31%)
AutosqliAn automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
Stars: ✭ 222 (-71.21%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-95.85%)
Xproxyreverse proxy implement in java
Stars: ✭ 20 (-97.41%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-98.18%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-81.06%)
Secbox🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (-71.21%)
PomeriumPomerium is an identity-aware access proxy.
Stars: ✭ 2,860 (+270.95%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-92.74%)
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (-92.09%)
Infini GatewayINFINI-GATEWAY(极限网关), a high performance and lightweight gateway written in golang, for elasticsearch and his friends.
Stars: ✭ 272 (-64.72%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+281.58%)
Lamp Cloudlamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台,其中的可配置的SaaS功能尤其闪耀, 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块,支持多业务系统并行开发, 支持多服务并行开发,可以作为后端服务的开发脚手架。代码简洁,注释齐全,架构清晰,非常适合学习和企业作为基础框架使用。
Stars: ✭ 4,125 (+435.02%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-93.77%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-95.85%)
ProtectProactively protect your Node.js web services
Stars: ✭ 394 (-48.9%)
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (-17.38%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (-17.9%)
WafWin Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.
Stars: ✭ 539 (-30.09%)
BurpsuitehttpsmugglerA Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Stars: ✭ 529 (-31.39%)
MercuriusImplement GraphQL servers and gateways with Fastify
Stars: ✭ 704 (-8.69%)
Hiproxy🛠 hiproxy is a lightweight proxy tool for Front-End developers based on Node.js that supports an NGINX-like configuration. 🔥
Stars: ✭ 629 (-18.42%)
Product ApimWelcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
Stars: ✭ 508 (-34.11%)
DbshieldDatabase firewall written in Go
Stars: ✭ 620 (-19.58%)
0d1nTool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Stars: ✭ 506 (-34.37%)
ApisixThe Cloud-Native API Gateway
Stars: ✭ 7,920 (+927.24%)
Zeus ScannerAdvanced reconnaissance utility
Stars: ✭ 706 (-8.43%)
Latte☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
Stars: ✭ 616 (-20.1%)
AwsA collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (-36.06%)
Csp BuilderBuild Content-Security-Policy headers from a JSON file (or build them programmatically)
Stars: ✭ 496 (-35.67%)
InjectifyPerform advanced MiTM attacks on websites with ease 💉
Stars: ✭ 612 (-20.62%)
SshpiperThe missing reverse proxy for ssh scp
Stars: ✭ 489 (-36.58%)
Awesome AppsecA curated list of resources for learning about application security
Stars: ✭ 4,761 (+517.51%)
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (-21.4%)
Lanproxylanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...)。技术交流QQ群 678776401
Stars: ✭ 4,784 (+520.49%)
BfeA modern layer 7 load balancer from baidu
Stars: ✭ 5,185 (+572.5%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+713.23%)
Easy PhpA Faster Lightweight Full-Stack PHP Framework 🚀
Stars: ✭ 754 (-2.2%)
Xss PayloadsList of advanced XSS payloads
Stars: ✭ 696 (-9.73%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-24.38%)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Stars: ✭ 464 (-39.82%)