638 Open source projects that are alternatives of or similar to Janusec

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Source code for Hacker101.com - a free online web and mobile security class.

Top disclosed reports from HackerOne

Collection of quality safety articles. Awesome articles.

No description or website provided.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

No description or website provided.

In progress rough solutions to bWAPP / bee-box

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Expose local http-server (web-app) through IPNS

A high-performance API Gateway with middlewares, supporting HTTP and gRPC protocols.

Configurable API gateway that acts as a reverse proxy with a plugin system.

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

A Deliberately Insecure Web Application

reverse proxy implement in java

List of every possible vulnerabilities in computer security.

Audit tool to find common vulnerabilities in PHP source code

🖤 网络安全与渗透测试工具导航

Pomerium is an identity-aware access proxy.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

INFINI-GATEWAY(极限网关), a high performance and lightweight gateway written in golang, for elasticsearch and his friends.

Web Application Security Scanner Framework

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀， 具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发， 支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Lightweight In-App Web Application Firewall for PHP

Proactively protect your Node.js web services

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

XssPayload List . Usage:

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Implement GraphQL servers and gateways with Fastify

🛠 hiproxy is a lightweight proxy tool for Front-End developers based on Node.js that supports an NGINX-like configuration. 🔥

Azure IoT Edge

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.

Database firewall written in Go

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

The Cloud-Native API Gateway

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Advanced reconnaissance utility

☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Perform advanced MiTM attacks on websites with ease 💉

The missing reverse proxy for ssh scp

A curated list of resources for learning about application security

Reverse proxies cheatsheet

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 678776401

A modern layer 7 load balancer from baidu

A big list of Android Hackerone disclosed reports and other resources.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A list of resources for those interested in getting started in bug bounties

A Faster Lightweight Full-Stack PHP Framework 🚀

List of advanced XSS payloads

Powerfull XSS Scanning and Parameter analysis tool&gem

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.