64 Open source projects that are alternatives of or similar to Javaid

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Nuclei Templates to reproduce Cracking the lens's Research

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A list of all FTP servers in IPv4 that allow anonymous logins.

guardrails.cs.virginia.edu

A container repository for my public web hacks!

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

A Router WiFi key recovery/cracking tool with a twist.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

🛡️ Make your web services secure by default !

A tiny web auditor with strong opinions.

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

CS 253 Web Security course at Stanford University

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Human and machine readable web vulnerability testing format

Alok Menghrajani's Blog

HTTPS Frontend Hijack

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

ASP.NET View State Decoder

ScanT3r - Web Security Scanner

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

A Deliberately Insecure Web Application

Fast CORS misconfiguration vulnerabilities scanner🍻

👨‍🏫 Mike's Web Security Course

Security Testing Scripts for JWT

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Python library and CLI for the Bug Bounty Recon API

A defense tool - detect web shells in local directories via md5sum

Source code for Hacker101.com - a free online web and mobile security class.

Modified Nuclei Templates Version to FUZZ Host Header

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Good resources about web security that I have read.

Open IP cameras in IPv4

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

A curated list of various bug bounty tools

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Awesome Node.js Security resources

Personal CTF Toolkit

HTTP Cache Poisoning Demo

Clear all your logs in [linux/windows] servers 🛡️

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Deliberately vulnerable scripts for Web Security training

A guided mutation-based fuzzer for ML-based Web Application Firewalls

A list of resources for those interested in getting started in bug bounties

📚 An ultimate collection wordlists of the best-known CMS

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Awesome Object Capabilities and Capability Security

Making Favicon.ico based Recon Great again !

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509

Runs the default Google Lighthouse tests with additional security tests

A list of web application security

🎯 PHP / ASP - Shell Backdoor List 🎯

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities