1140 Open source projects that are alternatives of or similar to JWTweak

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Web path scanner

Full Nuclei automation script with logic explanation.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Next generation web scanner

🎯 RFI/LFI Payload List

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

A Python3 based single-file subdomain enumerator

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Centralize Vulnerability Assessment and Management for DevSecOps Team

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

A tool to fastly get all javascript sources/files

🦄🔒 Awesome list of secrets in environment variables 🖥️

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Rockyou for web fuzzing

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

GitHub Action to set up Fortify ScanCentral Client

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Dump exposed HTTP .git fast

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Subdomain Takeover tool written in Go

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Automated All-in-One OS Command Injection Exploitation Tool.

Yet Another PHP Shell - The most complete PHP reverse shell

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

🔑 Sample Spring boot application secured using JWT auth in custom header(X-Auth-Token).

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

🎯 Command Injection Payload List

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Tool for Domain Flyovers

Some good resources for getting started with application security

A simple PHP application to learn SQL Injection detection and exploitation techniques.

OWASP Zed Attack Proxy project landing page.

A Powerful Subdomain Takeover Tool

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

Do some quick reconnaissance on a domain-based web-application