Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+1115.63%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+2309.38%)
Collection DocumentCollection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+4234.38%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+19331.25%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (+50%)
Secbox🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (+593.75%)
aws-firewall-factoryDeploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (+125%)
coraza-caddyOWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+134.38%)
sanitizer-polyfillrewrite constructor arguments, call DOMPurify, profit
Stars: ✭ 46 (+43.75%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (+162.5%)
waf-brainMachine Learning WAF Based
Stars: ✭ 74 (+131.25%)
terraform-provider-incapsulaThis package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Stars: ✭ 27 (-15.62%)
persistent-clientside-xssExploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Stars: ✭ 19 (-40.62%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+200%)
ngx http html sanitize moduleIt's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property
Stars: ✭ 14 (-56.25%)
xss-http-injectorXSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: ✭ 22 (-31.25%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+393.75%)
nxtool-ngBecause life is too short to waste your time transforming naxsi logs to rules by hand
Stars: ✭ 40 (+25%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+228.13%)
flask-vulnPretty vulnerable flask app..
Stars: ✭ 23 (-28.12%)
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-34.37%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+284.38%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+165.63%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (+0%)
wafbypasserNo description or website provided.
Stars: ✭ 73 (+128.13%)
encode-mePayload encoder for bypass WAF
Stars: ✭ 14 (-56.25%)
docker-wallarm-node⚡️ Docker official image for Wallarm Node. API security platform agent.
Stars: ✭ 18 (-43.75%)
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (+90.63%)
Cracker-ToolAll in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
Stars: ✭ 181 (+465.63%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (+115.63%)
security-cheat-sheetMinimalist cheat sheet for developpers to write secure code
Stars: ✭ 47 (+46.88%)
wasecExamples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (+131.25%)
waflabA web-based testing platform for WAF (Web Application Firewall)'s correctness
Stars: ✭ 25 (-21.87%)
waf4wordpressWAF for WordPress 🔥 with 60+ security checks and weekly updates
Stars: ✭ 102 (+218.75%)
ingressKubernetes Ingress controller with integrated Wallarm services
Stars: ✭ 31 (-3.12%)
vulture-baseVulture 4 base system and bootstrap scripts
Stars: ✭ 33 (+3.13%)
SuperXSSMake XSS Great Again
Stars: ✭ 57 (+78.13%)
NachtWalReinforced Mitigation Security Filter
Stars: ✭ 17 (-46.87%)
k8s-lempLEMP stack in a Kubernetes cluster
Stars: ✭ 74 (+131.25%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+818.75%)
safe-markedMarkdown to HTML using marked and DOMPurify. Safe by default.
Stars: ✭ 31 (-3.12%)
PoW-ShieldProject dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
Stars: ✭ 99 (+209.38%)
laravel-xss-filterFilter user input for XSS but don't touch other html
Stars: ✭ 38 (+18.75%)
roxy-wiWeb interface for managing Haproxy, Nginx, Apache and Keepalived servers
Stars: ✭ 1,109 (+3365.63%)
Wordlist404Small but effective wordlist for brute-forcing and discovering hidden things.
Stars: ✭ 101 (+215.63%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (+3.13%)
ftwFramework for Testing WAFs (FTW!)
Stars: ✭ 106 (+231.25%)
safe-svgSimple and lightweight library that helps to validate SVG files in security manners.
Stars: ✭ 25 (-21.87%)