64 Open source projects that are alternatives of or similar to Mitm Http Cache Poisoning

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Runs the default Google Lighthouse tests with additional security tests

📚 An ultimate collection wordlists of the best-known CMS

Modified Nuclei Templates Version to FUZZ Host Header

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Personal CTF Toolkit

A tiny web auditor with strong opinions.

Python library and CLI for the Bug Bounty Recon API

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

java source code static code analysis and danger function identify prog

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

Fast CORS misconfiguration vulnerabilities scanner🍻

Clear all your logs in [linux/windows] servers 🛡️

Good resources about web security that I have read.

Awesome Object Capabilities and Capability Security

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Security Testing Scripts for JWT

A defense tool - detect web shells in local directories via md5sum

Source code for Hacker101.com - a free online web and mobile security class.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Open IP cameras in IPv4

Deliberately vulnerable scripts for Web Security training

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

A container repository for my public web hacks!

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

guardrails.cs.virginia.edu

A list of web application security

Alok Menghrajani's Blog

A guided mutation-based fuzzer for ML-based Web Application Firewalls

Nuclei Templates to reproduce Cracking the lens's Research

🎯 PHP / ASP - Shell Backdoor List 🎯

ScanT3r - Web Security Scanner

Making Favicon.ico based Recon Great again !

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

👨‍🏫 Mike's Web Security Course

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

🛡️ Make your web services secure by default !

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A simple PHP application to learn SQL Injection detection and exploitation techniques.

CS 253 Web Security course at Stanford University

A list of resources for those interested in getting started in bug bounties

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Human and machine readable web vulnerability testing format

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

A Deliberately Insecure Web Application

ASP.NET View State Decoder

A Router WiFi key recovery/cracking tool with a twist.

A list of all FTP servers in IPv4 that allow anonymous logins.

Web application vulnerability scanner

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509