lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+1419.28%)
Lighthouse SecurityRuns the default Google Lighthouse tests with additional security tests
Stars: ✭ 190 (+128.92%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-54.22%)
Breach.twA service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (+73.49%)
CtftoolsPersonal CTF Toolkit
Stars: ✭ 312 (+275.9%)
Veneno Stars: ✭ 230 (+177.11%)
TwaA tiny web auditor with strong opinions.
Stars: ✭ 549 (+561.45%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+103.61%)
Learning-Node.js-SecurityA Collection of articles, videos, blogs, talks and other materials on Node.js Security
Stars: ✭ 25 (-69.88%)
firecrackerStop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (+427.71%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (+37.35%)
Javaidjava source code static code analysis and danger function identify prog
Stars: ✭ 327 (+293.98%)
CJ2018-Final-CTFCyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.
Stars: ✭ 58 (-30.12%)
Corscanner Fast CORS misconfiguration vulnerabilities scanner🍻
Stars: ✭ 601 (+624.1%)
Log KillerClear all your logs in [linux/windows] servers 🛡️
Stars: ✭ 252 (+203.61%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-83.13%)
Awesome OcapAwesome Object Capabilities and Capability Security
Stars: ✭ 196 (+136.14%)
Prestashop Cve 2018 19126PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
Stars: ✭ 37 (-55.42%)
Jwt PwnSecurity Testing Scripts for JWT
Stars: ✭ 170 (+104.82%)
shellsumA defense tool - detect web shells in local directories via md5sum
Stars: ✭ 30 (-63.86%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+14654.22%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+414.46%)
C4Open IP cameras in IPv4
Stars: ✭ 123 (+48.19%)
cyber-gymDeliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-77.11%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+289.16%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+1543.37%)
Ssrf vulnerable labThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Stars: ✭ 361 (+334.94%)
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Stars: ✭ 606 (+630.12%)
guardrailsguardrails.cs.virginia.edu
Stars: ✭ 18 (-78.31%)
Waf A MoleA guided mutation-based fuzzer for ML-based Web Application Firewalls
Stars: ✭ 51 (-38.55%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+33.73%)
Scant3rScanT3r - Web Security Scanner
Stars: ✭ 248 (+198.8%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+579.52%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+139.76%)
Raven-StormRaven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (+183.13%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+12203.61%)
DomxssscannerDOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Stars: ✭ 181 (+118.07%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-56.63%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+2744.58%)
Githacker🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
Stars: ✭ 524 (+531.33%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+95.18%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-32.53%)
Cs253.stanford.eduCS 253 Web Security course at Stanford University
Stars: ✭ 155 (+86.75%)
JiffJavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Stars: ✭ 131 (+57.83%)
ExploHuman and machine readable web vulnerability testing format
Stars: ✭ 114 (+37.35%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+359.04%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-61.45%)
ViewstateASP.NET View State Decoder
Stars: ✭ 77 (-7.23%)
Project TauroA Router WiFi key recovery/cracking tool with a twist.
Stars: ✭ 52 (-37.35%)
Openftp4A list of all FTP servers in IPv4 that allow anonymous logins.
Stars: ✭ 634 (+663.86%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+332.53%)