411 Open source projects that are alternatives of or similar to nerdbug

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

🎯 RFI/LFI Payload List

Modified Nuclei Templates Version to FUZZ Host Header

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Nuclei Templates to reproduce Cracking the lens's Research

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Tips and Tutorials for Bug Bounty and also Penetration Tests.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

CloudFlare Checker written in Go

Good resources about web security that I have read.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Cross platform community web fingerprint identification tool

A simple PHP application to learn SQL Injection detection and exploitation techniques.

nuclei framework scripts

DNS hijacking via dead records automation tool

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Running nuclei Continuously

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Some contributions in the nuclei-templates repository

GitHub Action to set up Fortify ScanCentral Client

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Next generation web scanner

A Tool for Domain Flyovers

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

🎯 Command Injection Payload List

Tutorials and Things to Do while Hunting Vulnerability.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Web path scanner

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Some good resources for getting started with application security

Tool to bypass 40X response codes.

Nuclei RISC-V Software Development Kit

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Swiftly search FDNS datasets from Rapid7 Open Data

Boxer: A fast directory bruteforce tool written in Python with concurrency.

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Information Security Library

Tiny Sentry client with idiomatic wrapper for Angular

Astra is a tool to find URLs and secrets inside a webpage/files

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

apkizer is a mass downloader for android applications for all available versions.

Communicate with Fortify Software Security Center through REST API in java, a swagger generated client

Find endpoints on GitHub.

OWASP Zed Attack Proxy project landing page.

The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security

Pentest/BugBounty progress control with scanning modules

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Messy BurpSuite plugin for SQL Truncation vulnerabilities.