JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-44.44%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-75.16%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (+105.88%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-26.14%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (-27.45%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+3998.04%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-71.9%)
Awesome Bugbounty WriteupsA curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+1487.58%)
hack-pet🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-49.67%)
cf-checkCloudFlare Checker written in Go
Stars: ✭ 147 (-3.92%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-90.85%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+690.85%)
ObserverWard 0x727Cross platform community web fingerprint identification tool
Stars: ✭ 529 (+245.75%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-63.4%)
nclnuclei framework scripts
Stars: ✭ 25 (-83.66%)
DeadDNSDNS hijacking via dead records automation tool
Stars: ✭ 44 (-71.24%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+212.42%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+125.49%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-54.9%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+231.37%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+74.51%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+2189.54%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-71.9%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+340.52%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1858.17%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+4823.53%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-24.84%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (-7.19%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+4635.95%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+12515.69%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+2431.37%)
dontgo403Tool to bypass 40X response codes.
Stars: ✭ 457 (+198.69%)
nuclei-sdkNuclei RISC-V Software Development Kit
Stars: ✭ 65 (-57.52%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-79.74%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (-20.92%)
gf-patternsCollection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
Stars: ✭ 27 (-82.35%)
fdnssearchSwiftly search FDNS datasets from Rapid7 Open Data
Stars: ✭ 19 (-87.58%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-90.2%)
bhedakA replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Stars: ✭ 77 (-49.67%)
appsec-educationPresentations, training modules, and other education materials from Duo Security's Application Security team.
Stars: ✭ 59 (-61.44%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-60.78%)
micro-sentryTiny Sentry client with idiomatic wrapper for Angular
Stars: ✭ 100 (-34.64%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (+22.22%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-54.25%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+49.67%)
apkizerapkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-73.86%)
ssc-restapi-clientCommunicate with Fortify Software Security Center through REST API in java, a swagger generated client
Stars: ✭ 13 (-91.5%)
www-project-zapOWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-66.01%)
oss2020The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security
Stars: ✭ 26 (-83.01%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (+82.35%)
vimana-frameworkVimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-69.28%)
BurpSQLTruncSannerMessy BurpSuite plugin for SQL Truncation vulnerabilities.
Stars: ✭ 53 (-65.36%)