283 Open source projects that are alternatives of or similar to solutions-bwapp

List of every possible vulnerabilities in computer security.

Source code for Hacker101.com - a free online web and mobile security class.

Top disclosed reports from HackerOne

A Deliberately Insecure Web Application

XSS'OR - Hack with JavaScript.

Java web and command line applications demonstrating various security topics

Audit tool to find common vulnerabilities in PHP source code

Deliberately vulnerable scripts for Web Security training

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

No description or website provided.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Git All the Payloads! A collection of web attack payloads.

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

Hacking tools

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Web Application Security Scanner Framework

Solutions and write-ups from security-based competitions also known as Capture The Flag competition

w3af: web application attack and audit framework, the open source web vulnerability scanner.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Proactively protect your Node.js web services

nodejs + express security and performance boilerplate.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

👨‍🏫 Mike's Web Security Course

The Serverless Blind XSS App

Proof of Concept code for CVE-2015-0345 (APSB15-07)

利用XSS入侵内网(Use XSS automation Invade intranet)

Quick SQL Scanner, Dorker, Webshell injector PHP

This repository contains links to awesome security articles.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

A simple Java command-line utility to mirror the entire contents of VulnDB.

JSshell - JavaScript reverse/remote shell

Sample scan files for testing DefectDojo imports

Pretty vulnerable flask app..

Use Django To Introduce CSRF and Cookies , Session 📝

WAScan - Web Application Scanner

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Extraction of iMessage Data via XSS

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Hooks in to interesting functions and helps reverse the web app faster.

An XSS reverse shell framework

Cross-site scripting labs for web application security enthusiasts

Automating XSS using Bash

CSRF verification and session persistent through request/response headers.

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Filter user input for XSS but don't touch other html

Cure53 Browser Security White Paper

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

A tool to check a bunch of URLs that contain reflecting params.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Prevents XSS by figuring out how to escape untrusted values in templates

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址