64 Open source projects that are alternatives of or similar to Waf A Mole

Python library and CLI for the Bug Bounty Recon API

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

📚 An ultimate collection wordlists of the best-known CMS

Runs the default Google Lighthouse tests with additional security tests

Web application vulnerability scanner

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

Awesome Node.js Security resources

Good resources about web security that I have read.

Clear all your logs in [linux/windows] servers 🛡️

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Awesome Object Capabilities and Capability Security

A defense tool - detect web shells in local directories via md5sum

Security Testing Scripts for JWT

Fast CORS misconfiguration vulnerabilities scanner🍻

Source code for Hacker101.com - a free online web and mobile security class.

Deliberately vulnerable scripts for Web Security training

Open IP cameras in IPv4

java source code static code analysis and danger function identify prog

A curated list of various bug bounty tools

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

guardrails.cs.virginia.edu

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

🎯 PHP / ASP - Shell Backdoor List 🎯

Alok Menghrajani's Blog

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

Nuclei Templates to reproduce Cracking the lens's Research

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

ScanT3r - Web Security Scanner

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

👨‍🏫 Mike's Web Security Course

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

A simple PHP application to learn SQL Injection detection and exploitation techniques.

🛡️ Make your web services secure by default !

A list of resources for those interested in getting started in bug bounties

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

CS 253 Web Security course at Stanford University

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

A Deliberately Insecure Web Application

Human and machine readable web vulnerability testing format

Making Favicon.ico based Recon Great again !

A container repository for my public web hacks!

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

HTTPS Frontend Hijack

A list of web application security

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

A list of all FTP servers in IPv4 that allow anonymous logins.

A tiny web auditor with strong opinions.

Personal CTF Toolkit

Modified Nuclei Templates Version to FUZZ Host Header