222 Open source projects that are alternatives of or similar to wasec

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Source code for Hacker101.com - a free online web and mobile security class.

nodejs + express security and performance boilerplate.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Java web and command line applications demonstrating various security topics

Module for Nuxt.js to configure security headers and more

A Deliberately Insecure Web Application

rewrite constructor arguments, call DOMPurify, profit

可基于摄像头实时监控或录制的视频或静态图片进行行人检测(lffd)/跟踪(deep sort)和行人重识别(reid)。

XSS Payload without Anything.

A Gatsby plugin which adds strict Content Security Policy to your project.

ASP.NET Core MVC with angular in MVC View OpenID Connect Hybrid Flow

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Some good resources for getting started with application security

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

SOMns: A Newspeak for Concurrency Research

渗透测试☞经验/思路/总结/想法/笔记

WebExtension allow to execute bookmarklets as privileged scripts

A CSP collector written in Golang

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

A highly flexible process pooling library for Node.js

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

In progress rough solutions to bWAPP / bee-box

Safe replacement for the v-html directive

📓 Some notes and impressive articles of Web Security

python Generator of REnewable Time series and mAps

No description or website provided.

This is a Joomla Plugin that provides setting of HTTP Headers

utility to sanitize hast nodes

国光的手把手带你用 SSRF 打穿内网靶场源码

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

this is a python module that contains functions and classes which are used to test the security of web/network applications. it's coded on pure python and it's very intelligent tool ! It can easily detect: XSS (relected/stored), RCE (Remote Code/Command Execution), SSTI, SSRF, CORS Misconfigurations, File Upload, CSRF, Path Traversal,.... Also, …

Dhroraryus generates schedules intelligently according to one's constraints and preferences

一款复现wooyun经典漏洞的docker靶机环境

Powerful dork searcher and vulnerability scanner for windows platform

⚡️Django middleware to automatically send preload headers before views runs, enabling faster HTTP2 server-push (with CSP support).

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

收集网络上公开的漏洞扫描器的白皮书。

almost, but not quite, entirely unlike core.async

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

Reinforced Mitigation Security Filter

Minimalist cheat sheet for developpers to write secure code

Markdown to HTML using marked and DOMPurify. Safe by default.

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

A library for Communicating Sequential Processes in Node.js, built on top of async/await

📺 CSP for vanilla JavaScript

Toolset for detecting reflected xss in websites

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

CrySPY is a crystal structure prediction tool written in Python.

Because Security Matters, and Web libraries, tools, and projects, should be more informative about their state.

Make XSS Great Again

Scrape domain names from SSL certificates of arbitrary hosts

Pretty vulnerable flask app..

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

Simple and lightweight library that helps to validate SVG files in security manners.

Filter user input for XSS but don't touch other html