Web Security

#vulnerability-assessment#fuzzing-payloads#web-security

SecListsPHP

A comprehensive collection of security testing wordlists and payloads for penetration testers and security researchers.

Stars70.4k

Forks25.0k

Last commit1 day ago

API Security Checklist

A comprehensive checklist of security countermeasures for designing, testing, and releasing secure APIs.

#web-security#api#oauth2

Stars23.2k

Forks2.7k

Last commit2 months ago

Mobile-Security-Framework MobSFJavaScript

An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.

#mobile-security#web-security#ios-security

A free, open-source web application security scanner for finding vulnerabilities during development and testing.

#hacktoberfest#owasp#web-security

Stars15.0k

Forks2.5k

Last commit3 days ago

XSStrikePython

An advanced XSS detection suite that uses context analysis and intelligent payload generation to find vulnerabilities.

#python-tool#xss-scanner#web-security

Stars14.9k

Forks2.1k

#honeypot#web-security#awesome-list

Security

A curated collection of awesome software, libraries, books, and resources for cybersecurity professionals.

Stars14.2k

Forks2.2k

Last commit3 months ago

Web Security

A curated collection of web security resources, tools, and research materials for learning penetration techniques.

#sql-injection#web-security#xss

Stars13.3k

Forks1.8k

Useful .htaccess Snippets

A curated collection of ready-to-use .htaccess snippets for Apache web server configuration.

#url-rewriting#apache#web-server

Stars13.2k

Forks1.3k

#vulnerability-assessment#web-security#red-teaming

beefJavaScript

A penetration testing framework that exploits web browsers as beachheads for client-side attacks.

Stars10.8k

Forks2.4k

#security-tuning#reverse-proxy#devops

Bunkerized-nginxPython

An open-source, next-generation Web Application Firewall (WAF) based on NGINX that makes web services secure by default.

Stars10.3k

Forks584

#security-tuning#reverse-proxy#plugin-system

BunkerWebPython

An open-source, next-generation Web Application Firewall (WAF) that integrates as a reverse proxy to make web services secure by default.

Stars10.3k

Forks584

#vulnerability-assessment#web-security#wpvulndb

wpscanRuby

A free, open-source WordPress security scanner for professionals and site maintainers to test website vulnerabilities.

Stars9.5k

Forks1.3k

#hacktoberfest#enumeration#pentest

feroxbusterRust

A fast, simple, recursive content discovery tool written in Rust for forced browsing attacks.

Stars7.7k

Forks611

Last commit9 days ago

Application SecurityPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

#secure-coding#security-experts#owasp

Stars6.9k

Forks791

#hacking-tools#vulnerability-assessment#vulnerabilities

Awesome Web Hacking

A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.

Stars6.8k

Forks1.3k

Last commit14 days ago

GoProxyGo

A customizable HTTP/HTTPS proxy server library for Go, enabling request/response manipulation and MITM capabilities.

#http-proxy#web-security#traffic-interception

Stars6.7k

Forks1.2k

Last commit4 days ago

wfuzzPython

A modular web application fuzzer that replaces FUZZ keywords with payloads to test parameters, authentication, forms, and directories.

#python-tool#web-security#fuzzing

Stars6.5k

Forks1.4k

Last commit3 months ago

PoisonTapJavaScript

Exploits locked computers via USB to hijack internet traffic, steal browser cookies, and install persistent web backdoors using a Raspberry Pi Zero.

#raspberry-pi-zero#web-security#dns-rebinding

Stars6.5k

Forks980

Last commit7 years ago

Awesome bug bounty resources by EdOverflow

A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.

#web-security#vulnerability-testing#infosec

Stars6.4k

Forks1.6k

Last commit2 years ago

VeryNginx - Nginx distribution which provides WAF, Control Panel, and DashboardsLua

A powerful web interface and WAF for Nginx/OpenResty, providing firewall, control panel, and real-time dashboards.

#reverse-proxy#lua-scripting#web-security

A tool for visual inspection of websites across many hosts, providing an overview of HTTP-based attack surfaces.

#web-security#osint#report-generation

Stars5.9k

Forks910

Last commit3 years ago

CommixPython

An automated penetration testing tool that detects and exploits command injection vulnerabilities in web applications.

#open-source#owasp#web-security

Stars5.7k

Forks926

Last commit9 days ago

Infosec

A curated list of awesome information security courses, training resources, and hands-on labs for cybersecurity professionals and students.

#security-training#pentest#web-security

Stars5.6k

Forks749

Last commit5 months ago

js-xssHTML

A JavaScript library that sanitizes untrusted HTML to prevent XSS attacks using a configurable whitelist.

#web-security#html-sanitization#input-validation

Stars5.3k

Forks632

forgeJavaScript

A native JavaScript implementation of TLS and a comprehensive cryptography toolkit for building secure web applications.

#crypto#cipher#pkcs

Stars5.3k

Forks833

#payload-list#web-security#xss

AwesomeXSSJavaScript

A curated collection of XSS resources including payloads, polyglots, bypass techniques, and tools for security researchers.

Stars5.1k

Forks779

#sql-injection#web-security#cross-site-scripting

W3afPython

An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.

Stars4.9k

Forks1.2k

Last commit3 years ago

AuthlogicRuby

An unobtrusive Ruby authentication library for ActiveRecord-based Rails applications.

#rails#web-security#authentication

Stars4.3k

Forks633

Last commit2 months ago

LinkFinderPython

A Python script that discovers endpoints and their parameters in JavaScript files for penetration testing and bug hunting.

#endpoints#web-security#javascript-analysis

Stars4.3k

Forks654

Last commit2 years ago

Learn how to use JWT for AuthenticationJavaScript

A comprehensive tutorial and example project for implementing JSON Web Token (JWT) authentication in web apps.

#security-tokens#learn-to-code#web-security

A modular authentication system for Go web applications, providing pluggable modules for common auth features.

#oauth#web-security#authentication

Stars4.2k

Forks221

Last commit5 months ago

bug-bounty-reference

A categorized collection of bug bounty write-ups organized by vulnerability type for security researchers.

#web-security#vulnerability-database#penetration-testing

Stars4.2k

Forks1.0k

#vulnerability-exploitation#ssti-detection#web-security

tplmapPython

A penetration testing tool that detects and exploits Server-Side Template Injection (SSTI) and code injection vulnerabilities.

Stars4.1k

Forks685

Last commit2 years ago

sanitize-htmlJavaScript

A fast HTML sanitizer that cleans user-submitted HTML while preserving whitelisted elements and attributes.

#user-input#web-security#html-sanitization

Stars4.1k

Forks370