Web Security
Showing 36 of 169 projects
A configurable, accessible, and secure visual CAPTCHA solution with support for multiple front-end and back-end frameworks.
A bug hunting tool that scans websites for exposed .git repositories and dumps their contents for security analysis.
PSR-15 middleware for CSRF protection in Slim Framework applications.
A toolkit to extract code, configs, and information from web-accessible git, hg, and bzr repositories that aren't fully cloneable.
A proof-of-concept demonstrating how to steal CSRF tokens via CSS injection without using iFrames, enabling client-side attacks.
An ASP.NET Core middleware that injects OWASP-recommended HTTP security headers with a single line of code.
A slider-based CAPTCHA library for web applications that supports PC and mobile with server-side verification.
An Elixir library for sanitizing HTML to protect against XSS attacks while allowing safe user-generated content.
A high-performance JavaScript library providing AES-256, Fortuna PRNG, SRP authentication, and SHA-2 cryptographic functions for web applications.
A beginner-friendly CTF (Capture The Flag) course covering cybersecurity topics like cryptography, web security, binary exploitation, and reverse engineering.
An object-oriented PHP library for sanitizing untrusted HTML input to prevent XSS and other injection attacks.
Middleware for adding Content Security Policy, HSTS, and HPKP security headers to ASP.NET Core applications.
A simple, stateful session management library for Go with CSRF protection and easy session revocation.
A pluggable authentication library for FastAPI supporting OAuth2 password flow with JWT tokens and custom user models.
A free and open-source scanner that identifies installed components, extensions, and files in Joomla CMS websites.
A Ruby script that fingerprints remote applications and third-party scripts to identify their versions for security assessment.
A terminal-based manager for handling multiple reverse shell sessions and clients during penetration testing.
ESLint plugin that disallows unsafe innerHTML, outerHTML, and similar DOM manipulation methods without proper sanitization.
A JWT authentication middleware for Go HTTP servers with short-lived auth tokens, refresh tokens, and CSRF protection.
A W3C specification for a Content Security Policy that helps prevent cross-site scripting and other code injection attacks.
A Cloudflare Firewall Rules ruleset to block malicious crawlers, spam referrers, and other bad internet traffic.
A CLI tool and library for executing padding oracle attacks with concurrent network requests and an elegant UI.
An advanced Apache logfile security analyzer for post-attack forensics, detecting web application attacks using multiple detection techniques.
A minimal Flask extension that adds login and logout routes to web applications with minimal configuration.
A WordPress honeypot that detects probes for plugins, themes, and common files used to fingerprint WordPress installations.
An Elixir Plug for adding HTTP basic authentication to web applications with configurable credentials or custom authentication functions.
A simple, unopinionated Go package for generating customizable CAPTCHA images with framework independence.
A community-driven web and service fingerprint identification tool written in Rust, supporting version detection and vulnerability validation.
A Vapor middleware library for adding security headers to protect against XSS, click-jacking, and other web vulnerabilities.
A drop-in library for resumable downloads and streaming integrity verification of large files in the browser.
Automatic CSRF protection for JavaScript apps using Symfony APIs via cookie-header validation.
Send encrypted PGP messages via a simple web link without signup, using public key servers.
A Haskell library for OAuth2 client authentication with support for multiple identity providers.
A curated collection of tips, commands, and strategies for solving Capture the Flag (CTF) challenges and HackTheBox machines.
A simple, effective Go package for HTTP session management with customizable stores and OWASP-recommended defaults.
A Chromium-based web browser with built-in XSS detection and taint tracking capabilities for security testing.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.