web-security | Topic | Ecosyste.ms: Repos

Topic: "web-security"

MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Language: JavaScript - Size: 1.42 GB - Last synced at: 3 days ago - Pushed at: 15 days ago - Stars: 18,634 - Forks: 3,362

chaitin/SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Language: Go - Size: 76.4 MB - Last synced at: 2 days ago - Pushed at: 15 days ago - Stars: 16,448 - Forks: 989

Hacker0x01/hacker101

Source code for Hacker101.com - a free online web and mobile security class.

Language: SCSS - Size: 26.1 MB - Last synced at: 7 months ago - Pushed at: 8 months ago - Stars: 13,780 - Forks: 2,528

nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Size: 145 KB - Last synced at: 3 days ago - Pushed at: 10 months ago - Stars: 11,263 - Forks: 1,987

bunkerity/bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)

Language: Python - Size: 571 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 7,970 - Forks: 454

infoslack/awesome-web-hacking

A list of web application security

Size: 160 KB - Last synced at: 16 days ago - Pushed at: 6 months ago - Stars: 6,183 - Forks: 1,243

vavkamil/awesome-bugbounty-tools

A curated list of various bug bounty tools

Size: 101 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 4,944 - Forks: 794

lirantal/awesome-nodejs-security

Awesome Node.js Security resources

Size: 614 KB - Last synced at: 3 days ago - Pushed at: 6 days ago - Stars: 2,819 - Forks: 250

palahsu/DDoS-Ripper

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

Language: Python - Size: 892 KB - Last synced at: 2 days ago - Pushed at: 11 months ago - Stars: 2,368 - Forks: 574

0xSobky/HackVault

A container repository for my public web hacks!

Language: JavaScript - Size: 15.6 KB - Last synced at: 1 day ago - Pushed at: over 2 years ago - Stars: 1,993 - Forks: 277

qi4L/JYso

JNDIExploit or a ysoserial.

Language: Java - Size: 102 MB - Last synced at: 2 days ago - Pushed at: 7 days ago - Stars: 1,599 - Forks: 184

Ge0rg3/requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Language: Python - Size: 50.8 KB - Last synced at: 2 days ago - Pushed at: 29 days ago - Stars: 1,551 - Forks: 162

WangYihang/GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Language: Python - Size: 1.83 MB - Last synced at: 3 days ago - Pushed at: 4 months ago - Stars: 1,515 - Forks: 238

lunasec-io/lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Language: TypeScript - Size: 293 MB - Last synced at: 1 day ago - Pushed at: about 1 year ago - Stars: 1,448 - Forks: 169

pushsecurity/saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Size: 8.87 MB - Last synced at: about 1 month ago - Pushed at: 3 months ago - Stars: 1,303 - Forks: 96

4ra1n/super-xray 📦

Web漏洞扫描工具XRAY的GUI启动器

Language: Java - Size: 6.7 MB - Last synced at: 6 months ago - Pushed at: about 2 years ago - Stars: 1,259 - Forks: 143

devanshbatham/FavFreak

Making Favicon.ico based Recon Great again !

Language: Python - Size: 109 KB - Last synced at: 4 days ago - Pushed at: over 1 year ago - Stars: 1,191 - Forks: 174

blst-security/cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Language: Rust - Size: 2.63 MB - Last synced at: 3 days ago - Pushed at: 7 months ago - Stars: 1,184 - Forks: 83

chenjj/CORScanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

Language: Python - Size: 2.68 MB - Last synced at: 1 day ago - Pushed at: over 3 years ago - Stars: 1,088 - Forks: 185

TypeError/secure

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

Language: Python - Size: 293 KB - Last synced at: 2 days ago - Pushed at: 7 months ago - Stars: 934 - Forks: 29

Zeyad-Azima/Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Size: 20.6 MB - Last synced at: over 1 year ago - Pushed at: almost 3 years ago - Stars: 808 - Forks: 190

backdoorhub/shell-backdoor-list

🎯 PHP / ASP - Shell Backdoor List 🎯

Language: PHP - Size: 741 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 755 - Forks: 563

4ra1n/mysql-fake-server 📦

Language: Java - Size: 929 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 739 - Forks: 86

incredibleindishell/SSRF_Vulnerable_Lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Language: PHP - Size: 45.9 MB - Last synced at: 2 days ago - Pushed at: almost 2 years ago - Stars: 724 - Forks: 199

Lookyloo/lookyloo

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Language: Python - Size: 7 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 710 - Forks: 86

turbo/openftp4

A list of all FTP servers in IPv4 that allow anonymous logins.

Size: 27.6 MB - Last synced at: 26 days ago - Pushed at: 26 days ago - Stars: 653 - Forks: 95

tempesta-tech/tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks

Language: C - Size: 21.3 MB - Last synced at: 1 day ago - Pushed at: 2 days ago - Stars: 650 - Forks: 106

Tmpertor/Raven-Storm 📦

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Language: Python - Size: 888 KB - Last synced at: 24 days ago - Pushed at: over 4 years ago - Stars: 638 - Forks: 174

madneal/articles-translator

:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Size: 1.12 MB - Last synced at: 1 day ago - Pushed at: 6 months ago - Stars: 620 - Forks: 66

hueristiq/xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Language: Go - Size: 405 KB - Last synced at: 6 days ago - Pushed at: 7 days ago - Stars: 607 - Forks: 71

Harmoc/CTFTools

Personal CTF Toolkit

Size: 353 KB - Last synced at: about 2 months ago - Pushed at: over 2 years ago - Stars: 595 - Forks: 137

trailofbits/twa

A tiny web auditor with strong opinions.

Language: Shell - Size: 181 KB - Last synced at: 1 day ago - Pushed at: 4 months ago - Stars: 589 - Forks: 52

dmdhrumilmistry/pyhtools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Language: Python - Size: 18 MB - Last synced at: 7 days ago - Pushed at: 3 months ago - Stars: 568 - Forks: 91

Cryin/JavaID

java source code static code analysis and danger function identify prog

Language: Python - Size: 31.3 KB - Last synced at: 5 days ago - Pushed at: over 6 years ago - Stars: 535 - Forks: 119

splitline/How-to-Hack-Websites

開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

Language: PHP - Size: 17.9 MB - Last synced at: about 2 months ago - Pushed at: about 3 years ago - Stars: 524 - Forks: 49

fabriziosalmi/caddy-waf

Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)

Language: Go - Size: 8.27 MB - Last synced at: about 8 hours ago - Pushed at: 22 days ago - Stars: 510 - Forks: 16

0x4D31/burpa 📦

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Language: Python - Size: 419 KB - Last synced at: about 1 month ago - Pushed at: almost 7 years ago - Stars: 481 - Forks: 107

enkomio/Taipan

Web application vulnerability scanner

Size: 241 MB - Last synced at: about 2 months ago - Pushed at: about 4 years ago - Stars: 466 - Forks: 93

luigigubello/PayloadsAllThePDFs

PDF Files for Pentesting

Size: 1.04 MB - Last synced at: 6 months ago - Pushed at: 8 months ago - Stars: 459 - Forks: 64

aaPanel/aaWAF

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

Language: Go - Size: 15.4 MB - Last synced at: 6 days ago - Pushed at: 9 days ago - Stars: 452 - Forks: 93

burpheart/koko-moni

一个基于网络空间搜索引擎的攻击面管理平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

Size: 172 KB - Last synced at: 6 months ago - Pushed at: about 2 years ago - Stars: 441 - Forks: 22

Yavuzlar/VulnLab

Language: CSS - Size: 16.7 MB - Last synced at: about 1 month ago - Pushed at: 4 months ago - Stars: 426 - Forks: 145

Brum3ns/firefly

Black box fuzzer for web applications

Language: Go - Size: 1.6 MB - Last synced at: about 1 month ago - Pushed at: 11 months ago - Stars: 426 - Forks: 38

yogsec/Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Size: 136 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 404 - Forks: 86

Drackar1/Brutus-AET2

Brutus-AET2 Password-Cracker Network-Security Authentication-Tool Brute-Force-Attack Password-Recovery Penetration-Testing Ethical-Hacking

Language: C++ - Size: 39.1 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 382 - Forks: 34

JasonLovesDoggo/caddy-defender

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

Language: Go - Size: 1.08 MB - Last synced at: about 10 hours ago - Pushed at: 1 day ago - Stars: 378 - Forks: 11

dckc/awesome-ocap

Awesome Object Capabilities and Capability Security

Language: JavaScript - Size: 385 KB - Last synced at: 6 days ago - Pushed at: 7 days ago - Stars: 363 - Forks: 25

FiveM911/Brutus-AET2

Brutus-AET2 Password-Cracker Network-Security Authentication-Tool Brute-Force-Attack Password-Recovery Penetration-Testing Ethical-Hacking

Size: 15.6 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 353 - Forks: 0

mazen160/jwt-pwn

Security Testing Scripts for JWT

Language: Python - Size: 7.81 KB - Last synced at: 4 days ago - Pushed at: almost 3 years ago - Stars: 313 - Forks: 57

Rizer0/Log-killer 📦

Clear all your logs in [linux/windows] servers 🛡️

Language: PHP - Size: 1.44 MB - Last synced at: about 2 months ago - Pushed at: about 4 years ago - Stars: 311 - Forks: 76

chrispetrou/FDsploit 📦

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Language: Python - Size: 1.12 MB - Last synced at: about 2 months ago - Pushed at: about 4 years ago - Stars: 271 - Forks: 76

multiparty/jiff

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

Language: JavaScript - Size: 152 MB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 264 - Forks: 52

mike-works/web-security-fundamentals

Mike North's Web Security Course

Language: JavaScript - Size: 2.89 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 260 - Forks: 116

ImAyrix/fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Language: Go - Size: 93.8 KB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 247 - Forks: 33

WangYihang/Reverse-Shell-Manager

:hammer: A multiple reverse shell session/client manager via terminal

Language: Python - Size: 56.6 KB - Last synced at: 4 days ago - Pushed at: almost 2 years ago - Stars: 242 - Forks: 63

zhuyingda/veneno

Language: JavaScript - Size: 16.8 MB - Last synced at: 3 days ago - Pushed at: about 6 years ago - Stars: 239 - Forks: 43

pharocuddles83/Brutus-AET2

Language: C++ - Size: 0 Bytes - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 231 - Forks: 0

edoardottt/pphack

The Most Advanced Client-Side Prototype Pollution Scanner

Language: Go - Size: 546 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 221 - Forks: 19

notluken/Brutus-AET2

Size: 15.6 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 220 - Forks: 0

serain/bbrecon 📦

Python library and CLI for the Bug Bounty Recon API

Language: Python - Size: 355 KB - Last synced at: 6 months ago - Pushed at: almost 4 years ago - Stars: 220 - Forks: 38

feross/cs253.stanford.edu

CS 253 Web Security course at Stanford University

Language: JavaScript - Size: 496 MB - Last synced at: about 2 months ago - Pushed at: over 3 years ago - Stars: 211 - Forks: 24

codingo/Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Language: Python - Size: 313 KB - Last synced at: about 1 month ago - Pushed at: about 3 years ago - Stars: 202 - Forks: 47

voorhoede/lighthouse-security 📦

Runs the default Google Lighthouse tests with additional security tests

Language: JavaScript - Size: 206 KB - Last synced at: 7 days ago - Pushed at: over 6 years ago - Stars: 198 - Forks: 13

yaph/domxssscanner 📦

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

Language: HTML - Size: 332 KB - Last synced at: about 2 months ago - Pushed at: over 6 years ago - Stars: 195 - Forks: 47

telekom-security/explo 📦

Human and machine readable web vulnerability testing format

Language: Python - Size: 199 KB - Last synced at: about 1 month ago - Pushed at: over 2 years ago - Stars: 189 - Forks: 45

autistic-symposium/sec-pentesting-toolkit 📦

👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.

Language: C - Size: 250 MB - Last synced at: 6 days ago - Pushed at: 6 months ago - Stars: 182 - Forks: 22

SecAegis/SecAutoBan

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、科来网络安全分析审计系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、奇安信防火墙

Language: Python - Size: 44.1 MB - Last synced at: about 4 hours ago - Pushed at: 13 days ago - Stars: 180 - Forks: 36

SecAegis/SecReport

ChatGPT加持的，多人在线协同信息安全报告编写平台。目前支持的报告类型：渗透测试报告，APP隐私合规报告。

Language: Python - Size: 416 KB - Last synced at: 6 days ago - Pushed at: 13 days ago - Stars: 176 - Forks: 21

AvalZ/WAF-A-MoLE

A guided mutation-based fuzzer for ML-based Web Application Firewalls

Language: Python - Size: 4.44 MB - Last synced at: 6 months ago - Pushed at: about 1 year ago - Stars: 171 - Forks: 31

hueristiq/web-hacking-toolkit

A web hacking toolkit (docker image).

Language: Makefile - Size: 223 MB - Last synced at: about 2 months ago - Pushed at: over 2 years ago - Stars: 169 - Forks: 29

payloadbox/directory-payload-list

🎯 Directory Payload List

Size: 2.89 MB - Last synced at: 14 days ago - Pushed at: 10 months ago - Stars: 167 - Forks: 77

breach-tw/breach.tw

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Language: PHP - Size: 1.93 MB - Last synced at: 6 days ago - Pushed at: almost 5 years ago - Stars: 165 - Forks: 22

4ra1n/poc-runner 📦

Language: Go - Size: 3.59 MB - Last synced at: 3 months ago - Pushed at: 8 months ago - Stars: 154 - Forks: 17

turbo/c4

Open IP cameras in IPv4

Size: 1000 Bytes - Last synced at: 2 months ago - Pushed at: over 8 years ago - Stars: 140 - Forks: 4

KajanM/DirBuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Language: Java - Size: 2.25 MB - Last synced at: 25 days ago - Pushed at: about 1 year ago - Stars: 139 - Forks: 35

codedamn/roadmaps

Curriculum for full-stack learning path on codedamn. Become a full-stack web developer with relevant technologies of 2022

Size: 1.13 MB - Last synced at: 8 days ago - Pushed at: almost 2 years ago - Stars: 135 - Forks: 16

shogunlab/shuriken 📦

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Language: Python - Size: 40 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 131 - Forks: 39

purpleteam-labs/purpleteam

CLI component of OWASP PurpleTeam

Language: JavaScript - Size: 2.25 MB - Last synced at: 29 days ago - Pushed at: over 1 year ago - Stars: 128 - Forks: 15

xu-xiang/awesome-security-vul-llm

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Size: 31.3 KB - Last synced at: 12 days ago - Pushed at: over 1 year ago - Stars: 126 - Forks: 19

cyproxio/mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Language: TypeScript - Size: 262 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 124 - Forks: 19

astoj/vibe-security

A comprehensive security checklist for vibe coders

Size: 46.9 KB - Last synced at: 3 days ago - Pushed at: about 2 months ago - Stars: 122 - Forks: 4

0xAwali/Blind-SSRF

Nuclei Templates to reproduce Cracking the lens's Research

Size: 918 KB - Last synced at: about 1 year ago - Pushed at: over 3 years ago - Stars: 122 - Forks: 20

TangGolang/TangGo

TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。

Size: 151 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 118 - Forks: 3

yuvadm/viewstate

ASP.NET View State Decoder

Language: Python - Size: 97.7 KB - Last synced at: 4 days ago - Pushed at: 22 days ago - Stars: 106 - Forks: 15

hueristiq/xcrawl3r

A command-line utility designed to recursively spider webpages for URLs. It works by actively traversing websites - following links embedded in webpages, parsing resources like sitemaps and robots.txt files, and even processing local files - to uncover every URL.

Language: Go - Size: 203 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 96 - Forks: 7