web-application-security

Automated NoSQL database enumeration and web application exploitation tool.

The Offensive Manual Web Application Penetration Testing Framework.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, ACME automatic HTTPS certificate, WAF (Web Application Firewall), CC defense, OAuth2 Authentication, load balancing, etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、ACME自动化HTTPS证书、WAF (Web Application Firewall)、CC防御、OAuth2身份认证、负载均衡等。

🎯 XML External Entity (XXE) Injection Payload List

|| Activate Burp Suite Pro with Key-Generator and Key-Loader ||

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

🎯 RFI/LFI Payload List

A cross-platform python based utility for information gathering and penetration testing automation!

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

Second-order subdomain takeover scanner

PHP Security Check List [ EN ] 🌋 ☣️

Awesome information for WebSockets security research

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Security Tool for Enumerating WebSockets

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Sqreen's Application Security Management for the Go language

Extract pieces of info from a web page's Wayback Machine history