Automated NoSQL database enumeration and web application exploitation tool.

The Offensive Manual Web Application Penetration Testing Framework.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, LDAP or OAuth2 Authentication, private key protection, Web SSH operation, Web routing and scalable load balancing. JANUSEC应用网关，提供WAF、CC攻击防御、LDAP或OAuth2身份认证、统一Web化管理入口、证书私钥保护、Web SSH安全运维，Web路由以及可扩展的负载均衡等功能。

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

A cross-platform python based utility for information gathering and penetration testing automation!

PHP Security Check List [ EN ] 🌋 ☣️

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🎯 XML External Entity (XXE) Injection Payload List

🎯 RFI/LFI Payload List

Sqreen's Application Security Management for the Go language

Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

An application to catch, search and analyze HTTP secure headers.

PHP extension for web-application dynamic analysis.

An ultra-compact intro (or refresher) to Web Application Security.

a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

📚 VPS 🔒 Network 🔒 Cloud 🔒 Web Applications 📚

Host Header Injection Scanner

Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan result.

Web Application Penetration Testing tools and Materials for Ethical Hackers.

F5 Agility Labs for Web Application Firewall Use Cases

.NET packages for using Sqreen

📚 🐳 For DevOps Engineers 🐳 📚

C# application, which parses Nmap XML output files and allows sending selected HTTP services to the BurpSuite Scanner via BurpSuite's REST API. Use this application to start large-scale web application security scans based on Nmap scan results.

Provision Azure Application Gateway to protect an existing Azure Web site

HTTP request smuggling examples

🐶 A curated list of Web Security materials and resources.