web-application-security

Automated NoSQL database enumeration and web application exploitation tool.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

The Offensive Manual Web Application Penetration Testing Framework.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Janusec Application Gateway, Provides Fast and Secure Application Delivery (Authentication, WAF/CC, HTTPS and ACME automatic certificates). JANUSEC应用网关，提供快速、安全的应用交付（身份认证, WAF/CC, HTTPS以及ACME自动证书）。

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

🎯 XML External Entity (XXE) Injection Payload List

A cross-platform python based utility for information gathering and penetration testing automation!

🎯 RFI/LFI Payload List

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

PHP Security Check List [ EN ] 🌋 ☣️

Second-order subdomain takeover scanner

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Sqreen's Application Security Management for the Go language

A Security Tool for Enumerating WebSockets

|| Activate Burp Suite Pro with Loader and Key-Generator ||

Extract pieces of info from a web page's Wayback Machine history

Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

An application to catch, search and analyze HTTP secure headers.

Information Security Library

a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

Awesome information for WebSockets security research

Host Header Injection Scanner

An ultra-compact intro (or refresher) to Web Application Security.

PHP extension for web-application dynamic analysis.

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

📚 VPS 🔒 Network 🔒 Cloud 🔒 Web Applications 📚

Web Application Penetration Testing tools and Materials for Ethical Hackers.