web-application-security

Automated NoSQL database enumeration and web application exploitation tool.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

The Offensive Manual Web Application Penetration Testing Framework.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Janusec Application Gateway, Provides Fast and Secure Application Delivery (Authentication, WAF/CC, HTTPS and ACME automatic certificates). JANUSEC应用网关，提供快速、安全的应用交付（身份认证, WAF/CC, HTTPS以及ACME自动证书）。

🎯 XML External Entity (XXE) Injection Payload List

GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others.

A cross-platform python based utility for information gathering and penetration testing automation!

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

PHP Security Check List [ EN ] 🌋 ☣️

🎯 RFI/LFI Payload List

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Sqreen's Application Security Management for the Go language

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

An application to catch, search and analyze HTTP secure headers.

a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

Information Security Library

An ultra-compact intro (or refresher) to Web Application Security.

PHP extension for web-application dynamic analysis.

|| Activate Burp Suite Pro with Loader and Key-Generator ||

Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan result.

Host Header Injection Scanner

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

📚 VPS 🔒 Network 🔒 Cloud 🔒 Web Applications 📚

Web Application Penetration Testing tools and Materials for Ethical Hackers.

F5 Agility Labs for Web Application Firewall Use Cases

🍭 Web Application Vulnerability Scanner 🍭

Plusfish is a classic web application vulnerability scanner/fuzzer and aimed at security professionals