Alternatives and similar repositories for flask-webgoat:

Users that are interested in flask-webgoat are comparing it to the libraries listed below

• PortSwigger / auth-matrix
  AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
  ☆40Updated last year
• janmasarik / bugshop
  ☆44Updated 4 years ago
• PortSwigger / scan-check-builder
  Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
  ☆71Updated 3 years ago
• Rhynorater / reports
  ☆59Updated 8 months ago
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆88Updated last year
• parsiya / eslinter
  Manual JavaScript Linting is a Bug
  ☆49Updated 4 years ago
• federicodotta / semgrep-rules
  A collection of my Semgrep rules
  ☆48Updated last year
• synopsys-sig / ATOR-Burp
  ☆79Updated 11 months ago
• TROUBLE-1 / Type-juggling
  Lab that will help you to understand how type juggling vulnerability works.
  ☆22Updated 4 years ago
• BlackFan / cspp-tools
  Client-Side Prototype Pollution Tools
  ☆84Updated 3 years ago
• opnsec / postMessage-logger
  Simple "postMessage logger" Chrome extension
  ☆96Updated 4 years ago
• vavkamil / XSSwagger
  A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks
  ☆58Updated 5 years ago
• PortSwigger / nginx-alias-traversal
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆53Updated 3 years ago
• topavankumarj / CORS-Exploit-Script
  ☆39Updated last year
• physics-sec / DetectCrossOriginMessaging
  This Burp extension helps you to find usages of postMessage and recvMessage
  ☆15Updated 5 years ago
• jorritfolmer / vulnerable-api
  Enhanced fork with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops
  ☆42Updated last year
• LewisArdern / metasecjs
  MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
  ☆80Updated 2 years ago
• rootxharsh / workshoplabs
  Labs from our workshop "Demystifying the server-side".
  ☆17Updated 2 years ago
• random-robbie / ssrf-finder
  Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
  ☆107Updated 3 years ago
• lc / jenkinz
  jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.
  ☆67Updated 5 years ago
• fransr / hot-jar-swapping-urlclassloader
  Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
  ☆31Updated 2 years ago
• doyensec / confuser
  Dependency Confusion Security Testing Tool
  ☆47Updated 2 years ago
• hvqzao / java-deserialize-webapp
  Vulnerable webapp testbed
  ☆20Updated 8 years ago
• err0rr / SSTI
  ☆38Updated 5 years ago
• BuffaloWill / burpsuite-project-file-parser
  A Burp Suite Extension for parsing Project Files from the CLI.
  ☆87Updated 6 months ago
• tdr130 / assetnote
  Push notifications for passive DNS data
  ☆108Updated 8 years ago
• justmorpheus / burp-automation
  Performing automated scan using Burp Suite Pro & Vmware Burp Rest API
  ☆49Updated 2 years ago
• ettic-team / EndpointFinder-Burp
  ☆32Updated 5 years ago
• luh2 / DetectDynamicJS
  The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…
  ☆65Updated 4 years ago
• GovTech-CSG / ProxyAgent
  ☆64Updated 3 years ago