abigailajohn / VVMA
Very Vulnerable Management API (VVMA) is a deliberately insecure RESTful API built with Node.js for educational and testing purposes. It includes vulnerabilities from the OWASP Top 10 API, allowing learners, security professionals, and developers to explore and understand common API security flaws.
☆14Updated last month
Alternatives and similar repositories for VVMA:
Users that are interested in VVMA are comparing it to the libraries listed below
- Scripts, files, cheatsheets and more used for pentesting and my OSWE / AWAE exam.☆86Updated last week
- ☆46Updated last month
- SubOwner - A Simple tool check for subdomain takeovers.☆112Updated 6 months ago
- Bug Bounty Web and API Payloads☆34Updated 5 months ago
- A passive way to find backups/ sensitive information.☆77Updated 3 weeks ago
- ☆89Updated 3 weeks ago
- ☆122Updated last month
- Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts☆59Updated 6 months ago
- ☆42Updated 3 years ago
- IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applicatio…☆97Updated 3 weeks ago
- A collection of slides and presentations from BSides Ahmedabad 2024, held on October 12th and 13th. This repository features key insights…☆37Updated 6 months ago
- 🪄 XSSDynaGen is a tool designed to analyze URLs with parameters, identify the characters allowed by the server, and generate advanced XS…☆51Updated 3 months ago
- The repository contains useful GitHub dorks for finding open-source vulnerabilities.☆73Updated last year
- Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit☆73Updated 3 weeks ago
- This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer whil…☆43Updated last month
- Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unw…☆90Updated 8 months ago
- This repository contains my writeups for the labs in PortSwigger's Web Security Academy platform. Each lab writeup includes the lab's nam…☆92Updated 3 months ago
- ☆78Updated 2 years ago
- Organize, track, and share vulnerability findings effortlessly. This Burp Suite extension integrates with Obsidian, offering a proven not…☆27Updated 3 weeks ago
- 🔍 LFIer is a powerful and efficient tool for detecting Local File Inclusion (LFI) vulnerabilities in web applications.☆53Updated 4 months ago
- ⚡ XSSuccessor is a powerful, asynchronous Cross-Site Scripting (XSS) detection tool.☆53Updated 3 months ago
- INE eCPPTv3 Cheat Sheet / Course Notes. You'll find my comprehensive course notes, which also serve as cheat sheets for the eCPPTv3 cours…☆31Updated 5 months ago
- ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. It crawls a target website, extracts GET…☆55Updated 2 months ago
- ☆82Updated 3 weeks ago
- ☆41Updated 6 months ago
- Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a var…☆37Updated last week
- This repository contains information on the CVEs I found.☆44Updated last year
- INE Training Notes☆28Updated 2 weeks ago
- A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed…☆64Updated 2 months ago
- ☆118Updated last year