Web Application Security
☆131Jan 6, 2026Updated 2 months ago
Alternatives and similar repositories for WebAppSec
Users that are interested in WebAppSec are comparing it to the libraries listed below
Sorting:
- Web Application Security related tools. Includes backdoors, proof of concepts and tricks☆37Oct 21, 2014Updated 11 years ago
- Scripts that I've written that others may find useful☆14Aug 17, 2022Updated 3 years ago
- Image size issues plugin for Burp Suite☆95Jun 27, 2018Updated 7 years ago
- ☆128Oct 19, 2016Updated 9 years ago
- ☆18Oct 11, 2018Updated 7 years ago
- ☆44Sep 28, 2016Updated 9 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆378Oct 12, 2020Updated 5 years ago
- A collection of all the lists, scripts and techniques I use while doing web application penetration tests.☆168Feb 29, 2016Updated 10 years ago
- Merge results from NMAP and Masscan into one CSV file☆18Jun 19, 2018Updated 7 years ago
- A mass subdomain (Subbrute) + poodle vulnerability scanner☆75Oct 31, 2018Updated 7 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆260Aug 22, 2021Updated 4 years ago
- Nodejs application intentionally vulnerable to SSRF☆42May 12, 2023Updated 2 years ago
- ☆11Apr 18, 2018Updated 7 years ago
- Proof of Concepts, Exploits☆28Apr 8, 2025Updated 11 months ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆140Feb 18, 2021Updated 5 years ago
- a tiny tool for swf hacking, just browse it:)☆243Mar 13, 2013Updated 13 years ago
- Lair Framework dockerized.☆38Apr 17, 2021Updated 4 years ago
- A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network☆573Dec 9, 2017Updated 8 years ago
- A Custom Scanner for Burp☆31Mar 26, 2014Updated 11 years ago
- Blind SQL injection exploitation tool written in ruby.☆99Dec 1, 2024Updated last year
- A Burp Plugin for Detecting Weaknesses in Content Security Policies☆166May 19, 2023Updated 2 years ago
- My collection of exploit development skeletons for fuzzing, overwriting the stack, remote code execution, etc.☆16Mar 19, 2025Updated last year
- Scripts and tools for AWS Pentest☆53Oct 22, 2020Updated 5 years ago
- An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match☆42Sep 24, 2012Updated 13 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,135Dec 16, 2024Updated last year
- Exploit insecure crossdomain.xml files.☆26Apr 25, 2017Updated 8 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆563Aug 25, 2022Updated 3 years ago
- Tools of "The Bug Hunters Methodology V2 by @jhaddix"☆201Aug 11, 2017Updated 8 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Chrome Extension for XSS Hunter Payloads☆42Sep 7, 2016Updated 9 years ago
- A deliberately vulnerable modern day app with lots of DOM related bugs☆35May 19, 2019Updated 6 years ago
- scripts used in my pentest work.☆44Jan 14, 2016Updated 10 years ago
- Automated Responder/secretsdump.py cracking☆187May 16, 2016Updated 9 years ago
- Burp Suite extension to passively scan for applications revealing server error messages☆64Dec 15, 2023Updated 2 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- Nmap enumeration and script scan automation script☆38Mar 7, 2023Updated 3 years ago
- ☆122Mar 27, 2017Updated 8 years ago
- ☆332Jan 8, 2018Updated 8 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆406Updated this week