dagheyman / awesome-product-securityLinks
πA curated list of product security resources.
β20Updated last month
Alternatives and similar repositories for awesome-product-security
Users that are interested in awesome-product-security are comparing it to the libraries listed below
Sorting:
- HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enabβ¦β40Updated 3 years ago
- GCP GOAT is the vulnerable application for learn the GCP Securityβ64Updated last month
- β56Updated 2 years ago
- A web security research tool for DOM testingβ21Updated this week
- Scripts and misc. stuff related to the PortSwigger Web Academyβ17Updated 3 years ago
- moniorg is a tool that leverages crt.sh website to monitor domains of a targetβ47Updated 2 years ago
- Blogpost series showcasing interesting cloud - web app security bugsβ49Updated 2 years ago
- Jumpstart multiple WebSocket servers quicklyβ31Updated 3 years ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services β¦β49Updated 2 years ago
- New Framework Red Team Operationsβ18Updated 4 years ago
- A not-curated list of cloud hacking labsβ25Updated last year
- β57Updated 2 years ago
- β12Updated 3 years ago
- Run Capture the Flags and Security Trainings with OWASP WrongSecretsβ49Updated this week
- Top 2025 Vulnerabilities You Shouldnβt Accept in a Pentest Reportβ13Updated 5 months ago
- Do It Yourself! (DIY) Web Penetration Testing is a guideline in performing security test cases against web applicationsβ39Updated last year
- Enumerate AWS permissions and resources.β69Updated 3 years ago
- Manage attack surface data on Elasticsearchβ22Updated last year
- Comprehensive AWS cloud reconnaissance and privilege escalation toolkit written in Python. Features IAM, EC2, S3, Lambda, ECS, Secrets Maβ¦β41Updated last week
- β22Updated last month
- This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)β44Updated 2 years ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a pβ¦β30Updated 6 months ago
- Additional active scan checks for BURPβ27Updated 9 months ago
- Tools and Scripts used in CRTPβ12Updated 5 years ago
- Checks whether a domain is hosted on a cloud service such as AWS, Azure or CloudFlareβ59Updated 2 years ago
- β90Updated 3 years ago
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilitiesβ27Updated 3 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β42Updated last year
- β50Updated last year
- InfoSec OpenAI Examplesβ19Updated last year