google / security-crawl-mazeLinks
Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.
☆163Updated last year
Alternatives and similar repositories for security-crawl-maze
Users that are interested in security-crawl-maze are comparing it to the libraries listed below
Sorting:
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆227Updated last year
- Application and Service Fingerprinting☆133Updated 2 years ago
- Cure53 Browser Security White Paper☆299Updated 7 years ago
- Finding potential software vulnerabilities from git commit messages☆417Updated 2 years ago
- XS-Leaks Wiki☆169Updated 4 months ago
- Generic SAST Library☆132Updated 4 months ago
- OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.☆111Updated 2 years ago
- Security contract types☆60Updated 3 years ago
- ☆107Updated last week
- Go static analysis tool that checks for security issues using an AST.☆29Updated 6 years ago
- Benchmarking repo for secrets scanning☆239Updated last year
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆153Updated last year
- secretz, minimizing the large attack surface of Travis CI☆328Updated 3 years ago
- The request.bin of DNS request☆236Updated 7 years ago
- A Node.js vulnerability finding tool.☆96Updated 2 months ago
- A Chrome extension static analysis tool to help aide in security reviews.☆157Updated 2 years ago
- ☆371Updated 8 months ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆403Updated 8 years ago
- ☆252Updated 4 years ago
- Evenly distributes scanner load across targets☆92Updated 6 months ago
- Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"☆210Updated 2 years ago
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆50Updated 7 years ago
- AutoTriageBot automatically verifies, deduplicates, and suggests payouts for incoming HackerOne reports.☆56Updated 3 years ago
- A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)☆467Updated last year
- ☆183Updated 8 months ago
- ☆74Updated 5 years ago
- ☆272Updated 2 years ago
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆139Updated 5 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆77Updated 5 years ago
- A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a la…☆141Updated last year