koenbuyens/securityheaders

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/koenbuyens/securityheaders)

koenbuyens / securityheaders

Check any website (or set of websites) for insecure security headers.

☆255

Alternatives and similar repositories for securityheaders

Users that are interested in securityheaders are comparing it to the libraries listed below

Sorting:

dbohannon / MEANBug
View on GitHub
An invoice management application built on the MEAN stack with intentional vulnerabilities used to demonstrate insecure configurations an…
☆16Sep 4, 2020Updated 5 years ago
santoru / shcheck
View on GitHub
A basic tool to check security headers of a website
☆808Jan 18, 2026Updated last month
juerkkil / secheaders
View on GitHub
Python script to check HTTP security headers
☆68Nov 16, 2025Updated 3 months ago
mprunet / burp-scripting
View on GitHub
☆13Oct 3, 2023Updated 2 years ago
koenbuyens / Vulnerable-OAuth-2.0-Applications
View on GitHub
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
☆328Mar 27, 2024Updated last year
hakluke / ----svg-onload-alert---
View on GitHub
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…
☆11Apr 9, 2021Updated 4 years ago
koenbuyens / oauth-2.0-security-cheat-sheet
View on GitHub
oauth security guidelines
☆231Jun 25, 2019Updated 6 years ago
hyp3rlinx / NtFileSins
View on GitHub
Windows File Enumeration Intel Gathering Tool.
☆17Sep 4, 2023Updated 2 years ago
metalnas / loubia
View on GitHub
Python script to exploit java unserialize on t3 (Weblogic)
☆61Aug 9, 2017Updated 8 years ago
LewisArdern / eslint-plugin-prototype-pollution-security-rules
View on GitHub
☆16Oct 3, 2018Updated 7 years ago
ShutdownRepo / httpmethods
View on GitHub
HTTP verb tampering & methods enumeration
☆65Aug 4, 2025Updated 7 months ago
Shivangx01b / CorsMe
View on GitHub
Cross Origin Resource Sharing MisConfiguration Scanner
☆173Nov 17, 2021Updated 4 years ago
Snbig / HttpSecurityHeadersChecker
View on GitHub
Http Security Headers Checker Tool written in PHP Cli + Useful Tips to set Http Security Headers
☆10Mar 27, 2021Updated 4 years ago
GoSecure / goinsecure-deserialization
View on GitHub
Accompanying material needed for the workshop
☆11Jun 14, 2023Updated 2 years ago
Regala / burp-graphql-logger
View on GitHub
Burp Suite extension to log GraphQL operations as a comment
☆23Aug 9, 2021Updated 4 years ago
codewatchorg / Burp-IndicatorsOfVulnerability
View on GitHub
Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
☆41Dec 23, 2022Updated 3 years ago
doyensec / burpdeveltraining
View on GitHub
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
☆356Oct 14, 2020Updated 5 years ago
tls-attacker / TLS-Attacker-BurpExtension
View on GitHub
☆38Jul 3, 2020Updated 5 years ago
hakluke / hakcertstream
View on GitHub
Basic implementation of certstream to print new subdomains and domains
☆36Jul 6, 2021Updated 4 years ago
devanshbatham / ParamSpider
View on GitHub
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
☆3,012Jun 24, 2024Updated last year
purabparihar / Web-Application-Pentest-Checklist
View on GitHub
☆23Jun 30, 2021Updated 4 years ago
romanrounkle / burp_extensions
View on GitHub
Burp Suite Extensions
☆12Oct 19, 2021Updated 4 years ago
nccgroup / encoderama
View on GitHub
String or worldlist encoder for use in fuzzing or web application testing
☆19Sep 2, 2019Updated 6 years ago
nickmyb / android_security_zero_to_one
View on GitHub
☆15Feb 5, 2022Updated 4 years ago
obikuro / Sato
View on GitHub
SATO is a PowerShell tool focuses on providing flexible, multi-grant type support for obtaining, managing, and analyzing Azure tokens.
☆22Nov 24, 2025Updated 3 months ago
cosmoscrew / ssrf-playground
View on GitHub
A playground to practice SSRF Attacks against web apps
☆17Oct 15, 2018Updated 7 years ago
emgaurav / objectify-s3
View on GitHub
Objectify-s3 is a tool that recursively checks AWS S3 buckets and objects for misconfigured permissions.
☆14Aug 3, 2024Updated last year
mikesamuel / attack-review-testbed
View on GitHub
Make it easy to probe the strengths and weaknesses of a hardened Node.js stack
☆21May 3, 2019Updated 6 years ago
dubs3c / Injectus
View on GitHub
CRLF and open redirect fuzzer
☆112Aug 31, 2021Updated 4 years ago
andresriancho / enumerate-iam
View on GitHub
Enumerate the permissions associated with AWS credential set
☆1,222Feb 5, 2024Updated 2 years ago
aas-n / spraykatz
View on GitHub
Credentials gathering tool automating remote procdump and parse of lsass process.
☆782Jun 20, 2020Updated 5 years ago
unix-ninja / infosec-pastebin-scraper
View on GitHub
Scrape pastes from pastebin and archive them for review
☆17Mar 6, 2019Updated 6 years ago
ChrisCooney / fuzz-monkey
View on GitHub
Fuzzing tool written in Golang. Insane monkey not included.
☆12Feb 22, 2018Updated 8 years ago
OpenSecurityResearch / CustomPassiveScanner
View on GitHub
A Custom Scanner for Burp
☆31Mar 26, 2014Updated 11 years ago
d4rk007 / RedGhost
View on GitHub
Linux post exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and l…
☆542Apr 14, 2021Updated 4 years ago
tprynn / web-methodology
View on GitHub
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
☆211Oct 31, 2024Updated last year
wdahlenburg / CVESearch
View on GitHub
Query various sources for CVE proof-of-concepts
☆53Jun 1, 2023Updated 2 years ago
NitinYadav00 / gf-patterns
View on GitHub
Some of the gf patterns which i use
☆44Jan 19, 2022Updated 4 years ago
NotSoSecure / udp-hunter
View on GitHub
Network assessment tool for various UDP Services covering both IPv4 and IPv6 protocols
☆116Feb 26, 2020Updated 6 years ago