Alternatives and similar repositories for Web-CTF-Challenges

Users that are interested in Web-CTF-Challenges are comparing it to the libraries listed below

• BlackFan / cspp-tools
  Client-Side Prototype Pollution Tools
  ☆84Updated 3 years ago
• neex / ghostinthepdf
  ☆167Updated 3 years ago
• detectify / Varnish-H2-Request-Smuggling
  ☆56Updated 3 years ago
• defparam / haptyc
  ☆94Updated 3 years ago
• smiegles / extract-relative-url-heapsnapshot
  Extract relative urls from a heap snapshot
  ☆87Updated 4 years ago
• Cache-Money / chronorace
  ☆71Updated 3 years ago
• Rhynorater / reports
  ☆59Updated 11 months ago
• janmasarik / bugshop
  ☆44Updated 5 years ago
• emadshanab / Huge_DIR_wordlist
  ☆48Updated 4 years ago
• OlivierLaflamme / Auditing-Vulnerabilities
  In this repository I'll host my research and methodologies for auditing vulnerabilities
  ☆30Updated 5 years ago
• terjanq / same-origin-xss
  Same Origin XSS challenge
  ☆61Updated 3 years ago
• assetnote / h2csmuggler
  ☆74Updated last year
• ptswarm / ptswarm-twitter
  ☆76Updated 4 years ago
• GoSecure / xxe-workshop
  Workshop given at Hack in Paris 2019
  ☆122Updated 2 years ago
• doyensec / confuser
  Dependency Confusion Security Testing Tool
  ☆47Updated 2 years ago
• pelaohxc / postMessageFinder
  ☆37Updated 4 years ago
• random-robbie / ssrf-finder
  Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
  ☆109Updated 3 years ago
• Universe1122 / smuggler.py
  HTTP request smuggling tools
  ☆18Updated 4 years ago
• synopsys-sig / ATOR-Burp
  ☆82Updated last year
• TROUBLE-1 / Type-juggling
  Lab that will help you to understand how type juggling vulnerability works.
  ☆22Updated 4 years ago
• dariusztytko / vhosts-sieve
  Searching for virtual hosts among non-resolvable domains
  ☆88Updated 5 years ago
• war-and-code / akamai-arl-hack
  Script to test open Akamai ARL vulnerability.
  ☆71Updated 3 years ago
• fransr / hot-jar-swapping-urlclassloader
  Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
  ☆31Updated 2 years ago
• defparam / h1stats
  a tool that compiles a csv of all h1 program stats
  ☆47Updated last year
• GovTech-CSG / Autowasp
  BurpSuite Extension: A one-stop pen testing checklist and logger tool
  ☆75Updated 2 years ago
• 0xGodson / blogs
  ✨ Build a beautiful and simple website in literally minutes. Demo at https://beautifuljekyll.com
  ☆21Updated 2 years ago
• pimps / gopher-tomcat-deployer
  Gopher Tomcat Deployer
  ☆48Updated 6 years ago
• 303sec / log4shell-everywhere
  A Burp Suite extension which augments your proxy traffic by injecting log4shell payloads into headers
  ☆42Updated 3 years ago
• w9w / bugbounty_changelogs
  ☆57Updated 5 months ago
• riramar / DesyncCL0
  A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
  ☆36Updated 2 years ago