tprynn / web-methodology

Related projects ⓘ

Alternatives and complementary repositories for web-methodology

• absoluteappsec / handouts
  materials we hand out
  ☆138Updated last month
• detectify / ugly-duckling
  Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules
  ☆188Updated 3 years ago
• doyensec / burpdeveltraining
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆347Updated 4 years ago
• codingo / bbr
  An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
  ☆205Updated 4 years ago
• BishopFox / smogcloud
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆332Updated 4 years ago
• RhinoSecurityLabs / Swagger-EZ
  A tool geared towards pentesting APIs using OpenAPI definitions.
  ☆169Updated 2 years ago
• NotSoSecure / cloud-service-enum
  ☆233Updated 4 months ago
• security-prince / Resources-for-Application-Security
  Some good resources for getting started with application security
  ☆136Updated 3 years ago
• N0MoreSecr3ts / wraith
  Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
  ☆206Updated last year
• DigeeX / raider
  DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
  ☆138Updated 3 years ago
• appsecco / attacking-cloudgoat2
  A step-by-step walkthrough of CloudGoat 2.0 scenarios.
  ☆133Updated 4 years ago
• codingo / crithit
  Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures t…
  ☆205Updated 4 years ago
• koenbuyens / Vulnerable-OAuth-2.0-Applications
  vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
  ☆307Updated 7 months ago
• AvasDream / pentesting-dockerfiles
  Pentesting/Bugbounty Dockerfiles.
  ☆173Updated 3 years ago
• DevSlop / Pixi
  The Pixi module is a MEAN Stack web app with wildly insecure APIs!
  ☆112Updated last year
• LewisArdern / metasecjs
  MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
  ☆78Updated last year
• szski / shapeshifter
  GraphQL security testing tool
  ☆118Updated 2 years ago
• cablej / FileChangeMonitor
  Continuous monitoring for JavaScript files
  ☆219Updated 4 years ago
• jobertabma / transformations
  ☆173Updated last year
• david3107 / graphql-security-labs
  GraphQL security workshop labs
  ☆102Updated 4 months ago
• tomdev / teh_s3_bucketeers
  ☆273Updated 3 years ago
• jeevan-singh / Security-Engineering-Training
  ☆33Updated 3 years ago
• we45 / DVFaaS-Damn-Vulnerable-Functions-as-a-Service
  Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
  ☆135Updated last year
• Santandersecurityresearch / corsair_scan
  Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
  ☆122Updated last year
• M507 / AWAE-Preparation
  This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.
  ☆234Updated 5 years ago
• Abss0x7tbh / bass
  Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers …
  ☆141Updated 7 months ago
• koenrh / s3enum
  Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
  ☆229Updated 2 weeks ago
• daeken / httprebind
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆293Updated 4 years ago
• trufflesecurity / of-CORS
  ☆146Updated last year