Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
☆211Oct 31, 2024Updated last year
Alternatives and similar repositories for web-methodology
Users that are interested in web-methodology are comparing it to the libraries listed below
Sorting:
- ☆24Jan 26, 2021Updated 5 years ago
- ☆46Sep 10, 2020Updated 5 years ago
- sub domain wild card filtering tool☆40Apr 18, 2020Updated 5 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 3 months ago
- differer finds how URLs are parsed by different languages in order to help bug hunters break filters☆63May 3, 2020Updated 5 years ago
- A checklist of practices for organizations dealing with account takeover (ATO)☆276Oct 4, 2024Updated last year
- Find cloud assets that no one wants exposed 🔎 ☁️☆348Jul 20, 2020Updated 5 years ago
- Clientside vulnerability / reflected xss fuzzer☆149Jul 29, 2023Updated 2 years ago
- A golang utility to spider through a website searching for additional links.☆343Nov 7, 2020Updated 5 years ago
- ☆129Jun 15, 2020Updated 5 years ago
- A collection of scripts for bug-bounty related stuff☆39Sep 4, 2020Updated 5 years ago
- A wrapper around jq, to help you parse jq output!☆30Aug 23, 2020Updated 5 years ago
- A tools for JavaScript Recon☆24Jul 25, 2020Updated 5 years ago
- Client Side Prototype Pollution Scanner☆523Sep 17, 2022Updated 3 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆778Aug 19, 2024Updated last year
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆156Nov 24, 2023Updated 2 years ago
- The Web Security Testing Guide is a comprehensive open source guide to testing the security of web applications and web services.☆31Oct 27, 2025Updated 4 months ago
- Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.☆1,405Feb 10, 2026Updated 2 weeks ago
- ☆14Jul 13, 2020Updated 5 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,062Jan 2, 2024Updated 2 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- Dump all available paths and/or endpoints on WADL file.☆98Nov 24, 2025Updated 3 months ago
- SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibil…☆156Aug 21, 2020Updated 5 years ago
- ☆707Nov 27, 2024Updated last year
- xss development frameworks, with the goal of making payload writing easier.☆153Aug 7, 2024Updated last year
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆260Oct 16, 2022Updated 3 years ago
- GraphQL automatic fuzzing tool☆16Jul 16, 2021Updated 4 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆29Sep 16, 2018Updated 7 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆642Jul 7, 2025Updated 7 months ago
- Ffuf output browser☆39Feb 25, 2023Updated 3 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆953Dec 31, 2021Updated 4 years ago
- 3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company☆47Sep 19, 2022Updated 3 years ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- A natural evolution of Burp Suite's Repeater tool☆201Feb 9, 2024Updated 2 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…☆1,024Feb 22, 2026Updated last week
- This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…☆2,802Sep 17, 2024Updated last year