Alternatives and similar repositories for web-methodology

Users that are interested in web-methodology are comparing it to the libraries listed below

• doyensec / burpdeveltraining
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆353Updated 4 years ago
• Santandersecurityresearch / corsair_scan
  Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
  ☆122Updated 2 years ago
• absoluteappsec / handouts
  materials we hand out
  ☆146Updated 2 months ago
• appsecco / attacking-cloudgoat2
  A step-by-step walkthrough of CloudGoat 2.0 scenarios.
  ☆134Updated 5 years ago
• allyomalley / dnsobserver
  A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for…
  ☆191Updated 4 years ago
• jobertabma / transformations
  ☆173Updated 2 years ago
• security-prince / Resources-for-Application-Security
  Some good resources for getting started with application security
  ☆142Updated 4 years ago
• BishopFox / smogcloud
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆345Updated 4 years ago
• RhinoSecurityLabs / Swagger-EZ
  A tool geared towards pentesting APIs using OpenAPI definitions.
  ☆177Updated 2 years ago
• DigeeX / raider
  DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
  ☆139Updated 3 years ago
• NotSoSecure / cloud-service-enum
  ☆250Updated 11 months ago
• szski / shapeshifter
  GraphQL security testing tool
  ☆122Updated 3 years ago
• tomdev / teh_s3_bucketeers
  ☆275Updated 3 years ago
• koenrh / s3enum
  Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
  ☆250Updated last month
• JoshuaMart / AutoRecon
  Simple shell script for automated domain recognition with some tools
  ☆300Updated 4 years ago
• koenbuyens / Vulnerable-OAuth-2.0-Applications
  vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
  ☆316Updated last year
• BishopFox / dufflebag
  Search exposed EBS volumes for secrets
  ☆298Updated 2 years ago
• teknogeek / ssrf-sheriff
  A simple SSRF-testing sheriff written in Go
  ☆327Updated 7 months ago
• Static-Flow / gofingerprint
  GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fing…
  ☆203Updated 2 years ago
• codingo / crithit
  Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures t…
  ☆211Updated 5 years ago
• daeken / httprebind
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆303Updated 4 years ago
• N0MoreSecr3ts / wraith
  Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
  ☆206Updated 2 years ago
• fransr / bountyplz
  Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
  ☆454Updated 6 years ago
• cablej / FileChangeMonitor
  Continuous monitoring for JavaScript files
  ☆220Updated 5 years ago
• lc / secretz
  secretz, minimizing the large attack surface of Travis CI
  ☆326Updated 3 years ago
• AvasDream / pentesting-dockerfiles
  Pentesting/Bugbounty Dockerfiles.
  ☆177Updated 4 years ago
• detectify / ugly-duckling
  Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules
  ☆189Updated 3 years ago
• bytebutcher / burp-send-to
  Adds a customizable "Send to..."-context-menu to your BurpSuite.
  ☆159Updated 2 years ago
• prodigysml / Dr.-Watson
  Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…
  ☆216Updated 5 years ago
• opendevsecops / guide-aws-hacking
  This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS wea…
  ☆172Updated 6 years ago