Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
☆211Oct 31, 2024Updated last year
Alternatives and similar repositories for web-methodology
Users that are interested in web-methodology are comparing it to the libraries listed below
Sorting:
- ☆46Sep 10, 2020Updated 5 years ago
- ☆24Jan 26, 2021Updated 5 years ago
- sub domain wild card filtering tool☆40Apr 18, 2020Updated 5 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆356Oct 14, 2020Updated 5 years ago
- differer finds how URLs are parsed by different languages in order to help bug hunters break filters☆63May 3, 2020Updated 5 years ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆347Jul 20, 2020Updated 5 years ago
- List HackerOne private program assets☆154Jun 24, 2021Updated 4 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 4 months ago
- A wrapper around jq, to help you parse jq output!☆30Aug 23, 2020Updated 5 years ago
- The Web Security Testing Guide is a comprehensive open source guide to testing the security of web applications and web services.☆31Oct 27, 2025Updated 4 months ago
- A golang utility to spider through a website searching for additional links.☆343Nov 7, 2020Updated 5 years ago
- A collection of scripts for bug-bounty related stuff☆39Sep 4, 2020Updated 5 years ago
- ☆129Jun 15, 2020Updated 5 years ago
- A checklist of practices for organizations dealing with account takeover (ATO)☆276Oct 4, 2024Updated last year
- Clientside vulnerability / reflected xss fuzzer☆149Jul 29, 2023Updated 2 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆259Oct 16, 2022Updated 3 years ago
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆156Nov 24, 2023Updated 2 years ago
- Client Side Prototype Pollution Scanner☆523Sep 17, 2022Updated 3 years ago
- GraphQL automatic fuzzing tool☆16Jul 16, 2021Updated 4 years ago
- ☆705Nov 27, 2024Updated last year
- Terraform configuration to build a Burp Private Collaborator Server☆29Sep 16, 2018Updated 7 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆641Jul 7, 2025Updated 8 months ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,063Jan 2, 2024Updated 2 years ago
- Dump all available paths and/or endpoints on WADL file.☆98Nov 24, 2025Updated 3 months ago
- xss development frameworks, with the goal of making payload writing easier.☆154Aug 7, 2024Updated last year
- ☆14Jul 13, 2020Updated 5 years ago
- Script for monitoring changes in javascript files on WebApps for offensive reconnaissance.☆28Aug 4, 2021Updated 4 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.☆1,410Feb 10, 2026Updated last month
- Visualize your Terraform files☆34Sep 9, 2020Updated 5 years ago
- Ffuf output browser☆39Feb 25, 2023Updated 3 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆779Aug 19, 2024Updated last year
- Benchmarking repo for secrets scanning☆243Aug 18, 2024Updated last year
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- Reverse proxies cheatsheet☆1,855Nov 4, 2023Updated 2 years ago
- ☆28Sep 25, 2020Updated 5 years ago
- Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations☆85Mar 14, 2026Updated last week
- MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts☆82Feb 4, 2023Updated 3 years ago