#

web-application-security

Here are 229 public repositories matching this topic...

codingo / NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

Updated Feb 20, 2026
Python

owtf / owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

python security framework owasp pentest kali-linux owtf web-application-security

Updated May 9, 2026
TypeScript

0xInfection / TIDoS-Framework

The Offensive Manual Web Application Penetration Testing Framework.

osint enumeration exploitation vulnerability-detection web-penetration-testing intelligence-gathering web-application-security reconnaissance footprinting vulnerability-analysis web-fuzzer scanning-enumeration tidos-framework

Updated Apr 19, 2023
Python

wallarm / gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

security waf owasp bugbounty web-application-firewall security-tools web-application-security security-testing graphql-security api-security rest-security grpc-security

Updated Jul 31, 2025
Go

codingo / VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Updated Aug 18, 2025
Python

Janusec / janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

golang security acme gateway waf sql-injection application-security web-application-firewall port-forwarding gslb web-application-security web-ssh cookie-banner application-gateway load-balance janusec-application-gateway janusec k8s-ingress-controller cookie-compliance

Updated Aug 23, 2025
Go

lonkero

bountyyfi / lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Updated May 26, 2026
Rust

Mehdi0x90 / Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Updated Nov 19, 2025

pentest

ZishanAdThandar / pentest

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Updated Apr 26, 2026
PHP

api-firewall

wallarm / api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Updated Apr 3, 2026
Go

DoS0x99 / cyber-security-books

A collection of FREE cyber security books

cryptography books reverse-engineering forensics software-security network-security web-application-security software-exploitation hardware-sec

Updated Jul 14, 2025

vatsalgupta67 / All-In-One-CyberSecurity-Resources

List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

learning awesome hacking resources cybersecurity penetration-testing collections infosec awesome-list ics binary-exploitation scada web-application-security redteaming prerequisites exploit-development

Updated Aug 9, 2024

ImAyrix / fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

xss wordlist penetration-testing web-security bugbounty pentest wordlist-generator ssrf web-application-security bug-bounty-hunters

Updated Aug 25, 2024
Go

Anon-Exploiter / SiteBroker

A cross-platform python based utility for information gathering and penetration testing automation!

python docker-image penetration-testing information-gathering web-application-security wapt cross-platform-python penetration-automation

Updated May 19, 2024
Python

gildasio / h2t

h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply

http security hardening headers defense web-application-security

Updated Jan 7, 2026
Python

mhmdiaa / second-order

Second-order subdomain takeover scanner

security crawler mapping crawling wordlist penetration-testing infosec pentesting recon wordlist-generator security-tools web-application-security reconnaissance penetration-testing-tools

Updated Mar 29, 2026
Go

migueltc13 / TryHackMe

Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.

cryptography osint hacking penetration-testing learn ctf exploitation collaborate ctf-tools web-application-security ctf-challenges injection-attacks linux-privilege-escalation tryhackme tryhackme-writeups network-scanning-and-enumeration metasploit-and-exploitation password-cracking-and-hash-cracking owasp-top-10-vulnerabilities

Updated Sep 20, 2025
Shell

PalindromeLabs / STEWS

A Security Tool for Enumerating WebSockets

security websocket websockets penetration-testing web-application-security penetration-testing-tools websockets-security websocket-security

Updated Jan 10, 2022
Python

cut-cdn

ImAyrix / cut-cdn

✂️ Removing CDN IPs from the list of IP addresses

golang cdn web-application penetration-testing recon bugbounty pentest web-application-security reconnaissance bugbounty-tool

Updated Jul 22, 2025
Go

PalindromeLabs / awesome-websocket-security

Awesome information for WebSockets security research

security websocket websockets security-tools web-application-security websockets-security websocket-security

Updated Jan 10, 2022

Improve this page

Add a description, image, and links to the web-application-security topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the web-application-security topic, visit your repo's landing page and select "manage topics."