web-security · GitHub Topics

MobSF （移动端安全框架）是一个自动化的移动端应用程序(Android/iOS/Windows)安全问题检出的框架和工具，可以进行静态和动态分析的渗透测试，恶意软件分析和安全评估

static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk REST API cwe owasp mstg masvs mastg

JavaScript 18.21 k

1 个月前

chaitin / SafeLine

#安全#SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Go 15.79 k

14 天前

Hacker0x01 / hacker101

#安全#Source code for Hacker101.com - a free online web and mobile security class.

翻译 - Hacker101.com的源代码-免费的在线Web和移动安全类。

教学 Hacking 安全 hackerone hacker101 xss clickjacking csrf web-security session-fixation sql-injection mobile-security vulnerability

SCSS 13.95 k

19 天前

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

翻译 - 那些有兴趣开始赏金的人的资源列表

bug-bounty-hunters hackers xss Bug Bounty learn2hack Hacking pentest web-security 教学 ssrf

11.08 k

8 个月前

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)

翻译 - nginx Docker镜像默认是安全的。

nginx modsecurity Docker 安全 dnsbl reverse-proxy bunkerized-nginx hardening web-security security-tuning Cybersecurity devsecops antibot letsencrypt swarm Kubernetes DevOps hosting waf web-application-firewall

Python 7.66 k

1 天前

infoslack / awesome-web-hacking

A list of web application security

penetration-testing web-hacking vulnerabilities scanner Hacking hacking-tools metasploit web-security appsec owasp pentesting 安全 vulnerability

6.08 k

3 个月前

vavkamil / awesome-bugbounty-tools

#Awesome#A curated list of various bug bounty tools

Awesome Lists Bug Bounty 工具安全 web-security

4.72 k

2 个月前

lirantal / awesome-nodejs-security

Awesome Node.js Security resources

Node.js 安全 Cybersecurity web-security owasp vulnerabilities pentest Hacktoberfest

2.79 k

14 天前

palahsu / DDoS-Ripper

#安全#DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

翻译 - DDos Ripper 一种可分发的拒绝服务 (DDOS) 攻击服务器，可在大量 Internet 流量中切断目标或周围的基础设施

ddos-attacks ddos-tool ddos-attack-tools ddos-protection ddos ddos-attack-tool denial-of-service attack-defense deface-website hacking-tools hacking-tool protection web-security 安全 sql-injection linux-tools

Python 2.3 k

9 个月前

0xSobky / HackVault

A container repository for my public web hacks!

payloads web-security pentesting tracking Fuzzing/Fuzz testing Regular expression reconnaissance xss Exploit

JavaScript 1.98 k

2 年前

qi4L / JYso

JNDIExploit or a ysoserial.

Java attack jndi-injection web-security mem-shell middleware-echo jndi ldap rmi gadget ysoserial

Java 1.55 k

1 天前

WangYihang / GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Git web-security

Python 1.49 k

2 个月前

lunasec-io / lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...

翻译 - LunaSec - 安全性和合规性 SDK，可阻止软件中的数据泄漏。只需几行代码，LunaSec 就在您的堆栈中添加了零信任架构、独特的每记录加密以及针对 XSS、SQL 注入和 RCE 等常见安全问题的保护。在这里现场试用：https://app.lunasec.dev

tokenization web-security compliance 安全 soc2 pci-dss gdpr zero-trust devsecops log4shell dependency-analysis scanning Cybersecurity scanning-tool cve-scanning sbom sbom-generator Continuous Delivery (CD)software-composition-analysis

TypeScript 1.45 k

10 个月前

Ge0rg3 / requests-ip-rotator

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

安全 ip bypass Network Amazon Web Services apigateway Bug Bounty web-security Hacktoberfest

Python 1.41 k

1 年前

4ra1n / super-xray

Web漏洞扫描工具XRAY的GUI启动器

vulnerability-scanners web-security

Java 1.28 k

2 年前

pushsecurity / saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

offensive-security Software as a service web-security

1.26 k

24 天前

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

firecracker 命令行界面 cyber Cybersecurity business-logic 安全 API api-security best-practices HTTP OpenAPI Specification openapi3 Open Source websecurity web-security

Rust 1.17 k

5 个月前