Build software better, together

vitalysim / Awesome-Hacking-Resources

A collection of hacking / penetration testing resources to make you better!

ctf hacking privilege-escalation reverse-engineering buffer-overflow penetration-testing owasp exploit malware windows-privilege-escalation privilege-escalation-linux mitm

Updated Oct 7, 2018

paragonie / awesome-appsec

3.4k

A curated list of resources for learning about application security

security-experts reading-list curated application-security security owasp

PHP Updated Oct 21, 2018 1 issue needs help

bkimminich / juice-shop

1.5k

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which enco…

owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf

JavaScript Updated Nov 19, 2018 7 issues need help

caffix / amass

1.3k

In-Depth DNS Enumeration and Network Mapping

go dns subdomain enumeration recon maltego owasp

Go Updated Nov 14, 2018

microcosm-cc / bluemonday

1k

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content …

sanitization html security xss go owasp whitelist

Go Updated Aug 19, 2018

owtf / owtf

1k

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more eff…

security owasp owtf python pentest kali-linux automation framework web-application-security web-security tornado mitm react

Python Updated Nov 5, 2018 11 issues need help

flipkart-incubator / Astra

958

Automated Security Testing For REST API's

security restapiautomation python owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automation

Python Updated Oct 30, 2018 1 issue needs help

find-sec-bugs / find-sec-bugs

817

🐛 The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy …

findbugs java security-audit owasp taint-analysis code-analysis security bytecode cwe static-analysis

Java Updated Nov 17, 2018 7 issues need help

DefectDojo / django-DefectDojo

630

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlation

Python Updated Nov 18, 2018

zdresearch / OWASP-Nettacker

437

Automated Penetration Testing Framework

python penetration-testing penetration-testing-framework owasp automation portscanner vulnerability-scanners information-gathering network-analysis bruteforce

Python Updated Nov 7, 2018 10 issues need help

1N3 / BlackWidow

423

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Python Updated Nov 8, 2018

zdresearch / OWASP-ZSC

422

OWASP ZSC - Shellcode/Obfuscate Code Generator

shellcode python assembly obfuscator owasp linux windows osx

Python Updated Apr 24, 2018

OWASP / Amass

383

In-Depth DNS Enumeration and Network Mapping

go dns subdomain enumeration recon maltego owasp

Go Updated Nov 19, 2018

rezasp / joomscan

351

OWASP Joomla Vulnerability Scanner Project

owasp joomla joomla-cms joomscan vunerability scanner vulnerability-scanners exploit 0day

Perl 6 Updated Oct 21, 2018

lirantal / awesome-nodejs-security

303

Awesome Node.js Security resources

nodejs security cybersecurity web-security owasp vulnerabilities pentest infosec

Updated Nov 5, 2018

stanislav-web / OpenDoor

286

OWASP WEB Directory Scanner

dirscanner scanner owasp dir-scanner dir-search directories-scanner bruteforce pentest blackarch proxies dirsearch

Python Updated Jul 3, 2018

rezasp / vbscan

250

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

owasp vbscan vbulletin vulnerability vulnerability-scanners exploit

Perl Updated Sep 17, 2018

interference-security / DVWS

234

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server…

websockets vulnerabilities php mysql ratchet owasp

PHP Updated Jun 13, 2018

0xRadi / OWASP-Web-Checklist

220

OWASP Web Application Security Testing Checklist

owasp

Updated Aug 20, 2018

OWASP / glue

217

Application Security Automation

ci-cd devsecops tool owasp

Ruby Updated Nov 16, 2018 4 issues need help

appsecco / dvna

207

Damn Vulnerable NodeJS Application

nodejs dvna vulnerable-apps vulnerable security owasp-top-10 owasp hack testing

CSS Updated Nov 14, 2018

DependencyTrack / dependency-track

205

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify…

Java Updated Nov 19, 2018 4 issues need help

cr0hn / nosqlinjection_wordlists

184

This repository contains payload to test NoSQL Injections

wordlist payload nosql-injections mongodb injection owasp

Updated Jun 22, 2017

stevespringett / dependency-check-sonar-plugin

150

Integrates Dependency-Check reports into SonarQube

owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-security

Java Updated Nov 17, 2018 2 issues need help

security-code-scan / security-code-scan

138

Static code analyzer for .NET

security static code analysis roslyn dotnet scan scanner analyzer owasp static-analysis static-code-analysis

C# Updated Nov 19, 2018

mebjas / CSRF-Protector-PHP

120

CSRF Protector library: standalone library for CSRF mitigation

csrf-protector php standalone-library security csrf owasp

PHP Updated Sep 30, 2018 1 issue needs help

thesp0nge / owasp-orizon

109

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

owasp java j2ee static-code-analysis vulnerability-scanners code-review

Java Updated Mar 23, 2017

bkimminich / juice-shop-ctf

106

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

owasp ctf ctfd application-security capture-the-flag pentesting hacking owasp-juice-shop ctfd-database ctfd-setup

JavaScript Updated Nov 13, 2018

albuch / sbt-dependency-check

104

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabil…

sbt sbt-plugin owasp-dependencycheck cve scala vulnerabilities nvd appsec software-security security owasp static-analysis vulnerability-scanners

Scala Updated Nov 18, 2018

hsfareed / Resources-for-learning-ethical-hacking

96

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

penetration-testing hacking learning-hacking web-hacking exploitation youtube-channel hackers owasp vulnerable-applications resources

Updated Nov 10, 2018