403fuzzer
www-project-secure-headers
403fuzzer | www-project-secure-headers | |
---|---|---|
2 | 3 | |
181 | 122 | |
- | 3.3% | |
6.9 | 8.9 | |
almost 3 years ago | 4 days ago | |
Python | Python | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
403fuzzer
- Kali Linux - Finding the required user agent when /robots.txt is not available
-
Which wordlist to use for enumeration in oscp?
Ohhhh yesss the status codes! Oh god I used to overlook the 403’s man. Until one day I came across a box that had the vulnerability in bypassing a 403. I use this one now https://github.com/intrudir/403fuzzer
www-project-secure-headers
-
SAP Commerce Cloud and Broken Smart Edit
That is probably a consequence of SAP internal security audit OWASP Secure Headers X-Frame-Options.
-
Mastering Response Headers in Express.js: Best Practices for Security and Performance
OWASP Secure Headers Project: https://owasp.org/www-project-secure-headers/
- www-project-secure-headers: The OWASP Secure Headers Project
What are some alternatives?
SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
SecureHTTP_ResponseHeaderCheck - Python and PowerShell(5) script that will take a list of URL's as import and export csv with secure header details if found theres a 200 response. Also includes redirects.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
whisper-asr-webservice - OpenAI Whisper ASR Webservice API
dirsearch - Web path scanner
SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
webdork - A Python tool to automate some dorking stuff to find information disclosures.