ZAP
ArchiveBox
Our great sponsors
| ZAP | ArchiveBox | |
|---|---|---|
| 61 | 248 | |
| 11,965 | 19,672 | |
| 1.6% | 2.8% | |
| 9.2 | 9.7 | |
| 2 days ago | 7 days ago | |
| Java | Python | |
| Apache License 2.0 | MIT |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ZAP
-
Bruno
I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.
If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.
-
What is API Discovery, and How to Use it to Reduce Your Attack Surface
Implement tools like Burp Suite or OWASP ZAP for in-depth security scanning of your APIs.
-
Best Hacking Tools for Beginners 2024
OWASP ZAP
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
The use of capital punctuation implies a warning? an alert? Would this same response be warranted for Burp which is also a commercial, closed source product?
If this is an issue for some, then ZAP being open source[1] maybe favourable.
That said, Burp is the defacto tool for a reason - it's best in class. Every pentester I know, including myself, has a paid subscription. The fact that it's closed source hasn't been an issue.
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Briefly reviewed your product. Seems like OWASP ZAP is your competition: https://www.zaproxy.org/
It runs entirely in the browser so it uses the browser "native" frameworks.
-
Vulnerability Scanning of Node.js Applications
Dynamic analysis involves testing your application while it's running. Tools like OWASP ZAP and Burp Suite can help identify vulnerabilities like SQL injection or Cross-Site Scripting by sending malicious requests to your application and analyzing the responses.
-
Is this fraud? And if so, to what extent am I responsible?
> Lying is not an embellishment or puffery, it's a lie. Engaging a company for a 3 day pen test that's totally insufficient, that would be an embellishment.
I agree, but if the RFP question was phrased "have you done penetration testing?" then that leaves a lot of room for embellishment. If the question is "do you have SOC2 certification?" and you answer "yes" untruthfully, then that is a lie. If they ask for the SOC2 or pentest report and you give them a falsified document, that's where you're (probably) committing fraud.
> One of the most important part of pen tests is that they are external.
AWS/Google/etc have internal security teams doing their pen tests, so no, this isn't true.
> Just doing your job as an engineer and looking for bugs is not a pen test.
What about an engineer spending an afternoon running ZAP[0]?
> It's like saying, "what is an audit really? We have accountants and they check our books for anomalies."
Yeah, which is why you don't just ask a company "do you keep track of your finances?" if you're investing in them, you request external auditors.
-
The essential security checklist for user identity
In addition to manual security reviews, you can also implement DevSecOps practices to automate security checks. For example, you can set up a CI/CD pipeline to run static code analysis tools like CodeQL and automatically run penetration tests using tools like OWASP ZAP.
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
OWASP ZAP (open source)
-
How can i make web server from scratch
I would start by installing Burp Suite or OWASP Zap and seeing what the actual messages look like
ArchiveBox
-
Ask HN: What Underrated Open Source Project Deserves More Recognition?
Two projects I greatly appreciate, allowing me to easily archive my bandcamp and GOG purchases (after the initial setup anyways):
https://github.com/easlice/bandcamp-downloader
https://github.com/Kalanyr/gogrepoc
And I recently learned about archivebox, which I think is going to be a fast favorite and finally let me clear out my mess of tabs/bookmarks: https://github.com/ArchiveBox/ArchiveBox
- YaCy, a distributed Web Search Engine, based on a peer-to-peer network
-
Vice website is shutting down
If you really want to save the content for yourself, use something like https://archivebox.io/
I've been running a local instance for a few years now and download/save tech articles all time. I can search and find them as needed.
-
An Introduction to the WARC File
API is coming soon (relatively, it's still a one-man project)! Stay tuned https://github.com/ArchiveBox/ArchiveBox/issues/496
I have an event-sourcing refactor in progress now to allow us to pluginize functionality like the API (similar to Home Assistant with a plugin app sotre), it will take a month or two. Next up is the REST API using the new plugin system.
-
Ask HN: How can I back up an old vBulletin forum without admin access?
I guess your best chance is to use something like https://archivebox.io/.
-
ArchiveBox – open-source self-hosted web archiving
Yeah this is a cool project but it was discussed 2 days ago.
As mentioned by the maintainer there, they even maintain a list of alternatives, very classy:
https://github.com/ArchiveBox/ArchiveBox/wiki/Web-Archiving-...
- ArchiveBox: Open-source self-hosted web archiving
- Linkhut: A Social Bookmarking Site
- Show HN: Rem: Remember Everything (open source)
- Bookmark manager with a focus on organization?
What are some alternatives?
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
Wallabag - wallabag is a self hostable application for saving web pages: Save and classify articles. Read them later. Freely.
SonarQube - Continuous Inspection
paimon-moe - Your best Genshin Impact companion! Help you plan what to farm with ascension calculator and database. Also track your progress with todo and wish counter.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
SingleFile - Web Extension for saving a faithful copy of a complete web page in a single HTML file
SQLMap - Automatic SQL injection and database takeover tool
ArchivesSpace - The ArchivesSpace archives management tool
HTML Purifier - Standards compliant HTML filter written in PHP
grab-site - The archivist's web crawler: WARC output, dashboard for all crawls, dynamic ignore patterns
awesome-dva - A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
Archivematica - Free and open-source digital preservation system designed to maintain standards-based, long-term access to collections of digital objects.