The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 web-security Open-Source Projects
-
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DDoS-Ripper
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
GitHacker
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
-
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
-
cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
-
lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
-
xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
-
ronin-vulns
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
-
aizawa
Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: BunkerWeb: Nginx-based open-source Web Application Firewall (WAF) | news.ycombinator.com | 2024-01-09
Project mention: Using insecure npm package manager defaults to steal your macOS keyboard shortcuts | dev.to | 2023-06-29Many other JavaScript and Node.js security incidents are curated on the Awesome Node.js Security repository.
sudo apt install git git clone https://github.com/palahsu/DDoS-Ripper.git cd DDoS-Ripper $ ls $ python3 DRipper.pyИЛИpython2 DRipper.py
Project mention: Cherrybomb: Audit, validate and test API specifications | news.ycombinator.com | 2023-11-22
Nice to see more systems architected on object capabilities. It's a more practical security model than ACLs: https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
Or more succinctly:
> Capability-based security enables the concise composition of powerful patterns of cooperation without vulnerability.
from https://github.com/dckc/awesome-ocap
web-security related posts
- JavaScript-Native RPC to Cloudflare Workers
- What are polyglots and how to use them as a pentester
- Using insecure npm package manager defaults to steal your macOS keyboard shortcuts
- Guys, I taught ChatGPT to browse the internet and it is bloody amazing.
- Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
- Ignore 98% of dependency alerts: introducing Semgrep Supply Chain
- Ask HN: How do you deploy your weekend project in 2022?
-
A note from our sponsor - WorkOS
workos.com | 29 Apr 2024
Index
What are some of the best open-source web-security projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Mobile-Security-Framework-MobSF | 16,325 |
2 | hacker101 | 13,603 |
3 | Resources-for-Beginner-Bug-Bounty-Hunters | 10,141 |
4 | awesome-web-hacking | 5,432 |
5 | awesome-bugbounty-tools | 3,535 |
6 | BunkerWeb | 3,462 |
7 | awesome-nodejs-security | 2,567 |
8 | DDoS-Ripper | 1,897 |
9 | HackVault | 1,876 |
10 | lunasec | 1,406 |
11 | GitHacker | 1,323 |
12 | requests-ip-rotator | 1,227 |
13 | FavFreak | 1,071 |
14 | cherrybomb | 1,046 |
15 | lookyloo | 655 |
16 | xurlfind3r | 522 |
17 | firefly | 371 |
18 | VulnLab | 342 |
19 | awesome-ocap | 325 |
20 | jwt-pwn | 287 |
21 | web-hacking-toolkit | 155 |
22 | ronin-vulns | 53 |
23 | aizawa | 49 |
Sponsored