The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 web-security Open-Source Projects
-
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DDoS-Ripper
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
GitHacker
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
-
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
-
cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
-
lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
-
xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
-
-
-
ronin-vulns
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
-
aizawa
Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: BunkerWeb: Nginx-based open-source Web Application Firewall (WAF) | news.ycombinator.com | 2024-01-09
Project mention: Using insecure npm package manager defaults to steal your macOS keyboard shortcuts | dev.to | 2023-06-29Many other JavaScript and Node.js security incidents are curated on the Awesome Node.js Security repository.
sudo apt install git git clone https://github.com/palahsu/DDoS-Ripper.git cd DDoS-Ripper $ ls $ python3 DRipper.pyИЛИpython2 DRipper.py
Project mention: Cherrybomb: Audit, validate and test API specifications | news.ycombinator.com | 2023-11-22
Nice to see more systems architected on object capabilities. It's a more practical security model than ACLs: https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
Or more succinctly:
> Capability-based security enables the concise composition of powerful patterns of cooperation without vulnerability.
from https://github.com/dckc/awesome-ocap
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
web-security related posts
- JavaScript-Native RPC to Cloudflare Workers
- What are polyglots and how to use them as a pentester
- Using insecure npm package manager defaults to steal your macOS keyboard shortcuts
- Guys, I taught ChatGPT to browse the internet and it is bloody amazing.
- Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
- Ignore 98% of dependency alerts: introducing Semgrep Supply Chain
- Ask HN: How do you deploy your weekend project in 2022?
-
A note from our sponsor - WorkOS
workos.com | 29 Apr 2024
Index
What are some of the best open-source web-security projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Mobile-Security-Framework-MobSF | 16,325 |
| 2 | hacker101 | 13,603 |
| 3 | Resources-for-Beginner-Bug-Bounty-Hunters | 10,141 |
| 4 | awesome-web-hacking | 5,432 |
| 5 | awesome-bugbounty-tools | 3,535 |
| 6 | BunkerWeb | 3,462 |
| 7 | awesome-nodejs-security | 2,567 |
| 8 | DDoS-Ripper | 1,897 |
| 9 | HackVault | 1,876 |
| 10 | lunasec | 1,406 |
| 11 | GitHacker | 1,323 |
| 12 | requests-ip-rotator | 1,227 |
| 13 | FavFreak | 1,071 |
| 14 | cherrybomb | 1,046 |
| 15 | lookyloo | 655 |
| 16 | xurlfind3r | 522 |
| 17 | firefly | 371 |
| 18 | VulnLab | 342 |
| 19 | awesome-ocap | 325 |
| 20 | jwt-pwn | 287 |
| 21 | web-hacking-toolkit | 155 |
| 22 | ronin-vulns | 53 |
| 23 | aizawa | 49 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com