webpentest

This course uses a deliberately vulnerable banking application to demonstrate common security vulnerabilities, their impact, and how to fix them. The application is built with Flask (backend) and React (frontend).

python flask security hacking ctf-writeups ctf pentest codereview dvwa ctf-solutions ctf-challenges educational-project whitebox-testing webpentest

UpdatedApr 23, 2025
JavaScript

J4FSec /HaccTheHub

Star52

Open source self-hosted cyber security learning platform

security pentesting trainning webpentest

UpdatedOct 3, 2022
TypeScript

txuswashere /pentesting

Star28

CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...

auditing osint active-directory hacking resources audit cybersecurity pentesting bugbounty cyber-security reversing cloudsecurity exploiting purpleteam pentesting-tools webpentest purple-team networksecurity webpentesting privilegeescalation

UpdatedFeb 22, 2023

cyberstruggle /whitepass

Star26

Whitepass Bypass Whitelist/Ratelimit Implementations in Web Applications/APIs

fuzzing appsec websecurity whitelist-bypass ratelimit webpentest api-fuzzing

UpdatedMar 18, 2021
Python

Anof-cyber /pentest-recon

Sponsor

Star22

Web application pentesting recon

information-extraction pentesting bugbounty reconnaissance webapplication webpentest

UpdatedJul 25, 2020
Shell

MedhatHassan /CyberTalents

Star20

The CyberTalents repository is a collection of solutions and write-ups for challenges sourced from the CyberTalents platform. Organized topic, this repository serves as a resource for cybersecurity enthusiasts seeking to enhance their skills and understanding of security concepts.

cryptography reverse-engineering cybersecurity cybertalents mobile-pentest webpentest cybertalents-writeup

UpdatedJun 18, 2025
Python

defensahacker /viewstate-decoder

Star14

Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests

asp pentesting bugbounty ethical-hacking webpentest

UpdatedFeb 27, 2021
Python

InfoSecWarrior /Subdomain-Takeovers

Star13

This repository discusses the subdomain takeover vulnerability and lists of services which are vulnerable to it. It also provides information, methodology and resources to perform subdomain takeover attacks.

bugbounty subdomains takeover subdomain-takeover webpentest

UpdatedDec 31, 2023
HTML

TorhamDev /Death-engine

Star11

A powerful recon tool

crawler scanner whois python3 pentesting recon hacking-tool port-scanning google-dorks information-gathering web-penetration-testing web-hacking webhacking directory-search pentesting-tools webpentest recon-tools death-engine

UpdatedJul 3, 2022
Python

krishealty /knockknock

Sponsor

Star7

A Simple Tool to gather information from any website, domain, sub-domain, DNS, links by enumeration with simple commands.

linux web hacking penetration-testing pentesting termux exploitation kali-linux ssl-certificates port-scanning web-penetration-testing reconnaissance website-development hacking-tools subdomain-enumeration pentesting-tools scanning-enumeration webpentest web-reconnaissance dns-enumeration

UpdatedJun 7, 2024
Go

Serhatcck /hidden_fuzzer

Star7

Hidden Fuzzer is a URL fuzzing tool designed to uncover hidden paths and resources on web applications. It features multithreading, customizable HTTP headers, and request parameters for optimized performance.

fuzzing bugbounty security-tools pentest-tool url-fuzzer webpentest bugbounty-tool

UpdatedDec 11, 2024
Go

Fadavvi /BurpPro-FastCrawler

Star6

The simplest way to integrate your subdomain enum outputs with Burp Pro (Fast Crawler)

burp burpsuite webhacking webpentest bugbounty-tool webpentesting

UpdatedApr 7, 2022
Python

xpl0ited1 /postMessageFinderBurpSuite

Sponsor

Star5

This extension allows you to detect implementations of postMessage function, addEventListener("message",function) event handler and onMessage function.

javascript dom xss xss-vulnerability bugbounty xss-exploitation xss-detection postmessage domxss burpsuite pentest-tool burpsuite-extender webpentest bugbounty-tool portswigger xpl0ited1