websecurity

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

security ldap jwt saml oauth2 authentication acl auth authorization secops sso openid access-control secdevops websecurity caddy-plugin webauthn paseto paseto-tokens caddy2

UpdatedApr 9, 2024
Go

blst-security /cherrybomb

Star1.2k

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

api cli open-source http security best-practices openapi cybersecurity web-security business-logic cyber security-tools websecurity openapi3 web-sec-scanner api-security firecracker blst

UpdatedOct 25, 2024
Rust

payloadbox /xxe-injection-payload-list

Star1.2k

🎯 XML External Entity (XXE) Injection Payload List

xml hacking cybersecurity bug-bounty infosec bugbounty information-security payload payloads cyber-security websecurity web-application-security xxe xxe-injection websecurity-reference xxe-payloads xxe-example xml-entity xxe-payload xxe-payload-list

UpdatedJul 18, 2024

Proviesec /google-dorks

Star1.1k

Useful Google Dorks for WebSecurity and Bug Bounty

security google cybersecurity bugbounty websecurity

UpdatedMar 30, 2024

rhaidiz /broxy

Star1k

An HTTP/HTTPS intercept proxy written in Go.

go golang security proxy http-proxy hacking penetration-testing interceptor qt5-gui websecurity http-security http-interceptor qt-wrapper wapt penetration-testing-tools broxy

UpdatedFeb 11, 2022
Go

yeswehack /vulnerable-code-snippets

Star980

Twitter vulnerable snippets

snippets code owasp web-application bugbounty vulnerable example-code websecurity worst-practices code-analyze

UpdatedMar 17, 2025
PHP

findneo /Newbie-Security-List

Star909

网络安全学习资料，欢迎补充

security ctf websecurity resource-list greenhand

UpdatedOct 23, 2018

backdoorhub /shell-backdoor-list

Star747

🎯 PHP / ASP - Shell Backdoor List 🎯

shell php web hack backdoor c99 hacking web-shell web-security asp-net php-backdoor web-hacking websecurity wso b374k hackingcode shell-backdoor r57 kacak asp-backdoor

UpdatedNov 18, 2023
PHP

security-prince /Application-Security-Engineer-Interview-Questions

Star667

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

xss vulnerability infosec application-security interview-questions appsec webappsec sdlc websecurity devsecops security-engineering websec websecurity-reference security-team security-engineer-interview

UpdatedAug 7, 2020

YagamiiLight /Cerberus

Star649

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

python middleware proxy waf xss penetration-testing sql-injection bypass hacking-tool ssrf security-tools websecurity