web-security

Star

Here are 692 public repositories matching this topic...

Language:All

Filter by language

All692 Python204 JavaScript89 PHP51 HTML45 Go32 Java28 TypeScript27 Shell20 CSS13 Rust9

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

MobSF /Mobile-Security-Framework-MobSF

Star19.1k

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

rest static-analysis apk owasp dynamic-analysis web-security malware-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing cwe devsecops runtime-security mstg masvs mastg

UpdatedJul 17, 2025
JavaScript

chaitin /SafeLine

Star17.1k

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

security hackers api-gateway captcha firewall waf xss bruteforce self-hosted cybersecurity sql-injection vulnerability application-security web-security cve appsec web-application-firewall http-flood blueteam websecurity

UpdatedJul 10, 2025
Go

Hacker0x01 /hacker101

Star14.1k

Source code for Hacker101.com - a free online web and mobile security class.

education security hacking xss sql-injection vulnerability csrf web-security mobile-security clickjacking hackerone session-fixation hacker101 unchecked-redirects

UpdatedFeb 22, 2025
SCSS

nahamsec /Resources-for-Beginner-Bug-Bounty-Hunters

Star11.4k

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security bugbounty pentest ssrf bug-bounty-hunters learn2hack

UpdatedJul 23, 2024

bunkerity /bunkerweb

Star8.8k

🛡️ Open-source and next-generation Web Application Firewall (WAF)

letsencrypt docker nginx kubernetes security devops hosting waf reverse-proxy cybersecurity swarm web-security hardening modsecurity dnsbl web-application-firewall devsecops antibot bunkerized-nginx security-tuning

UpdatedJul 18, 2025
Python

infoslack /awesome-web-hacking

Star6.3k

A list of web application security

security scanner hacking owasp penetration-testing vulnerability web-security pentesting vulnerabilities appsec metasploit web-hacking hacking-tools

UpdatedMay 27, 2025

vavkamil /awesome-bugbounty-tools

Star5.2k

A curated list of various bug bounty tools

awesome tools awesome-list web-security bugbounty security-tools

UpdatedMay 13, 2025

lirantal /awesome-nodejs-security

Star2.8k

Awesome Node.js Security resources

nodejs security owasp cybersecurity infosec web-security vulnerabilities pentest hacktoberfest

UpdatedJun 26, 2025

palahsu /DDoS-Ripper

Star2.4k

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

security protection ddos ddos-attacks sql-injection web-security denial-of-service hacking-tool linux-tools ddos-tool ddos-protection attack-defense ddos-attack-tools ddos-attack hacking-tools internet-traffic deface-website ddos-attack-tool ddos-ripper attack-server

UpdatedJun 23, 2024
Python

0xSobky /HackVault

Star2k

A container repository for my public web hacks!

tracking exploit regex xss fuzzing web-security pentesting payloads reconnaissance

UpdatedOct 12, 2022
JavaScript

qi4L /JYso

Star1.7k

JNDIExploit or a ysoserial.

java ldap attack rmi gadget web-security jndi ysoserial jndi-injection mem-shell middleware-echo

UpdatedJun 14, 2025
Java

Ge0rg3 /requests-ip-rotator

Star1.6k

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

aws security networking apigateway ip web-security bugbounty bypass hacktoberfest security-tools

UpdatedApr 24, 2025
Python

WangYihang /GitHacker

Star1.5k

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

git web-security githack

UpdatedJun 18, 2025
Python

lunasec-io /lunasec

Sponsor

Star1.5k

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App:https://github.com/marketplace/lunatrace-by-lunasec/

security continuous-delivery dependency-analysis cybersecurity pci-dss web-security compliance scanning cve-scanning tokenization gdpr security-tools devsecops software-composition-analysis zero-trust soc2 sbom scanning-tool sbom-generator log4shell

UpdatedMay 2, 2024
TypeScript

pushsecurity /saas-attacks

Star1.4k

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

saas web-security offensive-security

UpdatedJun 24, 2025

4ra1n /super-xray

Star1.3k

Web漏洞扫描工具XRAY的GUI启动器

web-security vulnerability-scanners

UpdatedMay 19, 2023
Java

devanshbatham /FavFreak

Sponsor

Star1.2k

Making Favicon.ico based Recon Great again !

osint hacking web-security recon bugbounty bughunting information-gathering webappsec reconnaissance

UpdatedAug 29, 2023
Python

blst-security /cherrybomb

Star1.2k

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.