Docker toolbox for pentest of web based application.

Fast web fuzzer written in Go

Damn Vulnerable Web Application (DVWA)

CeWL is a Custom Word List Generator

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

WebGoat is a deliberately insecure application

A OWASP Based Checklist With 500+ Test Cases

ZAP Add-ons

A fast, simple, recursive content discovery tool written in Rust.

A repository with 3 tools for pwn'ing websites with .git repositories available

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Fast and customizable subdomain wordlist generator using DSL

Share your terminal as a web application

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Ruby HTML and CSS sanitizer.

HEGO Hunting Wiki | Offensive Cybersecurity Checklist

JavaScript library of crypto standards.

🤖 CDN assets - The #1 free and open source CDN built to make life easier for developers.

Web path scanner

Directory/File, DNS and VHost busting tool written in Go

🐶 A curated list of Web Security materials and resources.

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

A Firefox Web Extension to improve the discovery of DOM XSS.

⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.

nghttp2 - HTTP/2 C Library and tools

Aspx reverse shell