List of web application security

Automated Mongo database and NoSQL web application exploitation tool

移动应用安全检测清单

burpsuite cookbook

The OWASP ZAP core project

一款由 YSRC 开源的主机入侵检测系统

可基于Spring，灵活配置、易扩展、支持图片和声音的验证码框架。可分布式部署作为的验证码生成服务器和验证服务器。

Spring Boot JAR 安全加密运行工具，支持的原生JAR。

悟空扫描器

Wiki-like CTF write-ups repository, maintained by the community. 2017

乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

cms识别

Web application bruteforcer

web API开放接口设计解决方案: 基础验签加密组件；AES + RSA；国密SM算法；API多版本管理等。

跨平台服务器文件安全监控软件，支持短信预警

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Advanced vulnerability scanning with Nmap NSE

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

t0data说安全

Swipe captcha of Android platform. Android 平台的滑动验证码。

PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!

Software-Security-Learning

StuQ 程序员技能图谱

分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴

A Collection of Secure Mobile Development Best Practices

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

Easy automated vulnerability scanning, reporting and analysis

安全思维导图集合

ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

Raptor - WAF - Web application firewall using DFA [ Current version ]

Curated list of public penetration testing reports released by several consulting firms

Proteus is an anti-reverse engineering system that provides protection from disassembly and debugging for software written in Java and C/C++.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Simple yet powerful CAPTCHA library written in Java

Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

A Java Nmap wrapper

My collection of nmap NSE scripts

AGPL web-based DNS management interface in PHP

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

Minimal Mistakes GitHub Pages site starter

各种安全相关思维导图整理收集

Since JSONP and HTML5 Messaging is becoming used more, I put together a JavaScript library of security functions to help protect against things like DOM Based XSS.

java source code danger function identify prog

Universal web application security sensor intended for real-time monitoring and defense.

A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

A collection of HTTP response headers to elevate the security of your web app!

个人备份

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

a GUI for Sqlmap written in python

Automated System Hardening Framework

Golang security checker

HTTP Header Analysis Vulnerability Tool

一个fuzzdb扩展库

Official FuzzDB project repository

An awesome, fully responsive jQuery slider plugin

The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala projects)

文件监控

FileDisk和Filemon的MFC开源码

Platform to host Capture the Flag competitions

Docker security analysis & hacking tools

Some setup scripts for security research tools.

Cobra（眼镜蛇） - static code security scan & analyse (白盒- 代码安全审计系统)

cms识别

Chrome Apps

a tool to perform static analysis of known vulnerabilities in docker images/containers

Penetration Testing/Security Cheatsheets

多种验证码的java实现：原生态jsp和servlet生成验证码、Kaptcha组件生成验证码、中文验证码、算术验证码等

XSS平台 CTF工具 Web安全工具

爆破字典

Original code about binary encryption from phrack

PHP Webshell with handy features

系统管理员资源大全中文版，备份/克隆软件、云计算/云存储、协作软件、配置管理、日志管理、监控、项目管理等

A curated list of Microservice Architecture related principles and technologies.

Java资源大全中文版，包括开发库、开发工具、网站、博客、微信、微博等，由伯乐在线持续更新。

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

A curated list of CTF frameworks, libraries, resources and softwares

Automated Security Testing For REST API's

A software characterization source code analyzer that helps you understand what a program does by identifying interesting features and characteristics using static analysis and a customizable json based rules engine.

Android APK 加壳保护

AuQuery-based automated integration testing

互联网企业安全高级指南读书笔记脑图 - http://www.mottoin.com/95816.html & http://www.mottoin.com/95828.html Author：hblf@MottoIN Team

If you've ever picked up a book on Wireshark or network monitoring, they almost all cover about the same information. They'll show you, "Here's an ARP frame, here's an IP packet, here's a web request..." But what they don't go into is: when you open a Pcap file for the first time, where do you start? What are the things that you look for? And how do you find them? So my goal here is to help you bridge that gap between having a basic understanding of network protocol analyzers, and using them to solve real world problems.