Web#
Anything related to websites and website exploitation.
Software#
This page lists all projects in this category. Use the index of all projects, the sidebar, or click on tags to browse other categories.
Awesome CTF#
“A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.”
BurpSuite#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
Canarytokens#
“Canarytokens helps track activity and actions on your network.”
”Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones.”
Computer Systems Security: Planning For Success#
“The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security.”
By Ryan Tolboom.
Dirb#
Dictionary scan of web servers.
Enum_AzureSubdomains#
“A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries.”
Evilginx#
“Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.”
HackThisSite#
“HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.”
JWT.io#
Tool to decode and encode JSON Web Tokens.
Metasploit#
“The world’s most used penetration testing framework.”
OWASP Top Ten#
“The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.”
OWASP WebGoat#
“WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.”
OWASP ZAP#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
Payloads All The Things#
“A list of useful payloads and bypasses for Web Application Security.”
Shodan#
Search engine for IoT devices. Can search for publically accessible servers based on details such as header, geolocation, etc.
sig2n#
Python scripts to perform JWT algorithm confusion.
Usage instructions from PortSwigger here.
WhatWeb#
Scans websites to recognize what software is being used to power them.