Offensive Security for Web Security
Task: Web Security
Browse 38 security tools
FEATURED
RELATED TASKS
5-day training course on advanced penetration testing techniques
5-day training course on advanced penetration testing techniques
Online platform offering 700+ hands-on web security exercises and training
Online platform offering 700+ hands-on web security exercises and training
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.
A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A golang utility to spider through a website searching for additional links.
A golang utility to spider through a website searching for additional links.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.