Web Security

A low overhead rate limiter for your routes

Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.

A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.

A tool for identifying potential security vulnerabilities in web applications

Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.

NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.

A Python-based tool for detecting XSS vulnerabilities

A tool for exploiting SSRF and gaining RCE in various servers

A tool to profile web applications based on response time discrepancies.

A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.

XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.

A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.

An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.

AWS Web Application Firewalls (WAFs) are cloud-based security services that protect web applications and APIs from internet-based attacks through customizable filtering rules and centralized management capabilities.

A comprehensive reference guide covering various web application vulnerabilities, testing techniques, and resources for bug bounty hunters and security researchers.

A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.

BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.

A Linux-based environment for penetration testing and vulnerability exploitation

A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.

A crawler-based low-interaction client honeypot for exposing website threats.

A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.