Add mention of Crowdsec in README

This commit is contained in:
mazzma12 2022-05-05 16:35:54 +02:00
parent 37d1ea643d
commit 3967b67e73
No known key found for this signature in database
GPG Key ID: 0CC986AE06D004DB

203
README.md
View File

@ -18,104 +18,110 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
## Contents ## Contents
- [Digests](#digests) - [Awesome Web Security ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-web-security-)
- [Forums](#forums) - [Contents](#contents)
- [Introduction](#intro) - [Digests](#digests)
- [XSS](#xss---cross-site-scripting) - [Forums](#forums)
- [Prototype Pollution](#prototype-pollution) - [Introduction](#introduction)
- [CSV Injection](#csv-injection) - [XSS - Cross-Site Scripting](#xss---cross-site-scripting)
- [SQL Injection](#sql-injection) - [Prototype Pollution](#prototype-pollution)
- [Command Injection](#command-injection) - [CSV Injection](#csv-injection)
- [ORM Injection](#orm-injection) - [SQL Injection](#sql-injection)
- [FTP Injection](#ftp-injection) - [Command Injection](#command-injection)
- [XXE](#xxe---xml-external-entity) - [ORM Injection](#orm-injection)
- [CSRF](#csrf---cross-site-request-forgery) - [FTP Injection](#ftp-injection)
- [Clickjacking](#clickjacking) - [XXE - XML eXternal Entity](#xxe---xml-external-entity)
- [SSRF](#ssrf---server-side-request-forgery) - [CSRF - Cross-Site Request Forgery](#csrf---cross-site-request-forgery)
- [Web Cache Poisoning](#web-cache-poisoning) - [Clickjacking](#clickjacking)
- [Relative Path Overwrite](#relative-path-overwrite) - [SSRF - Server-Side Request Forgery](#ssrf---server-side-request-forgery)
- [Open Redirect](#open-redirect) - [Web Cache Poisoning](#web-cache-poisoning)
- [SAML](#saml) - [Relative Path Overwrite](#relative-path-overwrite)
- [Upload](#upload) - [Open Redirect](#open-redirect)
- [Rails](#rails) - [Security Assertion Markup Language (SAML)](#security-assertion-markup-language-saml)
- [AngularJS](#angularjs) - [Upload](#upload)
- [ReactJS](#reactjs) - [Rails](#rails)
- [SSL/TLS](#ssltls) - [AngularJS](#angularjs)
- [Webmail](#webmail) - [ReactJS](#reactjs)
- [NFS](#nfs) - [SSL/TLS](#ssltls)
- [AWS](#aws) - [Webmail](#webmail)
- [Azure](#azure) - [NFS](#nfs)
- [Fingerprint](#fingerprint) - [AWS](#aws)
- [Sub Domain Enumeration](#sub-domain-enumeration) - [Azure](#azure)
- [Crypto](#crypto) - [Fingerprint](#fingerprint)
- [Web Shell](#web-shell) - [Sub Domain Enumeration](#sub-domain-enumeration)
- [OSINT](#osint) - [Crypto](#crypto)
- [DNS Rebinding](#dns-rebinding) - [Web Shell](#web-shell)
- [Deserialization](#deserialization) - [OSINT](#osint)
- [OAuth](#oauth) - [DNS Rebinding](#dns-rebinding)
- [JWT](#jwt) - [Deserialization](#deserialization)
- [Evasions](#evasions) - [OAuth](#oauth)
- [XXE](#evasions-xxe) - [JWT](#jwt)
- [CSP](#evasions-csp) - [Evasions](#evasions)
- [WAF](#evasions-waf) - [XXE](#xxe)
- [JSMVC](#evasions-jsmvc) - [CSP](#csp)
- [Authentication](#evasions-authentication) - [WAF](#waf)
- [Tricks](#tricks) - [JSMVC](#jsmvc)
- [CSRF](#tricks-csrf) - [Authentication](#authentication)
- [Clickjacking](#tricks-clickjacking) - [Tricks](#tricks)
- [Remote Code Execution](#tricks-rce) - [CSRF](#csrf)
- [XSS](#tricks-xss) - [Clickjacking](#clickjacking-1)
- [SQL Injection](#tricks-sql-injection) - [Remote Code Execution](#remote-code-execution)
- [NoSQL Injection](#tricks-nosql-injection) - [XSS](#xss)
- [FTP Injection](#tricks-ftp-injection) - [SQL Injection](#sql-injection-1)
- [XXE](#tricks-xxe) - [NoSQL Injection](#nosql-injection)
- [SSRF](#tricks-ssrf) - [FTP Injection](#ftp-injection-1)
- [Web Cache Poisoning](#tricks-web-cache-poisoning) - [XXE](#xxe-1)
- [Header Injection](#tricks-header-injection) - [SSRF](#ssrf)
- [URL](#tricks-url) - [Web Cache Poisoning](#web-cache-poisoning-1)
- [Deserialization](#tricks-deserialization) - [Header Injection](#header-injection)
- [OAuth](#tricks-oauth) - [URL](#url)
- [Others](#tricks-others) - [Deserialization](#deserialization-1)
- [Browser Exploitation](#browser-exploitation) - [OAuth](#oauth-1)
- [PoCs](#pocs) - [Others](#others)
- [Database](#pocs-database) - [Browser Exploitation](#browser-exploitation)
- [Cheetsheets](#cheetsheets) - [Frontend (like SOP bypass, URL spoofing, and something like that)](#frontend-like-sop-bypass-url-spoofing-and-something-like-that)
- [Tools](#tools) - [Backend (core of Browser implementation, and often refers to C or C++ part)](#backend-core-of-browser-implementation-and-often-refers-to-c-or-c-part)
- [Auditing](#tools-auditing) - [PoCs](#pocs)
- [Command Injection](#tools-command-injection) - [Database](#database)
- [Reconnaissance](#tools-reconnaissance) - [Cheetsheets](#cheetsheets)
- [OSINT](#tools-osint) - [Tools](#tools)
- [Sub Domain Enumeration](#tools-sub-domain-enumeration) - [Auditing](#auditing)
- [Code Generating](#tools-code-generating) - [Command Injection](#command-injection-1)
- [Fuzzing](#tools-fuzzing) - [Reconnaissance](#reconnaissance)
- [Scanning](#tools-scanning) - [OSINT - Open-Source Intelligence](#osint---open-source-intelligence)
- [Penetration Testing](#tools-penetration-testing) - [Sub Domain Enumeration](#sub-domain-enumeration-1)
- [Leaking](#tools-leaking) - [Code Generating](#code-generating)
- [Offensive](#tools-offensive) - [Fuzzing](#fuzzing)
- [XSS](#tools-xss) - [Scanning](#scanning)
- [SQL Injection](#tools-sql-injection) - [Penetration Testing](#penetration-testing)
- [Template Injection](#tools-template-injection) - [Offensive](#offensive)
- [XXE](#tools-xxe) - [XSS - Cross-Site Scripting](#xss---cross-site-scripting-1)
- [CSRF](#tools-csrf) - [SQL Injection](#sql-injection-2)
- [SSRF](#tools-ssrf) - [Template Injection](#template-injection)
- [Detecting](#tools-detecting) - [XXE](#xxe-2)
- [Preventing](#tools-preventing) - [Cross Site Request Forgery](#cross-site-request-forgery)
- [Proxy](#tools-proxy) - [Server-Side Request Forgery](#server-side-request-forgery)
- [Webshell](#tools-webshell) - [Leaking](#leaking)
- [Disassembler](#tools-disassembler) - [Detecting](#detecting)
- [Decompiler](#tools-decompiler) - [Preventing](#preventing)
- [DNS Rebinding](#tools-dns-rebinding) - [Proxy](#proxy)
- [Others](#tools-others) - [Webshell](#webshell)
- [Social Engineering Database](#social-engineering-database) - [Disassembler](#disassembler)
- [Blogs](#blogs) - [Decompiler](#decompiler)
- [Twitter Users](#twitter-users) - [DNS Rebinding](#dns-rebinding-1)
- [Practices](#practices) - [Others](#others-1)
- [Application](#practices-application) - [Social Engineering Database](#social-engineering-database)
- [AWS](#practices-aws) - [Blogs](#blogs)
- [XSS](#practices-xss) - [Twitter Users](#twitter-users)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#practices-modsecurity) - [Practices](#practices)
- [Community](#community) - [Application](#application)
- [Miscellaneous](#miscellaneous) - [AWS](#aws-1)
- [XSS](#xss-1)
- [ModSecurity / OWASP ModSecurity Core Rule Set](#modsecurity--owasp-modsecurity-core-rule-set)
- [Community](#community)
- [Miscellaneous](#miscellaneous)
- [Code of Conduct](#code-of-conduct)
- [License](#license)
## Digests ## Digests
@ -735,6 +741,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
<a name="tools-preventing"></a> <a name="tools-preventing"></a>
### Preventing ### Preventing
- [CrowdSec](https://github.com/crowdsecurity/crowdsec) A next-gen collaborative IPS, written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. Users can share their alerts about threats with the community and benefit from the network effect.
- [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/). - [DOMPurify](https://github.com/cure53/DOMPurify) - DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by [Cure53](https://cure53.de/).
- [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin). - [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin).
- [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/). - [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/).