Awesome-Mirrors/awesome-web-security
1
0
Fork 0
mirror of https://github.com/qazbnm456/awesome-web-security.git synced 2024-06-26 10:42:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Boik 2017-01-31 17:44:30 +08:00
parent b248115a58
commit df6160d6b9
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -17,21 +17,30 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
## Menu
- [Resource](#resource)
- [XSS](#resource-xss)
- [SQL Injection](#resource-sql-injection)
- [XML](#resource-xml)
- [Evasion](#evasion)
- [CSP](#evasion-csp)
- [Trick](#trick)
- [SQL Injection](#trick-sql-injection)
- [PoC](#poc)
- [JavaScript](#poc-javascript)
- [Tool](#tool)
- [Code Generating](#tool-code-generating)
- [Fuzzing](#tool-fuzzing)
- [Leaking](#tool-leaking)
- [Detecting](#tool-detecting)
- [Blog](#blog)
- [Miscellaneous](#miscellaneous)
## Resource
<a name="resource-xss"></a>
### XSS
* [H5SC](https://github.com/cure53/H5SC)
<a name="resource-sql-injection"></a>
### SQL Injection
@ -57,6 +66,13 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
* [屌智硬之mysql不用逗号注入](http://www.jinglingshu.org/?p=2220), written by [jinglingshu](http://www.jinglingshu.org/?p=2220).
* [见招拆招绕过WAF继续SQL注入常用方法](http://www.freebuf.com/articles/web/36683.html), written by [mikey](http://www.freebuf.com/author/mikey).
## PoC
<a name="poc-javascript"></a>
### JavaScript
* [js-vuln-db](https://github.com/tunz/js-vuln-db) - A collection of JavaScript engine CVEs with PoCs by [@tunz][https://github.com/tunz].
## Tool
<a name="tool-code-generating"></a>
@ -68,11 +84,19 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
### Fuzzing
* [wfuzz](https://github.com/xmendez/wfuzz) - Web application bruteforcer by [@xmendez](https://github.com/xmendez).
* [charsetinspect](https://github.com/hack-all-the-things/charsetinspect) - A script that inspects multi-byte character sets looking for characters with specific user-defined properties by [@hack-all-the-things](https://github.com/hack-all-the-things).
<a name="tool-leaking"></a>
### leaking
* [HTTPLeaks](https://github.com/cure53/HTTPLeaks) - All possible ways, a website can leak HTTP requests by [@cure53](https://github.com/cure53).
* [dvcs-ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG... by [@kost](https://github.com/kost).
<a name="tool-detecting"></a>
### Detecting
* [sqlchop](https://github.com/chaitin/sqlchop/) - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by [chaitin](http://chaitin.com).
* [retire.js](https://github.com/RetireJS/retire.js) - Scanner detecting the use of JavaScript libraries with known vulnerabilities by [@RetireJS](https://github.com/RetireJS).
## Blog
@ -80,7 +104,7 @@ Check out my [repos](https://github.com/qazbnm456) 🐾 or say *hi* on my [Twitt
## Miscellaneous
* [如何正確的取得使用者 IP ](http://devco.re/blog/2014/06/19/client-ip-detection/)
* [如何正確的取得使用者 IP ](http://devco.re/blog/2014/06/19/client-ip-detection/), written by [Allen Own](http://devco.re/blog/author/allenown).
## License