mirror of
https://github.com/qazbnm456/awesome-web-security.git
synced 2024-06-29 12:12:07 +00:00
5.9 KiB
5.9 KiB
Awesome Web Security
🐶 A curated list of Web Security materials and resources.
Please read the contribution guidelines before contributing.
🌈 Want to strengthen your penetration skills?
I would recommend to play some awesome-ctfs.
Check out my repos 🐾 or say hi on my Twitter.
Menu
Resource
XSS
SQL Injection
XML
- XML实体攻击 - 从内网探测到命令执行步步惊心, written by 张天琪.
Rails
- Rails 動態樣板路徑的風險, written by Shaolin.
- Rails Security, written by @qazbnm456.
AngularJS
Evasion
CSP
JSMVC
- JavaScript MVC and Templating Frameworks, written by Mario Heiderich.
Trick
XSS
- ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else, written by Mario Heiderich.
SQL Injection
- 屌智硬之mysql不用逗号注入, written by jinglingshu.
- 见招拆招:绕过WAF继续SQL注入常用方法, written by mikey.
SSRF
- SSRF in https://imgur.com/vidgif/url, written by aesteral.
PoC
JavaScript
- js-vuln-db - A collection of JavaScript engine CVEs with PoCs by @tunz.
Tool
Code Generating
- VWGen - Vulnerable Web applications Generator by @qazbnm456.
Fuzzing
- wfuzz - Web application bruteforcer by @xmendez.
- charsetinspect - A script that inspects multi-byte character sets looking for characters with specific user-defined properties by @hack-all-the-things.
leaking
- HTTPLeaks - All possible ways, a website can leak HTTP requests by @cure53.
- dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG... by @kost.
Detecting
- sqlchop - [DEPRECATED] A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.
- retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities by @RetireJS.
Others
Blog
- Broken Browser - Fun with Browser Vulnerabilities.
Miscellaneous
- 如何正確的取得使用者 IP ?, written by Allen Own.
License
To the extent possible under law, Sindre Sorhus has waived all copyright and related or neighboring rights to this work.