diff --git a/README.md b/README.md
index 8091c32..affcf83 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@
This repository is created as an online bookmark for useful links, resources and tools in infosec field which serve my needs to have a searchable page to look further.
- [Adversary Simulation & Emulation](#adversary-simulation--emulation)
+- [Application Security](#application-security)
- [Binary Analysis](#binary-analysis)
- [Cloud Security](#cloud-security)
- [Courses](#courses)
@@ -27,7 +28,6 @@ This repository is created as an online bookmark for useful links, resources and
- [Post Exploitation](#post-exploitation)
- [Social Engineering](#social-engineering)
- [Vulnerable](#vulnerable)
-- [Web Application Security](#web-application-security)
## Adversary Simulation & Emulation
@@ -138,6 +138,100 @@ This repository is created as an online bookmark for useful links, resources and
+## Application Security
+
+
+
+ Link |
+ Description |
+
+
+ aboul3la/Sublist3r |
+ Fast subdomains enumeration tool for penetration testers |
+
+
+ ambionics/phpggc |
+ PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically. |
+
+
+ appsecco/spaces-finder |
+ A tool to hunt for publicly accessible DigitalOcean Spaces |
+
+
+ anatshri/svn-extractor |
+ Simple script to extract all web resources by means of .SVN folder exposed over network. |
+
+
+ brannondorsey/dns-rebind-toolkit |
+ A front-end JavaScript toolkit for creating DNS rebinding attacks. |
+
+
+ IlluminateJs |
+ IlluminateJs is a static javascript analysis engine (a deobfuscator so to say) aimed to help analyst understand obfuscated and potentially malicious JavaScript Code. |
+
+
+
+ ismailtasdelen/xss-payload-list |
+ Cross Site Scripting ( XSS ) Vulnerability Payload List |
+
+
+ jonluca/Anubis |
+ Subdomain enumeration and information gathering tool |
+
+
+ mazen160/bfac |
+ BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code. |
+
+
+ mindedsecurity/JStillery |
+ Advanced JS Deobfuscation via Partial Evaluation. |
+
+
+ mwrlabs/dref |
+ DNS Rebinding Exploitation Framework |
+
+
+ NetSPI/PowerUpSQL |
+ PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server |
+
+
+ nccgroup/singularity |
+ A DNS rebinding attack framework |
+
+
+ OWASP Zed Attack Proxy Project |
+ The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing |
+
+
+ Public WWW |
+ Source Code Search Engine |
+
+
+ pwntester/ysoserial.net |
+ Deserialization payload generator for a variety of .NET formatters |
+
+
+ RhinoSecurityLabs/IPRotate_Burp_Extension |
+ Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request. |
+
+
+ RhinoSecurityLabs/SleuthQL |
+ Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. |
+
+
+ Snyk |
+ Continuously find & fix vulnerabilities in your dependencies |
+
+
+ s0md3v/XSStrike |
+ Most advanced XSS detection suite |
+
+
+ subfinder/subfinder |
+ SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
+
+
+
## Binary Analysis
-
- Link |
- Description |
-
-
- aboul3la/Sublist3r |
- Fast subdomains enumeration tool for penetration testers |
-
-
- ambionics/phpggc |
- PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically. |
-
-
- appsecco/spaces-finder |
- A tool to hunt for publicly accessible DigitalOcean Spaces |
-
-
- anatshri/svn-extractor |
- Simple script to extract all web resources by means of .SVN folder exposed over network. |
-
-
- brannondorsey/dns-rebind-toolkit |
- A front-end JavaScript toolkit for creating DNS rebinding attacks. |
-
-
- IlluminateJs |
- IlluminateJs is a static javascript analysis engine (a deobfuscator so to say) aimed to help analyst understand obfuscated and potentially malicious JavaScript Code. |
-
-
-
- ismailtasdelen/xss-payload-list |
- Cross Site Scripting ( XSS ) Vulnerability Payload List |
-
-
- jonluca/Anubis |
- Subdomain enumeration and information gathering tool |
-
-
- mazen160/bfac |
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code. |
-
-
- mindedsecurity/JStillery |
- Advanced JS Deobfuscation via Partial Evaluation. |
-
-
- mwrlabs/dref |
- DNS Rebinding Exploitation Framework |
-
-
- NetSPI/PowerUpSQL |
- PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server |
-
-
- nccgroup/singularity |
- A DNS rebinding attack framework |
-
-
- OWASP Zed Attack Proxy Project |
- The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing |
-
-
- Public WWW |
- Source Code Search Engine |
-
-
- pwntester/ysoserial.net |
- Deserialization payload generator for a variety of .NET formatters |
-
-
- RhinoSecurityLabs/IPRotate_Burp_Extension |
- Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request. |
-
-
- RhinoSecurityLabs/SleuthQL |
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. |
-
-
- Snyk |
- Continuously find & fix vulnerabilities in your dependencies |
-
-
- s0md3v/XSStrike |
- Most advanced XSS detection suite |
-
-
- subfinder/subfinder |
- SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
-
-
+
\ No newline at end of file