From c951b4d603325f62849a04160a01c901326fcb0f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Tue, 11 Aug 2020 12:29:13 +0700 Subject: [PATCH] 'Web Application Security' section is now 'Application Security' --- README.md | 192 +++++++++++++++++++++++++++--------------------------- 1 file changed, 96 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index 8091c32..affcf83 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ This repository is created as an online bookmark for useful links, resources and tools in infosec field which serve my needs to have a searchable page to look further. - [Adversary Simulation & Emulation](#adversary-simulation--emulation) +- [Application Security](#application-security) - [Binary Analysis](#binary-analysis) - [Cloud Security](#cloud-security) - [Courses](#courses) @@ -27,7 +28,6 @@ This repository is created as an online bookmark for useful links, resources and - [Post Exploitation](#post-exploitation) - [Social Engineering](#social-engineering) - [Vulnerable](#vulnerable) -- [Web Application Security](#web-application-security) ## Adversary Simulation & Emulation @@ -138,6 +138,100 @@ This repository is created as an online bookmark for useful links, resources and +## Application Security + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LinkDescription
aboul3la/Sublist3rFast subdomains enumeration tool for penetration testers
ambionics/phpggcPHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
appsecco/spaces-finderA tool to hunt for publicly accessible DigitalOcean Spaces
anatshri/svn-extractorSimple script to extract all web resources by means of .SVN folder exposed over network.
brannondorsey/dns-rebind-toolkitA front-end JavaScript toolkit for creating DNS rebinding attacks.
IlluminateJsIlluminateJs is a static javascript analysis engine (a deobfuscator so to say) aimed to help analyst understand obfuscated and potentially malicious JavaScript Code.
ismailtasdelen/xss-payload-listCross Site Scripting ( XSS ) Vulnerability Payload List
jonluca/AnubisSubdomain enumeration and information gathering tool
mazen160/bfacBFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
mindedsecurity/JStilleryAdvanced JS Deobfuscation via Partial Evaluation.
mwrlabs/drefDNS Rebinding Exploitation Framework
NetSPI/PowerUpSQLPowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
nccgroup/singularityA DNS rebinding attack framework
OWASP Zed Attack Proxy ProjectThe OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing
Public WWWSource Code Search Engine
pwntester/ysoserial.netDeserialization payload generator for a variety of .NET formatters
RhinoSecurityLabs/IPRotate_Burp_ExtensionExtension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
RhinoSecurityLabs/SleuthQLPython3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
SnykContinuously find & fix vulnerabilities in your dependencies
s0md3v/XSStrikeMost advanced XSS detection suite
subfinder/subfinderSubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
+ ## Binary Analysis @@ -2139,98 +2233,4 @@ This repository is created as an online bookmark for useful links, resources and -
Vulnerable Docker VM Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container?
- -## Web Application Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LinkDescription
aboul3la/Sublist3rFast subdomains enumeration tool for penetration testers
ambionics/phpggcPHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
appsecco/spaces-finderA tool to hunt for publicly accessible DigitalOcean Spaces
anatshri/svn-extractorSimple script to extract all web resources by means of .SVN folder exposed over network.
brannondorsey/dns-rebind-toolkitA front-end JavaScript toolkit for creating DNS rebinding attacks.
IlluminateJsIlluminateJs is a static javascript analysis engine (a deobfuscator so to say) aimed to help analyst understand obfuscated and potentially malicious JavaScript Code.
ismailtasdelen/xss-payload-listCross Site Scripting ( XSS ) Vulnerability Payload List
jonluca/AnubisSubdomain enumeration and information gathering tool
mazen160/bfacBFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
mindedsecurity/JStilleryAdvanced JS Deobfuscation via Partial Evaluation.
mwrlabs/drefDNS Rebinding Exploitation Framework
NetSPI/PowerUpSQLPowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
nccgroup/singularityA DNS rebinding attack framework
OWASP Zed Attack Proxy ProjectThe OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing
Public WWWSource Code Search Engine
pwntester/ysoserial.netDeserialization payload generator for a variety of .NET formatters
RhinoSecurityLabs/IPRotate_Burp_ExtensionExtension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
RhinoSecurityLabs/SleuthQLPython3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
SnykContinuously find & fix vulnerabilities in your dependencies
s0md3v/XSStrikeMost advanced XSS detection suite
subfinder/subfinderSubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
+ \ No newline at end of file