websec

Find web directories without bruteforce

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Web Content Discovery Tool

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Pwnable|Web Security|Cryptography CTF-style challenges

Encoder to bypass WAF filters using XOR operations.

Discover hidden debugging parameters and uncover web application secrets

🎯 CSV Injection Payloads

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

🎯 Directory Payload List

Some good resources for getting started with application security

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

Script to automate PUT HTTP method exploitation to get shell

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A web application for generating custom XSS payloads

▲ Web services for modern and legacy websites, web apps, e-commerce shops, social and corporate portals, and IoT devices. Made for top-notch experience with monitoring, security, web analytics, SEO, and DevOps in the cloud, virtual, and bare-metal environments

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Additional Resources For Securing The Stack Tutorials

Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.