websec

Find web directories without bruteforce

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Web Content Discovery Tool

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Pwnable|Web Security|Cryptography CTF-style challenges

Encoder to bypass WAF filters using XOR operations.

Discover hidden debugging parameters and uncover web application secrets

🎯 CSV Injection Payloads

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

🎯 Directory Payload List

Some good resources for getting started with application security

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

Script to automate PUT HTTP method exploitation to get shell

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

A web application for generating custom XSS payloads

▲ Web services for modern and legacy websites, web apps, e-commerce shops, social and corporate portals, and IoT devices. Made for top-notch experience with monitoring, security, web analytics, SEO, and DevOps in the cloud, virtual, and bare-metal environments

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Additional Resources For Securing The Stack Tutorials

CLI tool for filtering URLs/IPs with automatically-updated Bug Bounty program scope rules.