Top Related Projects
21,358
A collection of awesome penetration testing resources, tools and other shiny things
A collection of hacking / penetration testing resources to make you better!
11,253
🐶 A curated list of Web Security materials and resources.
12,192
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
12,798
A curated list of awesome Hacking tutorials, tools and resources
82,548
A collection of various awesome lists for hackers, pentesters and security researchers
Quick Overview
The "awesome-web-hacking" repository is a curated list of resources, tools, and references for web application security and ethical hacking. It serves as a comprehensive guide for security professionals, penetration testers, and developers interested in web security, providing links to various tools, tutorials, and learning materials.
Pros
- Extensive collection of web hacking resources in one place
- Regularly updated with new tools and information
- Well-organized into categories for easy navigation
- Includes both free and commercial tools
Cons
- May be overwhelming for beginners due to the large amount of information
- Some links may become outdated over time
- Lacks detailed explanations or tutorials for each tool
- Primarily focuses on offensive security, with less emphasis on defensive measures
Note: As this is not a code library, the code example and quick start sections have been omitted as per the instructions.
Competitor Comparisons
21,358
A collection of awesome penetration testing resources, tools and other shiny things
Pros of awesome-pentest
- Broader scope covering various aspects of penetration testing, not limited to web hacking
- More comprehensive with a larger number of resources and tools
- Better organized with clear categorization of different penetration testing areas
Cons of awesome-pentest
- May be overwhelming for beginners due to its extensive content
- Less focused on web-specific hacking techniques compared to awesome-web-hacking
- Requires more frequent updates to maintain relevance across all penetration testing domains
Code comparison
While both repositories are primarily curated lists of resources and don't contain significant code, they do use markdown formatting. Here's a brief comparison of their README structures:
awesome-pentest:
# Awesome Penetration Testing
A collection of awesome penetration testing resources
- [Online Resources](#online-resources)
- [Penetration Testing Resources](#penetration-testing-resources)
- [Shell Scripting Resources](#shell-scripting-resources)
awesome-web-hacking:
# Awesome Web Hacking
This list is for anyone wishing to learn about web application security but do not have a starting point.
- [Books](#books)
- [Documentation](#documentation)
- [Tools](#tools)
Both repositories use similar markdown structures, but awesome-pentest tends to have more nested categories and a more complex table of contents.
A collection of hacking / penetration testing resources to make you better!
Pros of Awesome-Hacking-Resources
- Broader scope covering various aspects of hacking, not limited to web hacking
- More comprehensive with a larger number of resources and categories
- Includes sections on career resources and certifications
Cons of Awesome-Hacking-Resources
- Less focused, which may be overwhelming for those specifically interested in web hacking
- May require more time to navigate and find relevant resources due to its extensive nature
- Some categories have fewer resources compared to awesome-web-hacking's depth in web-specific topics
Code Comparison
While both repositories are primarily resource lists and don't contain significant code, they differ in their organization. Here's a comparison of their table of contents structure:
Awesome-Hacking-Resources:
- [Learning Platforms](#learning-platforms)
- [Tools](#tools)
- [Conferences and Events](#conferences-and-events)
- [Vulnerable Machines](#vulnerable-machines)
awesome-web-hacking:
- [Books](#books)
- [Documentation](#documentation)
- [Tools](#tools)
- [Vulnerabilities](#vulnerabilities)
Both repositories use a similar Markdown structure for organizing content, but Awesome-Hacking-Resources covers a wider range of topics, while awesome-web-hacking focuses more deeply on web-specific categories.
11,253
🐶 A curated list of Web Security materials and resources.
Pros of awesome-web-security
- More comprehensive and regularly updated content
- Better organization with clear categories and subcategories
- Includes a wider range of topics, including cloud security and IoT security
Cons of awesome-web-security
- May be overwhelming for beginners due to the extensive amount of information
- Less focus on specific hacking techniques and tools
Code comparison
While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's an example of how they structure their content:
awesome-web-security:
## Contents
- [Resources](#resources)
- [Tutorials](#tutorials)
- [Tools](#tools)
- [Vulnerabilities](#vulnerabilities)
- [XSS](#xss)
- [SQL Injection](#sql-injection)
awesome-web-hacking:
## Contents
- [Tools](#tools)
- [Cheat Sheets](#cheat-sheets)
- [Docker](#docker-images-for-penetration-testing)
- [General](#general)
- [REST API](#rest-api)
Both repositories serve as valuable resources for web security enthusiasts, but awesome-web-security offers a more comprehensive and structured approach, while awesome-web-hacking provides a more concise list focused on hacking tools and techniques.
12,192
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Pros of awesome-security
- Broader scope covering various aspects of security beyond web hacking
- More comprehensive with a larger number of resources and categories
- Includes sections on security standards, frameworks, and best practices
Cons of awesome-security
- Less focused on specific web hacking techniques and tools
- May be overwhelming for beginners due to its extensive content
- Updates less frequently compared to awesome-web-hacking
Code comparison
Not applicable for these repositories as they are curated lists of resources without significant code content.
Summary
awesome-web-hacking focuses specifically on web application security and hacking techniques, making it more targeted for those interested in web security. It offers a concise list of tools and resources for web hacking.
awesome-security, on the other hand, provides a broader overview of various security topics, including network security, cryptography, and incident response. It's more comprehensive but may require more time to navigate due to its extensive content.
Both repositories serve as valuable resources for security professionals and enthusiasts, with awesome-web-hacking being more suitable for those specifically interested in web application security, while awesome-security caters to a wider range of security topics and practices.
12,798
A curated list of awesome Hacking tutorials, tools and resources
Pros of awesome-hacking
- Broader scope covering various hacking topics beyond just web hacking
- Larger collection of resources with more categories and subcategories
- Includes tools and resources for mobile, hardware, and reverse engineering
Cons of awesome-hacking
- Less focused, which may be overwhelming for those specifically interested in web hacking
- Some links may be outdated due to the broader scope and larger number of resources
- May require more time to navigate and find specific web hacking resources
Code comparison
Not applicable for these repositories as they are curated lists of resources without significant code content.
Additional notes
awesome-web-hacking:
- Focused specifically on web hacking techniques and tools
- Well-organized structure for web-specific categories
- Easier to navigate for those primarily interested in web security
awesome-hacking:
- Comprehensive resource for various hacking disciplines
- Includes sections on cryptography, social engineering, and more
- Provides a wider range of learning materials for aspiring hackers
Both repositories serve as valuable collections of hacking resources, with awesome-web-hacking being more specialized for web security enthusiasts, while awesome-hacking offers a broader range of topics for those interested in multiple aspects of hacking and cybersecurity.
82,548
A collection of various awesome lists for hackers, pentesters and security researchers
Pros of Awesome-Hacking
- Broader scope, covering various aspects of hacking beyond web-specific topics
- Larger community with more contributors and stars
- More frequently updated with new resources and tools
Cons of Awesome-Hacking
- Less focused on web hacking specifically, which may be overwhelming for beginners
- Potentially harder to navigate due to its extensive content
- May include some outdated or less relevant resources due to its broad scope
Code Comparison
While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's an example of how they structure their content:
Awesome-Web-Hacking:
## Tools
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications.
* [OWASP ZAP](https://www.zaproxy.org/) - The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
Awesome-Hacking:
### Tools
* [Metasploit Framework](https://github.com/rapid7/metasploit-framework) - A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
* [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer.
Both repositories use similar Markdown formatting to organize their content, with Awesome-Hacking covering a wider range of tools and topics.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
awesome-web-hacking
This list is for anyone wishing to learn about web application security but do not have a starting point.
You can help by sending Pull Requests to add more information.
If you're not inclined to make PRs you can tweet me at @infoslack
Table of Contents
- Books
- Documentation
- Tools
- Cheat Sheets
- Docker
- Vulnerabilities
- Courses
- Online Hacking Demonstration Sites
- Labs
- SSL
- Security Ruby on Rails
Books
- http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/8126533404/ The Web Application Hackerâs Handbook: Finding and Exploiting Security Flaws
- http://www.amazon.com/Hacking-Web-Apps-Preventing-Application/dp/159749951X/ Hacking Web Apps: Detecting and Preventing Web Application Security Problems
- http://www.amazon.com/Hacking-Exposed-Web-Applications-Third/dp/0071740643/ Hacking Exposed Web Applications
- http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633/ SQL Injection Attacks and Defense
- http://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886/ The Tangled WEB: A Guide to Securing Modern Web Applications
- http://www.amazon.com/Web-Application-Obfuscation-Evasion-Filters/dp/1597496049/ Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
- http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543/ XSS Attacks: Cross Site Scripting Exploits and Defense
- http://www.amazon.com/Browser-Hackers-Handbook-Wade-Alcorn/dp/1118662091/ The Browser Hackerâs Handbook
- http://www.amazon.com/Basics-Web-Hacking-Techniques-Attack/dp/0124166008/ The Basics of Web Hacking: Tools and Techniques to Attack the Web
- http://www.amazon.com/Web-Penetration-Testing-Kali-Linux/dp/1782163166/ Web Penetration Testing with Kali Linux
- http://www.amazon.com/Web-Application-Security-Beginners-Guide/dp/0071776168/ Web Application Security, A Beginner's Guide
- https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ Hacking: The Art of Exploitation
- https://www.crypto101.io/ - Crypto 101 is an introductory course on cryptography
- http://www.offensive-security.com/metasploit-unleashed/ - Metasploit Unleashed
- http://www.cl.cam.ac.uk/~rja14/book.html - Security Engineering
- https://www.feistyduck.com/library/openssl-cookbook/ - OpenSSL Cookbook
- https://www.manning.com/books/real-world-cryptography - Learn and apply cryptographic techniques.
- https://www.manning.com/books/making-sense-of-cyber-security - A guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy.
- https://www.manning.com/books/cyber-security-career-guide - Kickstart a career in cyber security by learning how to adapt your existing technical and non-technical skills.
- https://www.manning.com/books/secret-key-cryptography - A book about cryptographic techniques and Secret Key methods.
- https://www.manning.com/books/application-security-program-handbook - This practical book is a one-stop guide to implementing a robust application security program.
- https://www.manning.com/books/cyber-threat-hunting - Practical guide to cyber threat hunting.
- https://nostarch.com/bug-bounty-bootcamp - Bug Bounty Bootcamp
- https://nostarch.com/hacking-apis - Hacking APIs
- https://www.manning.com/books/grokking-web-application-security - A book about building web apps that are ready for and resilient to any attack.
Documentation
- https://www.owasp.org/ - Open Web Application Security Project
- http://www.pentest-standard.org/ - Penetration Testing Execution Standard
- http://www.binary-auditing.com/ - Dr. Thorsten Schneiderâs Binary Auditing
- https://appsecwiki.com/ - Application Security Wiki is an initiative to provide all Application security related resources to Security Researchers and developers at one place.
Tools
- https://www.deepinfo.com/ - Deepinfo Attack Surface Platform discovers all your digital assets, monitors them 24/7, detects any issues, and notifies you quickly so you can take immediate action.
- https://spyse.com/ - OSINT search engine that provides fresh data about the entire web, storing all data in its own DB, interconnect finding data and has some cool features.
- http://www.metasploit.com/ - World's most used penetration testing software
- https://findsubdomains.com - Online subdomains scanner service with lots of additional data. works using OSINT.
- https://github.com/bjeborn/basic-auth-pot HTTP Basic Authentication honeyPot.
- http://www.arachni-scanner.com/ - Web Application Security Scanner Framework
- https://github.com/sullo/nikto - Nikto web server scanner
- http://www.tenable.com/products/nessus-vulnerability-scanner - Nessus Vulnerability Scanner
- http://www.portswigger.net/burp/intruder.html - Burp Intruder is a tool for automating customized attacks against web apps.
- http://www.openvas.org/ - The world's most advanced Open Source vulnerability scanner and manager.
- https://github.com/iSECPartners/Scout2 - Security auditing tool for AWS environments
- https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project - Is a multi threaded java application designed to brute force directories and files names on web/application servers.
- https://www.owasp.org/index.php/ZAP - The Zed Attack Proxy is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
- https://github.com/tecknicaltom/dsniff - dsniff is a collection of tools for network auditing and penetration testing.
- https://github.com/WangYihang/Webshell-Sniper - Manage your webshell via terminal.
- https://github.com/DanMcInerney/dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response
- https://github.com/trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec
- https://github.com/sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
- https://github.com/beefproject/beef - The Browser Exploitation Framework Project
- http://w3af.org/ - w3af is a Web Application Attack and Audit Framework
- https://github.com/espreto/wpsploit - WPSploit, Exploiting Wordpress With Metasploit
- https://github.com/WangYihang/Reverse-Shell-Manager - Reverse shell manager via terminal.
- https://github.com/RUB-NDS/WS-Attacker - WS-Attacker is a modular framework for web services penetration testing
- https://github.com/wpscanteam/wpscan - WPScan is a black box WordPress vulnerability scanner
- http://sourceforge.net/projects/paros/ Paros proxy
- https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Web Scarab proxy
- https://code.google.com/p/skipfish/ Skipfish, an active web application security reconnaissance tool
- http://www.acunetix.com/vulnerability-scanner/ Acunetix Web Vulnerability Scanner
- https://cystack.net/ CyStack Web Security Platform
- http://www-03.ibm.com/software/products/en/appscan IBM Security AppScan
- https://www.netsparker.com/web-vulnerability-scanner/ Netsparker web vulnerability scanner
- http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html HP Web Inspect
- https://github.com/sensepost/wikto Wikto - Nikto for Windows with some extra features
- http://samurai.inguardians.com Samurai Web Testing Framework
- https://code.google.com/p/ratproxy/ Ratproxy
- http://www.websecurify.com Websecurify
- http://sourceforge.net/projects/grendel/ Grendel-scan
- https://tools.kali.org/web-applications/gobuster Directory/file and DNS busting tool written in Go
- http://www.edge-security.com/wfuzz.php Wfuzz
- http://wapiti.sourceforge.net wapiti
- https://github.com/neuroo/grabber Grabber
- https://subgraph.com/vega/ Vega
- http://websecuritytool.codeplex.com Watcher passive web scanner
- http://xss.codeplex.com x5s XSS and Unicode transformations security testing assistant
- http://www.beyondsecurity.com/avds AVDS Vulnerability Assessment and Management
- http://www.golismero.com Golismero
- http://www.ikare-monitoring.com IKare
- http://www.nstalker.com N-Stalker X
- https://www.rapid7.com/products/nexpose/index.jsp Nexpose
- http://www.rapid7.com/products/appspider/ App Spider
- http://www.milescan.com ParosPro
- https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ Qualys Web Application Scanning
- http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/ Retina
- https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework
- https://github.com/future-architect/vuls Vulnerability scanner for Linux, agentless, written in golang.
- https://github.com/rastating/wordpress-exploit-framework A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, practice penetration testing skills.
- https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
- https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool
- https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster!
- https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers
- https://github.com/ffleming/timing_attack Perform timing attacks against web applications
- https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting
- https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)
- https://github.com/nccgroup/wssip Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
- https://github.com/PalindromeLabs/STEWS Tool suite for WebSocket discovery, fingerprinting, and vulnerability detection
- https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS).
- https://reshift.softwaresecured.com A source code analysis tool for detecting and managing Java security vulnerabilities.
- https://encoding.tools Web app for transforming binary data and strings, including hashes and various encodings. GPLv3 offline version available.
- https://gchq.github.io/CyberChef/ A "Cyber Swiss Army Knife" for carrying out various encodings and transformations of binary data and strings.
- https://github.com/urbanadventurer/WhatWeb WhatWeb - Next generation web scanner
- https://www.shodan.io/ Shodan - The search engine for find vulnerable servers
- https://github.com/WangYihang/Webshell-Sniper A webshell manager via terminal
- https://github.com/nil0x42/phpsploit PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
- https://webhint.io/ - webhint - webhint is a customizable linting tool that helps you improve your site's accessibility, speed, cross-browser compatibility, and more by checking your code for best practices and common errors.
- https://gtfobins.github.io/ - gtfobins - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- https://github.com/HightechSec/git-scanner git-scanner - A tool for bug hunting or pentesting for targeting websites that have open
.gitrepositories available in public - Web Application Exploitation @ Rawsec Inventory - Complete list of Web pentesting tools
- Cyclops is a novel browser that can detect vulnerability automatically - Cyclops is a web browser with XSS detection feature
- https://caido.io/ - Web proxy
- https://github.com/assetnote/kiterunner - API discovery
- https://github.com/owasp-amass/amass - domain recon
- https://columbus.elmasy.com/ - Columbus Project is an advanced subdomain discovery service with fast, powerful and easy to use API.
- BadUSB Script To Exfiltrate Passwords - Extracts all saved passwords from Chrome, Firefox, and Edge to be saved onto secondary USB for further analysis.
Cheat Sheets
- http://n0p.net/penguicon/php_app_sec/mirror/xss.html - XSS cheatsheet
- https://highon.coffee/blog/lfi-cheat-sheet/ - LFI Cheat Sheet
- https://highon.coffee/blog/reverse-shell-cheat-sheet/ - Reverse Shell Cheat Sheet
- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ - SQL Injection Cheat Sheet
- https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/ - Path Traversal Cheat Sheet: Windows
Docker images for Penetration Testing
docker pull kalilinux/kali-linux-dockerofficial Kali Linuxdocker pull blackarchlinux/blackarchofficial BlackArch Linuxdocker pull owasp/zap2docker-stable- official OWASP ZAPdocker pull wpscanteam/wpscan- official WPScandocker pull metasploitframework/metasploit-framework- docker-metasploitdocker pull citizenstig/dvwa- Damn Vulnerable Web Application (DVWA)docker pull bkimminich/juice-shopOWASP Juice Shopdocker pull wpscanteam/vulnerablewordpress- Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271- Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160- Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas- Security Ninjasdocker pull noncetonic/archlinux-pentest-lxde:1.0- Arch Linux Penetration Testerdocker pull diogomonica/docker-bench-security- Docker Bench for Securitydocker pull ismisepaul/securityshepherd- OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat- OWASP WebGoat Project docker imagedocker pull docker pull jeroenwillemsen/wrongsecrets- OWASP WrongSecrets Project docker imagedocker pull citizenstig/nowasp- OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull aaaguirre/pentest- Docker for pentestdocker pull rustscan/rustscan:2.0.0- The Modern Port Scanner
Vulnerabilities
- http://cve.mitre.org/ - Common Vulnerabilities and Exposures. The Standard for Information Security Vulnerability Names
- https://www.exploit-db.com/ - The Exploit Database â ultimate archive of Exploits, Shellcode, and Security Papers.
- http://0day.today/ - Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
- http://www.securityfocus.com/ - Since its inception in 1999, SecurityFocus has been a mainstay in the security community.
- http://packetstormsecurity.com/ - Global Security Resource
- https://wpvulndb.com/ - WPScan Vulnerability Database
- https://snyk.io/vuln/ - Vulnerability DB, Detailed information and remediation guidance for known vulnerabilities.
- https://stellastra.com/cipher-suite - Database of hundreds of TLS cipher suites and their security status.
- https://vulncheck.com/xdb/ - An index of exploit proof-of-concept code in Git repositories.
Courses
- https://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ Offensive Security Advanced Web Attacks and Exploitation (live)
- https://www.sans.org/course/web-app-penetration-testing-ethical-hacking Sans SEC542: Web App Penetration Testing and Ethical Hacking
- https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking Sans SEC642: Advanced Web App Penetration Testing and Ethical Hacking
- http://opensecuritytraining.info/ - Open Security Training
- http://securitytrainings.net/security-trainings/ - Security Exploded Training
- http://www.securitytube.net/ - Worldâs largest Infosec and Hacking Portal.
- https://www.hacker101.com/ - Free class for web security by Hackerone
- https://www.darkrelay.com/courses/professional-penetration-tester - Zero-Hero style Pentesting course by DarkRelay Security Labs
Online Hacking Demonstration Sites
- http://testasp.vulnweb.com/ - Acunetix ASP test and demonstration site
- http://testaspnet.vulnweb.com/ - Acunetix ASP.Net test and demonstration site
- http://testphp.vulnweb.com/ - Acunetix PHP test and demonstration site
- http://crackme.cenzic.com/kelev/view/home.php - Crack Me Bank
- http://zero.webappsecurity.com/ - Zero Bank
- http://demo.testfire.net/ - Altoro Mutual
- https://public-firing-range.appspot.com/ - Firing Range is a test bed for automated web application security scanners.
- https://xss-game.appspot.com/ - XSS challenge
- https://google-gruyere.appspot.com/ Google Gruyere, web application exploits and defenses
- https://ginandjuice.shop/catalog
- https://pentest-ground.com/ Pentest-Ground is a free playground with deliberately vulnerable web applications and network services.
- HackSimulator is a GPT created by MarkCyber in which chatGPT 4 acts as a hacking CTF. This GPT will ask for your experience level and what you would like to improve on, before simulating a machine/application for you to hack into, using the chatbox as the place to input terminal commands. Since this is through AI, it changes and adjust based on your experience level and you can ask for help if you are stuck.
Labs
- https://portswigger.net/web-security - Web Security Academy: Free Online Training from PortSwigger
- http://www.cis.syr.edu/~wedu/seed/all_labs.html - Developing Instructional Laboratories for Computer SEcurity EDucation
- https://www.vulnhub.com/ - Virtual Machines for Localhost Penetration Testing.
- https://pentesterlab.com/ - PentesterLab is an easy and great way to learn penetration testing.
- https://github.com/jerryhoff/WebGoat.NET - This web application is a learning platform about common web security flaws.
- http://www.dvwa.co.uk/ - Damn Vulnerable Web Application (DVWA)
- http://sourceforge.net/projects/lampsecurity/ - LAMPSecurity Training
- https://github.com/Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
- https://github.com/paralax/lfi-labs - small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
- https://hack.me/ - Build, host and share vulnerable web apps in a sandboxed environment for free
- http://azcwr.org/az-cyber-warfare-ranges - Free live fire Capture the Flag, blue team, red team Cyber Warfare Range for beginners through advanced users. Must use a cell phone to send a text message requesting access to the range.
- https://github.com/adamdoupe/WackoPicko - WackoPicko is a vulnerable web application used to test web application vulnerability scanners.
- https://github.com/rapid7/hackazon - Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in todayâs rich client and mobile applications.
- https://github.com/RhinoSecurityLabs/cloudgoat - Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool
- https://www.hackthebox.eu/ - Hack The Box is an online platform allowing you to test and advance your skills in cyber security.
- https://github.com/tegal1337/0l4bs - 0l4bs is a Cross-site scripting labs for web application security enthusiasts.
- https://github.com/oliverwiegers/pentest_lab - Local pentest lab leveraging docker compose.
- https://ginandjuice.shop/catalog
- https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
SSL
- https://www.ssllabs.com/ssltest/index.html - This service performs a deep analysis of the configuration of any SSL web server on the public Internet.
- http://certdb.com/ - SSL/TLS data provider service. Collect the data about digital certificates - issuers, organisation, whois, expiration dates, etc... Plus, has handy filters for convenience.
- https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - Strong SSL Security on nginx
- https://weakdh.org/ - Weak Diffie-Hellman and the Logjam Attack
- https://letsencrypt.org/ - Letâs Encrypt is a new Certificate Authority: Itâs free, automated, and open.
- https://filippo.io/Heartbleed/ - A checker (site and tool) for CVE-2014-0160 (Heartbleed).
- https://testssl.sh/ - A command line tool which checks a website's TLS/SSL ciphers, protocols and cryptographic flaws.
Security Ruby on Rails
- http://brakemanscanner.org/ - A static analysis security vulnerability scanner for Ruby on Rails applications.
- https://github.com/rubysec/ruby-advisory-db - A database of vulnerable Ruby Gems
- https://github.com/rubysec/bundler-audit - Patch-level verification for Bundler
- https://github.com/hakirisec/hakiri_toolbelt - Hakiri Toolbelt is a command line interface for the Hakiri platform.
- https://hakiri.io/facets - Scan Gemfile.lock for vulnerabilities.
- http://rails-sqli.org/ - This page lists many query methods and options in ActiveRecord which do not sanitize raw SQL arguments and are not intended to be called with unsafe user input.
- https://github.com/0xsauby/yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Top Related Projects
21,358
A collection of awesome penetration testing resources, tools and other shiny things
A collection of hacking / penetration testing resources to make you better!
11,253
🐶 A curated list of Web Security materials and resources.
12,192
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
12,798
A curated list of awesome Hacking tutorials, tools and resources
82,548
A collection of various awesome lists for hackers, pentesters and security researchers
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot