Web application security scanner created by lcamtuf for google - Unofficial Mirror

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.

A Burp Suite content discovery plugin that add the smart into the Buster!

PHP Secure Configuration Checker

A deliberately vulnerable modern day app with lots of DOM related bugs

The cheat sheet about Java Deserialization vulnerabilities

Automatically exported from code.google.com/p/domxsswiki

Fast, indexed regexp search over large file trees

DOM Standard

Collection of CTF Web challenges I made

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

A list of public penetration test reports published by several consulting firms and academic security groups.

Fast subdomains enumeration tool for penetration testers

Web application fuzzer

Welcome to the XSS Challenge Wiki!

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

The ZAP by Checkmarx Core project

Generates permutations, alterations and mutations of subdomains and then resolves them

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

The Bug Hunters Methodology