Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

WebGoat is a deliberately insecure application

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)

基于Frida的Android App隐私合规检测辅助工具

Apache Spark 官方文档中文版

洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

A DNS rebinding attack framework.

BurpSuite using the document and some extensions

安全隐私卫士（AppScan）一款免费的企业级自动化App隐私合规检测工具。

XSSOR：方便XSS与CSRF的工具，http://evilcos.me/lab/xssor/

Bundles Google Caja's HTML Sanitizer within a npm installable node.js module

Logic behind CSRF token creation and verification.

Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.

Java安全 学习记录

Network Security Vulnerability Manage

fuzz

Nodejs application intentionally vulnerable to SSRF

Packet analyzer and injector, written in JavaScript