Starred repositories
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
WebGoat is a deliberately insecure application
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库,覆盖多种漏洞类型和应用程序框架。
BurpSuite using the document and some extensions
安全隐私卫士(AppScan)一款免费的企业级自动化App隐私合规检测工具。
XSSOR:方便XSS与CSRF的工具,http://evilcos.me/lab/xssor/
Bundles Google Caja's HTML Sanitizer within a npm installable node.js module
Logic behind CSRF token creation and verification.
Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.
Network Security Vulnerability Manage
Nodejs application intentionally vulnerable to SSRF
Packet analyzer and injector, written in JavaScript