Open-Source Cybersecurity Tools: Web & API Security

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 264 documented tools. It focuses on capabilities used for application-layer threat prevention and request/response validation. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

• Coverage depth against your highest-priority threats and compliance obligations.
• Operational overhead for deployment, tuning, and long-term maintenance.
• Signal quality versus analyst workload and false-positive pressure.
• Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
• Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

# | 0 | A | B | C | D | E | F | G | H | I | J | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z

Letter

This letter section contains 11 tools.

$36k Google App Engine RCE

• Website: https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: $36k Google App Engine RCE is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

$7.5k Google services mix-up

• Website: https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: $7.5k Google services mix-up is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

is filtered ?

• Website: https://twitter.com/strukt93/status/931586377665331200
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: is filtered ? is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

@cure53berlin

• Website: https://twitter.com/cure53berlin
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @cure53berlin is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: is a German cybersecurity firm.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@filedescriptor

• Website: https://twitter.com/filedescriptor
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @filedescriptor is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Active penetrator often tweets and writes useful articles.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@garethheyes

• Website: https://twitter.com/garethheyes
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @garethheyes is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: English web penetrator.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@hasegawayosuke

• Website: https://twitter.com/hasegawayosuke
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @hasegawayosuke is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Japanese javascript security researcher.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@kinugawamasato

• Website: https://twitter.com/kinugawamasato
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @kinugawamasato is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Japanese web penetrator.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@shhnjk

• Website: https://twitter.com/shhnjk
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @shhnjk is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Web and Browsers Security Researcher.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

@XssPayloads

• Website: https://twitter.com/XssPayloads
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: @XssPayloads is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: The wonderland of JavaScript unexpected usages, and more.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Twitter Users.

Back to Name Jump

Особенности Safari в client-side атаках

• Website: https://bo0om.ru/safari-client-side
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Особенности Safari в client-side атаках is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Letter 0

This letter section contains 1 tools.

0Day Labs

• Website: http://blog.0daylabs.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: 0Day Labs is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Awesome bug-bounty and challenges writeups.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

Letter A

This letter section contains 15 tools.

A glimpse into GitHub's Bug Bounty workflow

• Website: https://githubengineering.com/githubs-bug-bounty-workflow/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: A glimpse into GitHub's Bug Bounty workflow is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

A Methodical Approach to Browser Exploitation

• Website: https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: A Methodical Approach to Browser Exploitation is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by , and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!

• Website: https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

Advisory: Java/Python FTP Injections Allow for Firewall Bypass

• Website: http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Advisory: Java/Python FTP Injections Allow for Firewall Bypass is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > FTP Injection.

Back to Name Jump

Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

• Website: https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > WAF.

Back to Name Jump

alert(1) to win

• Website: https://alf.nu/alert1
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: alert(1) to win is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Series of XSS challenges - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > XSS.

Back to Name Jump

All you need to know about SSRF and how may we write tools to do auto-detect

• Website: https://www.auxy.xyz/web%20security/2017/07/06/all-ssrf-knowledge.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: All you need to know about SSRF and how may we write tools to do auto-detect is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

An example why NAT is NOT security

• Website: https://0day.work/an-example-why-nat-is-not-security/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: An example why NAT is NOT security is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Another XSS in Google Colaboratory

• Website: https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Another XSS in Google Colaboratory is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

Any protection against dynamic module import?

• Website: https://github.com/w3c/webappsec-csp/issues/243
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Any protection against dynamic module import? is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

Applied Crypto Hardening

• Website: https://bettercrypto.org/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Applied Crypto Hardening is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Crypto.

Back to Name Jump

ASP.NET resource files (.RESX) and deserialisation issues

• Website: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: ASP.NET resource files (.RESX) and deserialisation issues is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Deserialization.

Back to Name Jump

Attacking Private Networks from the Internet with DNS Rebinding

• Website: https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Attacking Private Networks from the Internet with DNS Rebinding is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > DNS Rebinding.

Back to Name Jump

Automating local DTD discovery for XXE exploitation

• Website: https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Automating local DTD discovery for XXE exploitation is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

AWS takeover through SSRF in JavaScript

• Website: http://10degres.net/aws-takeover-through-ssrf-in-javascript/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: AWS takeover through SSRF in JavaScript is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

Letter B

This letter section contains 9 tools.

BadLibrary

• Website: https://github.com/SecureSkyTechnology/BadLibrary
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: BadLibrary is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Vulnerable web application for training - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > Application.

Back to Name Jump

Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters

• Website: https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Breaking UC Browser

• Website: https://habr.com/en/company/drweb/blog/452076/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Breaking UC Browser is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

Broken Browser

• Website: https://www.brokenbrowser.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Broken Browser is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Fun with Browser Vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

bug-bounty-reference

• Website: https://github.com/ngalongc/bug-bounty-reference
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: bug-bounty-reference is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: List of bug bounty write-up that is categorized by the bug nature by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

bXSS

• Website: https://github.com/LewisArdern/bXSS
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: bXSS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: bXSS is a simple Blind XSS application adapted from by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

Bypass Fix of OOB XXE Using Different encoding

• Website: https://twitter.com/SpiderSec/status/1191375472690528256
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Bypass Fix of OOB XXE Using Different encoding is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > XXE.

Back to Name Jump

Bypassing Mobile Browser Security For Fun And Profit

• Website: https://www.blackhat.com/docs/asia-16/materials/asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit-wp.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Bypassing Mobile Browser Security For Fun And Profit is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Bypassing Web Cache Poisoning Countermeasures

• Website: https://portswigger.net/blog/bypassing-web-cache-poisoning-countermeasures
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Bypassing Web Cache Poisoning Countermeasures is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Web Cache Poisoning.

Back to Name Jump

Letter C

This letter section contains 20 tools.

C.XSS Guide

• Website: https://excess-xss.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: C.XSS Guide is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

Cache poisoning and other dirty tricks

• Website: https://lab.wallarm.com/cache-poisoning-and-other-dirty-tricks-120468f1053f
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Cache poisoning and other dirty tricks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Web Cache Poisoning.

Back to Name Jump

Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008

• Website: https://www.computer.org/csdl/proceedings/iccsa/2008/3243/00/3243a019-abs.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

cefdebug

• Website: https://github.com/taviso/cefdebug
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: cefdebug is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Minimal code to connect to a CEF debugger by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Others.

Back to Name Jump

Charles

• Website: https://www.charlesproxy.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Charles is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Proxy.

Back to Name Jump

charsetinspect

• Website: https://github.com/hack-all-the-things/charsetinspect
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: charsetinspect is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Script that inspects multi-byte character sets looking for characters with specific user-defined properties by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

Chronicle Detection Rules

• Website: https://github.com/chronicle/detection-rules
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Threat Detection

What it does: Chronicle Detection Rules is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Collection of YARA-L 2.0 sample rules for the Chronicle Detection API.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Threat Detection and Hunting > Detection Rules.

Back to Name Jump

Clickjacking

• Website: https://www.imperva.com/learn/application-security/clickjacking/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Clickjacking is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Clickjacking.

Back to Name Jump

Clickjackings in Google worth 14981.7$

• Website: https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Clickjackings in Google worth 14981.7$ is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Clickjacking.

Back to Name Jump

CloudGoat

• Website: https://github.com/RhinoSecurityLabs/cloudgoat
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: CloudGoat is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > AWS.

Back to Name Jump

Common Azure Security Vulnerabilities and Misconfigurations

• Website: https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Common Azure Security Vulnerabilities and Misconfigurations is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Azure.

Back to Name Jump

Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters

• Website: https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > CSRF.

Back to Name Jump

Cross-Site Scripting – Application Security – Google

• Website: https://www.google.com/intl/sw/about/appsecurity/learning/xss/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Cross-Site Scripting – Application Security – Google is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

Crowdsec WAF

• Website: https://www.crowdsec.net/solutions/application-security
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome SOC

What it does: Crowdsec WAF is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: ,.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: To go further > SOC sensors, nice to have.

Back to Name Jump

CSP: bypassing form-action with reflected XSS

• Website: https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: CSP: bypassing form-action with reflected XSS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

Csper

• Website: https://csper.io
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Csper is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Preventing.

Back to Name Jump

CSS-Keylogging

• Website: https://github.com/maxchehab/CSS-Keylogging
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: CSS-Keylogging is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Chrome extension and Express server that exploits keylogging abilities of CSS by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

CSV Injection -> Meterpreter on Pornhub

• Website: https://news.webamooz.com/wp-content/uploads/bot/offsecmag/147.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: CSV Injection -> Meterpreter on Pornhub is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > CSV Injection.

Back to Name Jump

Curiefense

• Website: https://github.com/curiefense/curiefense
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: Curiefense is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

CyberChef

• Website: https://github.com/gchq/CyberChef
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: CyberChef is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Others.

Back to Name Jump

Letter D

This letter section contains 12 tools.

Dark Reading

• Website: https://www.darkreading.com/Default.asp
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Dark Reading is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Connecting The Information Security Community.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Forums.

Back to Name Jump

dirhunt

• Website: https://github.com/Nekmo/dirhunt
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: dirhunt is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Web crawler optimized for searching and analyzing the directory structure of a site by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

Dnslogger

• Website: https://wiki.skullsecurity.org/index.php?title=Dnslogger
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Dnslogger is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: DNS Logger by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Others.

Back to Name Jump

DOM XSS – auth.uber.com

• Website: http://stamone-bug-bounty.blogspot.tw/2017/10/dom-xss-auth14.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DOM XSS – auth.uber.com is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

domato

• Website: https://github.com/google/domato
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: domato is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: DOM fuzzer by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

Domato Fuzzer's Generation Engine Internals

• Website: https://www.sigpwn.io/blog/2018/4/14/domato-fuzzers-generation-engine-internals
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Domato Fuzzer's Generation Engine Internals is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

DOMPurify

• Website: https://github.com/cure53/DOMPurify
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DOMPurify is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Preventing.

Back to Name Jump

DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS

• Website: https://www.blackhat.com/docs/us-17/thursday/us-17-Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by , , and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

DOS File Path Magic Tricks

• Website: https://medium.com/walmartlabs/dos-file-path-magic-tricks-5eda7a7a85fa
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DOS File Path Magic Tricks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

dref

• Website: https://github.com/mwrlabs/dref
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: dref is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > DNS Rebinding.

Back to Name Jump

DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE

• Website: https://www.ambionics.io/blog/drupal-services-module-rce
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

DVCS-Pillage

• Website: https://github.com/evilpacket/DVCS-Pillage
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: DVCS-Pillage is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Pillage web accessible GIT, HG and BZR repositories by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

Letter E

This letter section contains 11 tools.

ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else

• Website: http://www.slideshare.net/x00mario/es6-en
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

EQGRP

• Website: https://github.com/x0rz/EQGRP
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: EQGRP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Decrypted content of eqgrp-auction-file.tar.xz by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Escape and Evasion Egressing Restricted Networks

• Website: https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Escape and Evasion Egressing Restricted Networks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Evading CSP with DOM-based dangling markup

• Website: https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Evading CSP with DOM-based dangling markup is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

Evil Teacher: Code Injection in Moodle

• Website: https://blog.ripstech.com/2018/moodle-remote-code-execution/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Evil Teacher: Code Injection in Moodle is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

Evil XML with two encodings

• Website: https://mohemiv.com/all/evil-xml/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Evil XML with two encodings is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

Exploiting a V8 OOB write.

• Website: https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Exploiting a V8 OOB write. is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

Exploiting CSRF on JSON endpoints with Flash and redirects

• Website: https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Exploiting CSRF on JSON endpoints with Flash and redirects is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > CSRF.

Back to Name Jump

Exploiting Node.js deserialization bug for Remote Code Execution

• Website: https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Exploiting Node.js deserialization bug for Remote Code Execution is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

Exploiting XSS with 20 characters limitation

• Website: https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Exploiting XSS with 20 characters limitation is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

Exploiting XXE with local DTD files

• Website: https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Exploiting XXE with local DTD files is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

Letter F

This letter section contains 4 tools.

FANS

• Website: https://github.com/iromise/fans
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: FANS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > API.

Back to Name Jump

File Upload Restrictions Bypass

• Website: https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: File Upload Restrictions Bypass is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Upload.

Back to Name Jump

Forcing XXE Reflection through Server Error Messages

• Website: https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Forcing XXE Reflection through Server Error Messages is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

fuzz.txt

• Website: https://github.com/Bo0oM/fuzz.txt
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: fuzz.txt is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Potentially dangerous files by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

Letter G

This letter section contains 10 tools.

GitHub Enterprise Remote Code Execution

• Website: http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GitHub Enterprise Remote Code Execution is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

GitHub Enterprise SQL Injection

• Website: http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GitHub Enterprise SQL Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SQL Injection.

Back to Name Jump

GitHub's CSP journey

• Website: https://githubengineering.com/githubs-csp-journey/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GitHub's CSP journey is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

GitHub's post-CSP journey

• Website: https://githubengineering.com/githubs-post-csp-journey/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GitHub's post-CSP journey is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

gitleaks

• Website: https://github.com/zricethezav/gitleaks
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: gitleaks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Searches full repo history for secrets and keys by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

GitMiner

• Website: https://github.com/UnkL4b/GitMiner
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GitMiner is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Tool for advanced mining for content on Github by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

Google VRP and Unicorns

• Website: https://sites.google.com/site/bughunteruniversity/behind-the-scenes/presentations/google-vrp-and-unicorns
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Google VRP and Unicorns is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

GraphFuzz

• Website: https://github.com/ForAllSecure/GraphFuzz
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: GraphFuzz is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > API.

Back to Name Jump

GraphQL NoSQL Injection Through JSON Types

• Website: http://www.petecorey.com/blog/2017/06/12/graphql-nosql-injection-through-json-types/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: GraphQL NoSQL Injection Through JSON Types is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > NoSQL Injection.

Back to Name Jump

GuardRails

• Website: https://github.com/apps/guardrails
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security, Awesome Web Security

What it does: GuardRails is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: A GitHub App that provides security feedback in Pull Requests.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

Letter H

This letter section contains 20 tools.

H5SC

• Website: https://github.com/cure53/H5SC
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: H5SC is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

HackDig

• Website: http://en.hackdig.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: HackDig is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Dig high-quality web security articles for hacker.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Forums.

Back to Name Jump

Hardcoded secrets, unverified tokens, and other common JWT mistakes

• Website: https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Hardcoded secrets, unverified tokens, and other common JWT mistakes is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > JWT.

Back to Name Jump

Honeyλ (HoneyLambda)

• Website: https://github.com/0x4D31/honeylambda
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Honeypots

What it does: Honeyλ (HoneyLambda) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Simple, serverless application designed to create and monitor URL honeytokens, on top of AWS Lambda and Amazon API Gateway.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Contents > Honeypots.

Back to Name Jump

How do we Stop Spilling the Beans Across Origins?

• Website: https://docs.google.com/document/d/1cbL-X0kV_tQ5rL8XJ3lXkV-j0pt_CfTu5ZSzYrncPDc/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How do we Stop Spilling the Beans Across Origins? is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!

• Website: http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

How I could have stolen your photos from Google - my first 3 bug bounty writeups

• Website: https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I could have stolen your photos from Google - my first 3 bug bounty writeups is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting

• Website: https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

• Website: https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.u50nrzhas
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

How I got my first big bounty payout with Tesla

• Website: https://medium.com/heck-the-packet/how-i-got-my-first-big-bounty-payout-with-tesla-8d28b520162d
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I got my first big bounty payout with Tesla is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

How I hacked Google’s bug tracking system itself for $15,600 in bounties

• Website: https://medium.com/free-code-camp/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How I hacked Google’s bug tracking system itself for $15,600 in bounties is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Others.

Back to Name Jump

How to bypass libinjection in many WAF/NGWAF

• Website: https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How to bypass libinjection in many WAF/NGWAF is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > WAF.

Back to Name Jump

How to Hunt Bugs in SAML; a Methodology - Part I

• Website: https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How to Hunt Bugs in SAML; a Methodology - Part I is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Security Assertion Markup Language (SAML).

Back to Name Jump

How to Hunt Bugs in SAML; a Methodology - Part II

• Website: https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How to Hunt Bugs in SAML; a Methodology - Part II is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Security Assertion Markup Language (SAML).

Back to Name Jump

How to Hunt Bugs in SAML; a Methodology - Part III

• Website: https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How to Hunt Bugs in SAML; a Methodology - Part III is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Security Assertion Markup Language (SAML).

Back to Name Jump

How we abused Slack's TURN servers to gain access to internal services

• Website: https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: How we abused Slack's TURN servers to gain access to internal services is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?)

• Website: https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > ORM Injection.

Back to Name Jump

HQL for pentesters

• Website: http://blog.h3xstream.com/2014/02/hql-for-pentesters.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: HQL for pentesters is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > ORM Injection.

Back to Name Jump

HTTPLeaks

• Website: https://github.com/cure53/HTTPLeaks
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: HTTPLeaks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: All possible ways, a website can leak HTTP requests by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

Hunting for Web Shells

• Website: https://www.tenable.com/blog/hunting-for-web-shells
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Hunting for Web Shells is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Web Shell.

Back to Name Jump

Letter I

This letter section contains 11 tools.

IE11 Information disclosure - local file detection

• Website: https://www.facebook.com/ExploitWareLabs/photos/a.361854183878462.84544.338832389513975/1378579648872572/?type=3&theater
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: IE11 Information disclosure - local file detection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by James Lee.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

If HttpOnly You Could Still CSRF… Of CORS you can!

• Website: https://medium.com/@_graphx/if-httponly-you-could-still-csrf-of-cors-you-can-5d7ee2c7443
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: If HttpOnly You Could Still CSRF… Of CORS you can! is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > CSRF.

Back to Name Jump

Implications of Loading .NET Assemblies

• Website: https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Implications of Loading .NET Assemblies is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Inducing DNS Leaks in Onion Web Services

• Website: https://github.com/epidemics-scepticism/writing/blob/master/onion-dns-leaks.md
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Inducing DNS Leaks in Onion Web Services is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Others.

Back to Name Jump

Infosec Newbie

• Website: https://www.sneakymonkey.net/2017/04/23/infosec-newbie/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Infosec Newbie is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Digests.

Back to Name Jump

Introduction to OAuth 2.0 and OpenID Connect

• Website: https://pragmaticwebsecurity.com/courses/introduction-oauth-oidc.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Introduction to OAuth 2.0 and OpenID Connect is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > OAuth.

Back to Name Jump

Introduction to Web Application Security

• Website: https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Introduction to Web Application Security is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by , and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Invoke-ATTACKAPI

• Website: https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Threat Detection

What it does: Invoke-ATTACKAPI is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: A PowerShell script to interact with the MITRE ATT&CK Framework via its own API.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Threat Detection and Hunting > Tools.

Back to Name Jump

IPObfuscator

• Website: https://github.com/OsandaMalith/IPObfuscator
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: IPObfuscator is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Simple tool to convert the IP to a DWORD IP by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

ironbee

• Website: https://github.com/ironbee/ironbee
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: ironbee is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

I’m harvesting credit card numbers and passwords from your site. Here’s how.

• Website: https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: I’m harvesting credit card numbers and passwords from your site. Here’s how. is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Letter J

This letter section contains 6 tools.

James Kettle

• Website: http://albinowax.skeletonscribe.net/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: James Kettle is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Head of Research at .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

JavaScript MVC and Templating Frameworks

• Website: http://www.slideshare.net/x00mario/jsmvcomfg-to-sternly-look-at-javascript-mvc-and-templating-frameworks
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: JavaScript MVC and Templating Frameworks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > JSMVC.

Back to Name Jump

JoomlaScan

• Website: https://github.com/drego85/JoomlaScan
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: JoomlaScan is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Scanning.

Back to Name Jump

js-vuln-db

• Website: https://github.com/tunz/js-vuln-db
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: js-vuln-db is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Collection of JavaScript engine CVEs with PoCs by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > PoCs > Database.

Back to Name Jump

js-xss

• Website: https://github.com/leizongmin/js-xss
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: js-xss is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Preventing.

Back to Name Jump

JSON hijacking for the modern web

• Website: http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: JSON hijacking for the modern web is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Letter L

This letter section contains 5 tools.

Large-scale analysis of style injection by relative path overwrite

• Website: https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Large-scale analysis of style injection by relative path overwrite is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Relative Path Overwrite.

Back to Name Jump

leavesongs

• Website: https://www.leavesongs.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: leavesongs is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: China's talented web penetrator.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

LinkFinder

• Website: https://github.com/GerbenJavado/LinkFinder
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: LinkFinder is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Python script that finds endpoints in JavaScript files by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

List of bug bounty writeups

• Website: https://pentester.land/list-of-bug-bounty-writeups.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: List of bug bounty writeups is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11

• Website: https://labs.bluefrostsecurity.de/files/Look_Mom_I_Dont_Use_Shellcode-WP.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

Letter M

This letter section contains 6 tools.

Making a Blind SQL Injection a little less blind

• Website: https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Making a Blind SQL Injection a little less blind is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SQL Injection.

Back to Name Jump

MINER

• Website: https://github.com/puppet-meteor/MINER
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: MINER is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request generation quality, and capture the unique errors caused by incorrect parameter usage.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > API.

Back to Name Jump

Minerva

• Website: https://github.com/ChijinZ/Minerva
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: Minerva is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > API.

Back to Name Jump

Misadventures in AWS

• Website: https://labs.f-secure.com/blog/misadventures-in-aws
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Misadventures in AWS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by Christian Demko.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > AWS.

Back to Name Jump

ModSecurity

• Website: http://www.modsecurity.org/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: ModSecurity is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

MySQL Error Based SQL Injection Using EXP

• Website: https://www.exploit-db.com/docs/english/37953-mysql-error-based-sql-injection-using-exp.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: MySQL Error Based SQL Injection Using EXP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SQL Injection.

Back to Name Jump

Letter N

This letter section contains 7 tools.

n0tr00t

• Website: https://www.n0tr00t.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: n0tr00t is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: ~# n0tr00t Security Team.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

nano

• Website: https://github.com/s0md3v/nano
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: nano is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Family of code golfed PHP shells by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Webshell.

Back to Name Jump

NAXSI

• Website: https://github.com/nbs-system/naxsi
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: NAXSI is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

Neat tricks to bypass CSRF-protection

• Website: https://zhuanlan.zhihu.com/p/32716181
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Neat tricks to bypass CSRF-protection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > CSRF.

Back to Name Jump

Neatly bypassing CSP

• Website: https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Neatly bypassing CSP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

notes

• Website: https://github.com/ChALkeR/notes
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: notes is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Some public notes by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

ntlm_challenger

• Website: https://github.com/b17zr/ntlm_challenger
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: ntlm_challenger is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Parse NTLM over HTTP challenge messages by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Others.

Back to Name Jump

Letter O

This letter section contains 8 tools.

Official Rails Security Guide

• Website: http://guides.rubyonrails.org/security.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Official Rails Security Guide is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Rails.

Back to Name Jump

open-appsec

• Website: https://github.com/openappsec/openappsec
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: open-appsec is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

OpenRASP

• Website: https://github.com/baidu/openrasp
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security, Awesome Web Security

What it does: OpenRASP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Runtime Application Self-Protection.

Back to Name Jump

OpnSec

• Website: https://opnsec.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: OpnSec is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Open Mind Security!.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

Orange

• Website: http://blog.orange.tw/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Orange is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Taiwan's talented web penetrator.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

ORM Injection

• Website: https://www.slideshare.net/simone.onofri/orm-injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: ORM Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > ORM Injection.

Back to Name Jump

ORM2Pwn: Exploiting injections in Hibernate ORM

• Website: https://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: ORM2Pwn: Exploiting injections in Hibernate ORM is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > ORM Injection.

Back to Name Jump

OWASP ZAP Node API

• Website: https://github.com/zaproxy/zap-api-nodejs
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: OWASP ZAP Node API is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Development.

Back to Name Jump

Letter P

This letter section contains 21 tools.

PayloadsAllTheThings - Command Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - Command Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Command Injection.

Back to Name Jump

PayloadsAllTheThings - CSRF Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - CSRF Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > CSRF - Cross-Site Request Forgery.

Back to Name Jump

PayloadsAllTheThings - CSV Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - CSV Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > CSV Injection.

Back to Name Jump

PayloadsAllTheThings - Open Redirect

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - Open Redirect is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Open Redirect.

Back to Name Jump

PayloadsAllTheThings - SAML Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SAML%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - SAML Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Security Assertion Markup Language (SAML).

Back to Name Jump

PayloadsAllTheThings - Server-Side Request Forgery

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - Server-Side Request Forgery is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > SSRF - Server-Side Request Forgery.

Back to Name Jump

PayloadsAllTheThings - SQL Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - SQL Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > SQL Injection.

Back to Name Jump

PayloadsAllTheThings - Upload Insecure Files

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - Upload Insecure Files is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Upload.

Back to Name Jump

PayloadsAllTheThings - XSS Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - XSS Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

PayloadsAllTheThings - XXE Injection

• Website: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20Injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PayloadsAllTheThings - XXE Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by various contributors.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XXE - XML eXternal Entity.

Back to Name Jump

Phishing with Unicode Domains

• Website: https://www.xudongz.com/blog/2017/idn-phishing/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Phishing with Unicode Domains is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > URL.

Back to Name Jump

PHP SSRF Techniques

• Website: https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: PHP SSRF Techniques is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

Piercing the Veil: Server Side Request Forgery to NIPRNet access

• Website: https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Piercing the Veil: Server Side Request Forgery to NIPRNet access is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

Poor RichFaces

• Website: https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Poor RichFaces is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

Portswigger Web Security Academy

• Website: https://portswigger.net/web-security
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Portswigger Web Security Academy is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Free trainings and labs - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > Application.

Back to Name Jump

Potential command injection in resolv.rb

• Website: https://github.com/ruby/ruby/pull/1777
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Potential command injection in resolv.rb is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Command Injection.

Back to Name Jump

Practical introduction to SSL/TLS

• Website: https://github.com/Hakky54/mutual-tls-ssl
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Practical introduction to SSL/TLS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > SSL/TLS.

Back to Name Jump

Practical Web Cache Poisoning

• Website: https://portswigger.net/blog/practical-web-cache-poisoning
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Practical Web Cache Poisoning is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Web Cache Poisoning.

Back to Name Jump

Prototype pollution attack in NodeJS application

• Website: https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Prototype pollution attack in NodeJS application is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Prototype Pollution.

Back to Name Jump

prowler

• Website: https://github.com/Alfresco/prowler
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: prowler is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Tool for AWS security assessment, auditing and hardening by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Auditing.

Back to Name Jump

pwngitmanager

• Website: https://github.com/allyshka/pwngitmanager
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: pwngitmanager is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Git manager for pentesters by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

Letter Q

This letter section contains 1 tools.

Query parameter reordering causes redirect page to render unsafe URL

• Website: https://hackerone.com/reports/293689
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Query parameter reordering causes redirect page to render unsafe URL is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

Letter R

This letter section contains 10 tools.

Rails Security - First part

• Website: https://hackmd.io/s/SkuTVw5O-
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Rails Security - First part is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Rails.

Back to Name Jump

Rails SQL Injection

• Website: https://rails-sqli.org
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Rails SQL Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Rails.

Back to Name Jump

Real-world JS - 1

• Website: https://blog.p6.is/Real-World-JS-1/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Real-world JS - 1 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Prototype Pollution.

Back to Name Jump

Reddit

• Website: https://www.reddit.com/r/websecurity/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Reddit is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Community.

Back to Name Jump

repo-supervisor

• Website: https://github.com/auth0/repo-supervisor
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: repo-supervisor is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Scan your code for security misconfiguration, search for passwords and secrets.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

REST-ler: Automatic Intelligent REST API Fuzzing, 2018

• Website: https://arxiv.org/abs/1806.09739
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: REST-ler: Automatic Intelligent REST API Fuzzing, 2018 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

RestTestGen

• Website: https://github.com/SeUniVr/RestTestGen
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Fuzzing

What it does: RestTestGen is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: RestTestGen is a robust tool and framework designed for automated black-box testing of RESTful web APIs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > API.

Back to Name Jump

reverse-shell

• Website: https://github.com/lukechilds/reverse-shell
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: reverse-shell is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Reverse Shell as a Service by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Webshell.

Back to Name Jump

Reverse-Shell-Manager

• Website: https://github.com/WangYihang/Reverse-Shell-Manager
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Reverse-Shell-Manager is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Reverse Shell Manager via Terminal .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Webshell.

Back to Name Jump

RIPS Technologies

• Website: https://blog.ripstech.com/tags/security/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: RIPS Technologies is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Write-ups for PHP vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

Letter S

This letter section contains 26 tools.

Scrutiny

• Website: https://datarift.blogspot.tw/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Scrutiny is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Internet Security through Web Browsers by Dhiraj Mishra.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

SELinux Game

• Website: http://selinuxgame.org/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SELinux Game is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Learn SELinux by doing. Solve Puzzles, show skillz - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > Application.

Back to Name Jump

Sending arbitrary IPC messages via overriding Function.prototype.apply

• Website: https://hackerone.com/reports/188086
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Sending arbitrary IPC messages via overriding Function.prototype.apply is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Sergey Bobrov

• Website: http://blog.blackfan.ru/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Sergey Bobrov is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > URL.

Back to Name Jump

Setting arbitrary request headers in Chromium via CRLF injection

• Website: https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Setting arbitrary request headers in Chromium via CRLF injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

slurp

• Website: https://github.com/hehnope/slurp
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: slurp is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Evaluate the security of S3 buckets by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Auditing.

Back to Name Jump

SMTP over XXE − how to send emails using Java's XML parser

• Website: https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SMTP over XXE − how to send emails using Java's XML parser is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > FTP Injection.

Back to Name Jump

snallygaster

• Website: https://github.com/hannob/snallygaster
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: snallygaster is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Tool to scan for secret files on HTTP servers by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Leaking.

Back to Name Jump

Some Problems Of URLs

• Website: https://noncombatant.org/2017/11/07/problems-of-urls/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Some Problems Of URLs is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > URL.

Back to Name Jump

Some Tricks From My Secret Group

• Website: https://www.leavesongs.com/SHARE/some-tricks-from-my-secret-group.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Some Tricks From My Secret Group is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Others.

Back to Name Jump

Some-PoC-oR-ExP

• Website: https://github.com/coffeehb/Some-PoC-oR-ExP
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Some-PoC-oR-ExP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: 各种漏洞poc、Exp的收集或编写 by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > PoCs > Database.

Back to Name Jump

SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge)

• Website: https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

SPLOITUS

• Website: https://sploitus.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SPLOITUS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Exploits & Tools Search Engine by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > PoCs > Database.

Back to Name Jump

SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE

• Website: https://pulsesecurity.co.nz/articles/postgres-sqli
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SQL Injection.

Back to Name Jump

SQL injection in an UPDATE query - a bug bounty story!

• Website: http://zombiehelp54.blogspot.jp/2017/02/sql-injection-in-update-query-bug.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SQL injection in an UPDATE query - a bug bounty story! is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SQL Injection.

Back to Name Jump

SQL Injection Pocket Reference

• Website: https://websec.ca/kb/sql_injection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SQL Injection Pocket Reference is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > SQL Injection.

Back to Name Jump

SQL Injection Wiki

• Website: https://sqlwiki.netspi.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SQL Injection Wiki is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > SQL Injection.

Back to Name Jump

sql_firewall

• Website: https://github.com/uptimejp/sql_firewall
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Security

What it does: sql_firewall is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: SQL Firewall Extension for PostgreSQL.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Web Application Firewall.

Back to Name Jump

sqlchop

• Website: https://sqlchop.chaitin.cn/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: sqlchop is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: SQL injection detection engine by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

SSD Advisory – Chrome Turbofan Remote Code Execution

• Website: https://blogs.securiteam.com/index.php/archives/3379
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SSD Advisory – Chrome Turbofan Remote Code Execution is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

SSRF in Exchange leads to ROOT access in all instances

• Website: https://hackerone.com/reports/341876
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SSRF in Exchange leads to ROOT access in all instances is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: A $25k bounty for SSRF leading to ROOT Access in all instances by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

SSRF in https://imgur.com/vidgif/url

• Website: https://hackerone.com/reports/115748
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SSRF in https://imgur.com/vidgif/url is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

SSRF Tips

• Website: http://blog.safebuff.com/2016/07/03/SSRF-Tips/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: SSRF Tips is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > SSRF.

Back to Name Jump

Stack Overflow

• Website: http://stackoverflow.com/questions/tagged/security
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Stack Overflow is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Community.

Back to Name Jump

Stealing CSRF tokens with CSS injection (without iFrames)

• Website: https://github.com/dxa4481/cssInjection
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Stealing CSRF tokens with CSS injection (without iFrames) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > CSRF.

Back to Name Jump

Stored XSS, and SSRF in Google using the Dataset Publishing Language

• Website: https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Stored XSS, and SSRF in Google using the Dataset Publishing Language is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Others.

Back to Name Jump

Letter T

This letter section contains 14 tools.

Take Advantage of Out-of-Scope Domains in Bug Bounty Programs

• Website: https://ahussam.me/Take-Advantage-of-Out-of-Scope-Domains-in-Bug-Bounty/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Take Advantage of Out-of-Scope Domains in Bug Bounty Programs is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

The Absurdly Underestimated Dangers of CSV Injection

• Website: http://georgemauer.net/2017/10/07/csv-injection.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Absurdly Underestimated Dangers of CSV Injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > CSV Injection.

Back to Name Jump

THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS

• Website: http://www.paulosyibelo.com/2018/06/the-big-bad-wolf-xss-and-maintaining.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

The bug bounty program that changed my life

• Website: http://10degres.net/the-bug-bounty-program-that-changed-my-life/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The bug bounty program that changed my life is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

The Bug Hunters Methodology v2.1

• Website: https://docs.google.com/presentation/d/1VpRT8dFyTaFpQa9jhehtmGaC7TqQniMSYbUdlHN6VrY/edit?usp=sharing
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Bug Hunters Methodology v2.1 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

The Cookie Monster in Your Browsers

• Website: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Cookie Monster in Your Browsers is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

The Daily Swig - Web security digest

• Website: https://portswigger.net/daily-swig
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Daily Swig - Web security digest is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Digests.

Back to Name Jump

The Definitive Security Data Science and Machine Learning Guide

• Website: http://www.covert.io/the-definitive-security-datascience-and-machinelearning-guide/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Definitive Security Data Science and Machine Learning Guide is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by JASON TROS.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

The inception bar: a new phishing method

• Website: https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The inception bar: a new phishing method is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

The Magic of Learning

• Website: https://bitvijays.github.io/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Magic of Learning is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Digests.

Back to Name Jump

The Register

• Website: http://www.theregister.co.uk/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The Register is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Biting the hand that feeds IT.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Forums.

Back to Name Jump

The world of Site Isolation and compromised renderer

• Website: https://speakerdeck.com/shhnjk/the-world-of-site-isolation-and-compromised-renderer
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: The world of Site Isolation and compromised renderer is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Frontend (like SOP bypass, URL spoofing, and something like that).

Back to Name Jump

Three roads lead to Rome

• Website: http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Three roads lead to Rome is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

TWITTER XSS + CSP BYPASS

• Website: http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: TWITTER XSS + CSP BYPASS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > CSP.

Back to Name Jump

Letter U

This letter section contains 4 tools.

Uber XSS via Cookie

• Website: http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Uber XSS via Cookie is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

Unicode Domains are bad and you should feel bad for supporting them

• Website: https://www.vgrsec.com/post20170219.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Unicode Domains are bad and you should feel bad for supporting them is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > URL.

Back to Name Jump

Upgrade self XSS to Exploitable XSS an 3 Ways Technic

• Website: https://www.hahwul.com/2019/11/upgrade-self-xss-to-exploitable-xss.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Upgrade self XSS to Exploitable XSS an 3 Ways Technic is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

uxss-db

• Website: https://github.com/Metnew/uxss-db
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: uxss-db is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Collection of UXSS CVEs with PoCs by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > PoCs > Database.

Back to Name Jump

Letter V

This letter section contains 1 tools.

VWGen

• Website: https://github.com/qazbnm456/VWGen
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: VWGen is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Vulnerable Web applications Generator by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Code Generating.

Back to Name Jump

Letter W

This letter section contains 13 tools.

WCTF2019: Gyotaku The Flag

• Website: https://westerns.tokyo/wctf2019-gtf/wctf2019-gtf-slides.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: WCTF2019: Gyotaku The Flag is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Web Application Firewall (WAF) Evasion Techniques

• Website: https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Web Application Firewall (WAF) Evasion Techniques is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > WAF.

Back to Name Jump

Web Application Firewall (WAF) Evasion Techniques #2

• Website: https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Web Application Firewall (WAF) Evasion Techniques #2 is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > WAF.

Back to Name Jump

Web Application Security Zone by Netsparker

• Website: https://www.netsparker.com/blog/web-security/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Web Application Security Zone by Netsparker is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Digests.

Back to Name Jump

webshell

• Website: https://github.com/tennc/webshell
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: webshell is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: This is a webshell open source project by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Webshell.

Back to Name Jump

Webshell-Sniper

• Website: https://github.com/WangYihang/Webshell-Sniper
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Webshell-Sniper is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Manage your website via terminal by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Webshell.

Back to Name Jump

wfuzz

• Website: https://github.com/xmendez/wfuzz
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: wfuzz is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Web application bruteforcer by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Fuzzing.

Back to Name Jump

What is a Side-Channel Attack ?

• Website: https://www.csoonline.com/article/3388647/what-is-a-side-channel-attack-how-these-end-runs-around-encryption-put-everyone-at-risk.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: What is a Side-Channel Attack ? is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Crypto.

Back to Name Jump

What is going on with OAuth 2.0? And why you should not use it for authentication.

• Website: https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: What is going on with OAuth 2.0? And why you should not use it for authentication. is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > OAuth.

Back to Name Jump

What You Didn't Know About XML External Entities Attacks

• Website: https://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: What You Didn't Know About XML External Entities Attacks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

Whonow DNS Server

• Website: https://github.com/brannondorsey/whonow
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Whonow DNS Server is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: A malicious DNS server for executing DNS Rebinding attacks on the fly by.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > DNS Rebinding.

Back to Name Jump

Why mail() is dangerous in PHP

• Website: https://blog.ripstech.com/2017/why-mail-is-dangerous-in-php/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Why mail() is dangerous in PHP is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Webmail.

Back to Name Jump

Wiping Out CSRF

• Website: https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Wiping Out CSRF is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > CSRF - Cross-Site Request Forgery.

Back to Name Jump

Letter X

This letter section contains 17 tools.

X-Frame-Options: All about Clickjacking?

• Website: https://github.com/cure53/Publications/blob/master/xfo-clickjacking.pdf?raw=true
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: X-Frame-Options: All about Clickjacking? is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Clickjacking.

Back to Name Jump

XML external entity (XXE) injection

• Website: https://portswigger.net/web-security/xxe
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XML external entity (XXE) injection is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XXE - XML eXternal Entity.

Back to Name Jump

XML Out-Of-Band Data Retrieval

• Website: https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XML Out-Of-Band Data Retrieval is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by Timur Yunusov and Alexey Osipov.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > FTP Injection.

Back to Name Jump

XML Schema, DTD, and Entity Attacks

• Website: https://www.vsecurity.com/download/publications/XMLDTDEntityAttacks.pdf
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XML Schema, DTD, and Entity Attacks is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by and Omar Al Ibrahim.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XXE - XML eXternal Entity.

Back to Name Jump

XSS Challenges

• Website: http://xss-quiz.int21h.jp/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS Challenges is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Series of XSS challenges - Written by yamagata21.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > XSS.

Back to Name Jump

XSS game

• Website: https://xss-game.appspot.com/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS game is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Google XSS Challenge - Written by Google.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Practices > XSS.

Back to Name Jump

XSS in Google Colaboratory + CSP bypass

• Website: https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS in Google Colaboratory + CSP bypass is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

XSS via a spoofed React element

• Website: http://danlec.com/blog/xss-via-a-spoofed-react-element
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS via a spoofed React element is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > ReactJS.

Back to Name Jump

XSS without HTML: Client-Side Template Injection with AngularJS

• Website: http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS without HTML: Client-Side Template Injection with AngularJS is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > AngularJS.

Back to Name Jump

XSS without parentheses and semi-colons

• Website: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS without parentheses and semi-colons is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

XSS-Auditor — the protector of unprotected and the deceiver of protected.

• Website: https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS-Auditor — the protector of unprotected and the deceiver of protected. is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XSS.

Back to Name Jump

XSS.png

• Website: https://github.com/LucaBongiorni/XSS.png
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XSS.png is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by @jackmasa.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XSS - Cross-Site Scripting.

Back to Name Jump

xsschop

• Website: https://xsschop.chaitin.cn/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: xsschop is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: XSS detection engine by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

XXE

• Website: https://phonexicum.github.io/infosec/xxe.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XXE is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > XXE - XML eXternal Entity.

Back to Name Jump

XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)

• Website: http://seclists.org/fulldisclosure/2018/Jul/3
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

XXE OOB exploitation at Java 1.7+

• Website: http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XXE OOB exploitation at Java 1.7+ is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Exfiltration using FTP protocol - Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > FTP Injection.

Back to Name Jump

XXE OOB extracting via HTTP+FTP using single opened port

• Website: https://skavans.ru/en/2017/12/02/xxe-oob-extracting-via-httpftp-using-single-opened-port/
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: XXE OOB extracting via HTTP+FTP using single opened port is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

Letter Z

This letter section contains 1 tools.

Zen Rails Security Checklist

• Website: https://github.com/brunofacca/zen-rails-security-checklist
• Model: Open Source
• Category: Web & API Security
• Source Lists: Awesome Web Security

What it does: Zen Rails Security Checklist is used in web & api security programs to support application-layer threat prevention and request/response validation. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Rails.

Back to Name Jump