awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

8 repositorios

Awesome GitHub RepositoriesHost Header Validations

Verification of the HTTP host header against a list of trusted domains to prevent host poisoning attacks.

Distinct from Domain Trust Validation: Focuses on network-level host header validation rather than AI domain trust or certificate validation.

Explore 8 awesome GitHub repositories matching security & cryptography · Host Header Validations. Refine with filters or upvote what's useful.

Awesome Host Header Validations GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • helmetjs/helmetAvatar de helmetjs

    helmetjs/helmet

    10,692Ver en GitHub↗

    Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel

    Sets custom X-Frame-Options header values, including the obsolete ALLOW-FROM directive, via middleware.

    TypeScripthelmethttp-headersjavascript
    Ver en GitHub↗10,692
  • getpaseo/paseoAvatar de getpaseo

    getpaseo/paseo

    9,118Ver en GitHub↗

    Paseo is an LLM coding agent orchestrator and multi-agent workflow manager designed to coordinate multiple AI agents across isolated git worktrees. It provides a unified control interface for managing these agents and their associated environments to execute complex programming tasks. The system distinguishes itself through a remote agent daemon that enables secure access to local coding agents via encrypted relays. It employs a git worktree environment manager to isolate parallel tasks into dedicated directories and branch-based server URLs, preventing file collisions and network port confli

    Verifies the HTTP host header against a trusted allowlist to prevent DNS rebinding attacks.

    TypeScriptadeagentsclaude-code
    Ver en GitHub↗9,118
  • nextcloud/all-in-oneAvatar de nextcloud

    nextcloud/all-in-one

    9,082Ver en GitHub↗

    all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on

    Prevents host poisoning by validating the host header of incoming requests against permitted hostnames.

    PHPbackupdockernextcloud
    Ver en GitHub↗9,082
  • yandex/gixyAvatar de yandex

    yandex/gixy

    8,570Ver en GitHub↗

    Gixy is a static configuration analyzer and security auditor for Nginx. It functions as an infrastructure-as-code security scanner and web server configuration linter designed to identify vulnerabilities and misconfigurations in server definitions before deployment. The tool focuses on detecting high-risk security flaws, including host header spoofing, server-side request forgery, and path traversal. It specifically audits Nginx configurations for risks such as HTTP splitting, multiline header issues, and unauthorized third-party access resulting from incorrect Referer or Origin header patter

    Identifies risks where forged Host headers could lead to phishing or server-side request forgery.

    Python
    Ver en GitHub↗8,570
  • nexu-io/html-anythingAvatar de nexu-io

    nexu-io/html-anything

    7,275Ver en GitHub↗

    Este proyecto es un generador de artefactos HTML para LLM y un previsualizador en sandbox diseñado para la creación rápida de prototipos y contenido. Funciona como un puente de agente de IA local que reutiliza sesiones autenticadas de agentes de codificación de línea de comandos para ejecutar tareas de generación sin requerir claves de API separadas. El sistema convierte diseños web en formatos específicos de plataforma a través de una herramienta de exportación a redes sociales, utilizando CSS y metadatos en línea para garantizar una publicación consistente. Emplea un entorno de renderizado en sandbox para ejecutar código y scripts generados por IA de forma aislada, protegiendo al navegador anfitrión de envenenamiento. La plataforma maneja la transformación de contenido convirtiendo datos estructurados (incluyendo CSV, JSON y SQL) en artefactos web pulidos como páginas de destino, informes profesionales y mazos de presentación. Admite actualizaciones visuales en tiempo real mediante el streaming de código generado por IA al navegador a través de eventos enviados por el servidor. Las capacidades de exportación incluyen la conversión de nodos web renderizados en imágenes PNG de alta resolución y archivos HTML independientes.

    Validates HTTP host headers against a permitted list of domains to prevent DNS rebinding and unauthorized access.

    HTML
    Ver en GitHub↗7,275
  • daffainfo/allaboutbugbountyAvatar de daffainfo

    daffainfo/AllAboutBugBounty

    6,644Ver en GitHub↗

    AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co

    Documents a specific technique for bypassing host header validation using override headers.

    bugbugbountybugbountytips
    Ver en GitHub↗6,644
  • requestly/requestlyAvatar de requestly

    requestly/requestly

    6,341Ver en GitHub↗

    Overrides X-Frame-Options headers to allow embedding pages in iframes during testing.

    TypeScriptapiapi-clientapi-mock
    Ver en GitHub↗6,341
  • jhuckaby/cronicleAvatar de jhuckaby

    jhuckaby/Cronicle

    5,745Ver en GitHub↗

    Cronicle is a distributed job scheduler that replaces traditional cron with a browser-based management interface. It runs scheduled tasks across a cluster of servers with automatic failover, using a custom cron parser that intersects day-of-month and day-of-week constraints when both are specified. The system executes jobs through a plugin framework that runs command-line scripts in any language, communicating via JSON over standard input and output. The scheduler provides a web-based real-time dashboard for monitoring running jobs with live logs, resource usage charts, and progress updates.

    Rejects incoming HTTP requests unless the Host header matches a configured domain name.

    JavaScript
    Ver en GitHub↗5,745
  1. Home
  2. Security & Cryptography
  3. Host Header Validations

Explorar subetiquetas

  • Absolute URL Override TechniquesTechniques that supply an absolute URL in the request line to override the Host header and bypass validation. **Distinct from Host Header Validations:** Distinct from Host Header Validations: focuses on bypassing validation via absolute URL injection rather than general host header verification.
  • Header Duplication Bypass TechniquesTechniques that send multiple Host headers in a single request to confuse the server and bypass validation checks. **Distinct from Host Header Validations:** Distinct from Host Header Validations: focuses on bypassing validation via header duplication rather than general host header verification.
  • Header Wrapping Bypass TechniquesTechniques that insert line-wrapped Host headers to evade parsing logic and inject a malicious host value. **Distinct from Host Header Validations:** Distinct from Host Header Validations: focuses on bypassing validation via header wrapping rather than general host header verification.
  • Host Header InjectionsTechniques for modifying the Host or X-Forwarded-Host header to manipulate server-side behavior, such as redirecting reset links to attacker-controlled domains. **Distinct from Host Header Validations:** Distinct from Host Header Validations: focuses on exploiting host header injection vulnerabilities rather than validating them.
  • Override Header Bypass Techniques1 sub-etiquetaTechniques that use alternative headers like X-Forwarded-Host to override the server's host value and bypass validation. **Distinct from Host Header Validations:** Distinct from Host Header Validations: focuses on bypassing validation via override headers rather than general host header verification.