# Web App Security and Exploitation > Search results for `Web App Security and Exploitation` on awesome-repositories.com. 116 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/web-app-security-and-exploitation **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/web-app-security-and-exploitation).** ## Results - [qazbnm456/awesome-web-security](https://awesome-repositories.com/repository/qazbnm456-awesome-web-security.md) (13,097 ⭐) — This project serves as a comprehensive cybersecurity training platform and resource repository focused on web application security. It functions as a centralized hub for security practitioners, providing both a curated collection of technical documentation and research, and a system for deploying isolated, containerized environments to practice security analysis and exploitation techniques. The platform distinguishes itself by integrating automated data aggregation with hands-on, container-based orchestration. It maintains a current knowledge base of industry research and digital threats whil - [drduh/macos-security-and-privacy-guide](https://awesome-repositories.com/repository/drduh-macos-security-and-privacy-guide.md) (22,449 ⭐) — This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k - [drduh/os-x-security-and-privacy-guide](https://awesome-repositories.com/repository/drduh-os-x-security-and-privacy-guide.md) (22,444 ⭐) — This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa - [beefproject/beef](https://awesome-repositories.com/repository/beefproject-beef.md) (10,728 ⭐) — BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and - [offensive-security/exploit-database](https://awesome-repositories.com/repository/offensive-security-exploit-database.md) (7,849 ⭐) — This project is a public exploit code archive and vulnerability database. It serves as a collection of documented software exploits and vulnerability data, providing a reference library of exploit scripts and payloads used to validate security flaws in target environments. The archive supports security threat intelligence, vulnerability research, and penetration testing workflows. It functions as a historical record of software vulnerabilities and the proof-of-concept code used to trigger them. The codebase is organized through directory-based categorization and flat-file data storage, utili - [ultimatehackers/xsstrike](https://awesome-repositories.com/repository/ultimatehackers-xsstrike.md) (15,027 ⭐) — XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques. - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules wit - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [chybeta/web-security-learning](https://awesome-repositories.com/repository/chybeta-web-security-learning.md) (4,300 ⭐) — Web-Security-Learning - [hahwul/dalfox](https://awesome-repositories.com/repository/hahwul-dalfox.md) (4,846 ⭐) — Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL i - [briland/llm-security-and-privacy](https://awesome-repositories.com/repository/briland-llm-security-and-privacy.md) (54 ⭐) — LLM security and privacy - [fuzzdb-project/fuzzdb](https://awesome-repositories.com/repository/fuzzdb-project-fuzzdb.md) (8,819 ⭐) — fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s - [coder/code-server](https://awesome-repositories.com/repository/coder-code-server.md) (78,024 ⭐) — This project provides a remote development platform that enables users to access a full-featured integrated development environment through a standard web browser. By decoupling the user interface from the server-side filesystem, it allows for persistent coding workspaces to be hosted on remote servers, virtual machines, or cloud-native infrastructure, ensuring a consistent development experience from any device. The platform distinguishes itself through a secure gateway architecture that manages traffic, authentication, and encryption at the edge. It utilizes persistent WebSocket connections - [notselwyn/exploits](https://awesome-repositories.com/repository/notselwyn-exploits.md) (28 ⭐) — Custom exploits - [florinpop17/app-ideas](https://awesome-repositories.com/repository/florinpop17-app-ideas.md) (95,036 ⭐) — App-ideas is a development platform that integrates autonomous AI agents into local environments to orchestrate code review, automated fix application, and workflow management. It functions as a command-line interface that connects external AI assistants to your codebase, enabling iterative development cycles through plugin-based integration and natural language triggers. The platform distinguishes itself through a robust static analysis engine that traverses syntax trees to enforce structural coding standards and identify violations. Users can define custom review rules, architectural prefer - [windowsexploits/exploits](https://awesome-repositories.com/repository/windowsexploits-exploits.md) (1,302 ⭐) — Windows Exploits - [chaitin/xray](https://awesome-repositories.com/repository/chaitin-xray.md) (11,612 ⭐) — Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro - [webgoat/webgoat](https://awesome-repositories.com/repository/webgoat-webgoat.md) (9,160 ⭐) — WebGoat is a deliberately insecure web application designed as an interactive security lab for learning how to identify and exploit common web vulnerabilities. It serves as a containerized sandbox that allows for the simulation and experimentation of web-based attacks and penetration testing techniques without risking production systems. The project functions as a learning lab that maps specific insecure coding patterns to structured lessons. It implements simulated server-side flaws to provide a hands-on environment for studying common security vulnerabilities and defensive coding practices. - [scannells/exploits](https://awesome-repositories.com/repository/scannells-exploits.md) (52 ⭐) — Some exploits I have written to showcase and to share - [flutter-team-archive/plugins](https://awesome-repositories.com/repository/flutter-team-archive-plugins.md) (17,710 ⭐) — This project is a collection of official plugin packages and a native integration library designed to provide a consistent interface for accessing hardware and software functionality across different mobile and desktop platforms. It serves as a native platform bridge, enabling cross-platform applications to invoke native code and manage operating system dependencies. The project utilizes a federated plugin architecture, splitting plugins into common interfaces and separate platform implementations to allow for independent development and extension. It further supports native integration throu - [trimstray/the-book-of-secret-knowledge](https://awesome-repositories.com/repository/trimstray-the-book-of-secret-knowledge.md) (228,641 ⭐) — This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal - [electron/electron](https://awesome-repositories.com/repository/electron-electron.md) (121,727 ⭐) — This framework provides a multi-process architecture for building desktop applications using web technologies. It manages the application lifecycle, window states, and system-level integrations through a primary entry point, while isolating web content in separate rendering processes to maintain stability and security. A secure bridge mechanism facilitates communication between these isolated contexts and the main process, ensuring that privileged system APIs remain protected. The framework distinguishes itself through a comprehensive security model that includes process sandboxing, content p - [questescape/exploit](https://awesome-repositories.com/repository/questescape-exploit.md) (120 ⭐) — Kernel exploits for the Oculus Quest - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [electron/electron-api-demos](https://awesome-repositories.com/repository/electron-electron-api-demos.md) (10,235 ⭐) — This repository provides a collection of interactive sample applications and reference implementations for the Electron framework. It serves as a library of API reference demos designed to help developers learn how to implement core desktop features. The project features visual demonstrations of cross-platform GUI management and practical examples of native operating system integration. It includes dedicated samples for handling native modules, crash reports, and the configuration of security implementations such as content security policies and process sandboxing. The codebase covers a broa - [aspnet/security](https://awesome-repositories.com/repository/aspnet-security.md) (1,287 ⭐) — [Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore - [xairy/linux-kernel-exploitation](https://awesome-repositories.com/repository/xairy-linux-kernel-exploitation.md) (6,498 ⭐) — A collection of links related to Linux kernel security and exploitation - [digininja/dvwa](https://awesome-repositories.com/repository/digininja-dvwa.md) (13,229 ⭐) — DVWA is a vulnerable web application lab and penetration testing sandbox designed to simulate common security flaws. It serves as a training platform for the OWASP Top 10 security risks and functions as a PHP and MySQL security lab for practicing the identification and exploitation of web vulnerabilities. The project provides a graduated learning experience through configurable security levels that adjust the difficulty of the vulnerabilities. It also supports switching between different database engines to research how various storage systems respond to injection attacks. The application is - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essentia - [juice-shop/juice-shop](https://awesome-repositories.com/repository/juice-shop-juice-shop.md) (12,530 ⭐) — Juice Shop is a self-contained web application designed as a platform for cybersecurity education and security training. It functions as a controlled environment containing intentional security flaws, allowing users to practice offensive security techniques and defensive coding practices while tracking their progress through a live scoreboard. The platform serves as an industry-standard benchmark for evaluating the effectiveness and detection accuracy of automated security scanning tools. By hosting a standardized set of known vulnerabilities and common attack patterns, it provides a reliable - [flutter/flutter](https://awesome-repositories.com/repository/flutter-flutter.md) (177,056 ⭐) — This project is a multi-platform UI framework designed for building applications that target mobile, web, and desktop environments from a single codebase. It utilizes a declarative paradigm where the user interface is defined as a function of application state, supported by a layered architecture that includes a high-performance rendering engine and a multi-platform compilation model. The framework provides a comprehensive suite of developer tools, including hot reloading for real-time code injection and diagnostic utilities for monitoring application state and performance. It features a modu - [smith-and-web/kindling](https://awesome-repositories.com/repository/smith-and-web-kindling.md) (45 ⭐) — Free, open-source writing software for plotters and outliners. Bridge the gap between your story outline and your first draft. - [aviaryan/awesome-no-login-web-apps](https://awesome-repositories.com/repository/aviaryan-awesome-no-login-web-apps.md) (3,254 ⭐) — 🚀 Awesome (free) web apps that work without login - [fatih/vim-go](https://awesome-repositories.com/repository/fatih-vim-go.md) (16,242 ⭐) — This project is a comprehensive development plugin for the Vim text editor, designed to transform the editor into a specialized environment for Go software development. It provides a suite of integrated tools that facilitate the entire development lifecycle, including writing, maintaining, and navigating Go source code. The plugin distinguishes itself by orchestrating external command-line binaries and language servers to perform heavy analysis, compilation, and formatting tasks as background processes. By mapping editor events to these external tools and utilizing virtual file system synchro - [googlechrome/lighthouse](https://awesome-repositories.com/repository/googlechrome-lighthouse.md) (30,355 ⭐) — Lighthouse is an automated diagnostic tool that evaluates web pages against industry standards for performance, accessibility, and search engine optimization. It functions as a programmatic analysis engine and a command-line utility, allowing developers to integrate comprehensive web quality checks directly into continuous integration pipelines and local development workflows. The project distinguishes itself through a modular architecture that utilizes artifact-based data collection to ensure consistent analysis across different environments. It supports a headless execution mode for automat - [sundaysec/android-exploits](https://awesome-repositories.com/repository/sundaysec-android-exploits.md) (988 ⭐) — A collection of android Exploits and Hacks - [ethicalhack3r/dvwa](https://awesome-repositories.com/repository/ethicalhack3r-dvwa.md) (13,236 ⭐) — DVWA is a vulnerable web application sandbox and PHP security training environment. It serves as a deployable penetration testing target and an OWASP Top 10 lab designed for practicing exploits and simulating common web security vulnerabilities. The application allows users to adjust security difficulty levels to match their skill level and toggle between different SQL database engines to test how various systems handle injection attacks. It includes a mechanism to disable authentication, enabling automated security tools to interact directly with the environment. The project provides capabi - [daffainfo/allaboutbugbounty](https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty.md) (6,644 ⭐) — AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co - [googlechrome/chrome-extensions-samples](https://awesome-repositories.com/repository/googlechrome-chrome-extensions-samples.md) (17,623 ⭐) — This repository serves as a comprehensive reference library for browser extension development, providing a collection of code samples and implementation patterns. It is designed to help developers understand the requirements for building extensions that adhere to current manifest standards, specifically focusing on the transition to and implementation of version three specifications. The project provides functional examples for core extension capabilities, including the use of event-driven background service workers, isolated content script injection, and message-passing for inter-process com - [kayranfatih/awesome-iot-and-hardware-security](https://awesome-repositories.com/repository/kayranfatih-awesome-iot-and-hardware-security.md) (42 ⭐) — A collection of awesome tools, books, resources, software, documents and cool stuff about IoT and HW security. - [mubix/post-exploitation](https://awesome-repositories.com/repository/mubix-post-exploitation.md) (1,582 ⭐) — Post Exploitation Collection - [heyputer/puter](https://awesome-repositories.com/repository/heyputer-puter.md) (42,318 ⭐) — Puter is a browser-based desktop environment and cloud-native development platform that provides a virtualized graphical workspace. It enables developers to build and deploy full-stack web applications by integrating cloud storage, authentication, and serverless backend logic directly into the browser, eliminating the need for traditional server infrastructure. The platform distinguishes itself through a unified cloud storage layer and a distributed network runtime that facilitates peer-to-peer communication and cross-origin resource fetching. It features a sophisticated cross-window orchestr - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [golang/go](https://awesome-repositories.com/repository/golang-go.md) (134,756 ⭐) — Go is a statically typed, compiled programming language designed for building scalable, concurrent software. It provides a memory-safe execution environment that combines a high-performance runtime with a self-hosting compiler toolchain, enabling the creation of statically linked machine code binaries without external dependencies. The language is built around a structural type system that uses interfaces for polymorphism and a concurrency model based on lightweight, stack-based coroutines that communicate through channels. The language distinguishes itself through a runtime that features a c - [asyncfuncai/deepwiki-open](https://awesome-repositories.com/repository/asyncfuncai-deepwiki-open.md) (14,362 ⭐) — This platform is an automated documentation and codebase analysis system designed to generate structured wikis, technical guides, and interactive diagrams from source code repositories. It functions as a retrieval-augmented generation framework that connects codebases to language models, enabling context-aware answers, deep research, and automated documentation updates through semantic vector search. The system distinguishes itself through a self-hosted, containerized architecture that supports both cloud-based and local AI model execution. It provides sophisticated model orchestration, allow - [toolness/security-adventure](https://awesome-repositories.com/repository/toolness-security-adventure.md) (334 ⭐) — This repository contains an exciting quest to learn about Web security by learning about vulnerabilities, exploiting them, and then crafting code to protect against them. - [ambionics/laravel-exploits](https://awesome-repositories.com/repository/ambionics-laravel-exploits.md) (290 ⭐) — Exploit for CVE-2021-3129 - [binwiederhier/ntfy](https://awesome-repositories.com/repository/binwiederhier-ntfy.md) (30,790 ⭐) — ntfy is a self-hosted messaging infrastructure that provides a lightweight platform for sending and receiving real-time notifications. It functions as a topic-based pub-sub server, allowing users to publish and subscribe to message channels using standard HTTP requests. By bridging server-side events with native mobile and desktop clients, it enables the delivery of alerts across various environments through a unified communication layer. The project distinguishes itself by offering a complete, private notification ecosystem that includes persistent message caching and robust access control.