Application Security

OWASP API Security Top 10 Vulnerabilities

API Security Checklist

Keyhacks

Vulnerable API Instance by @raj-kumar-j

Hacking APIs book by Corey Ball

DVWS: Vulnerable application with web service and API

DVGA: Vulnerable GraphQL API application

API Workshop by Corey Ball

OWASP API Tool List

MindAPI - interactive Mind Map

Grapql-cop

graphql voyager -converts a response of an introspection query into a visual graph that maps

InQL -can inspect the introspection query results and generate clean documentation in different formats (Burp Extension)

Online JSON Web Token (JWT) Tool/Reference !

SOAPUI

Postman

Kubeshark - API Traffic Viewer for Kubernetes

Metlo - API security tool

KiteRunner

Back end Servers

The hardware and operating system that hosts all other components and are usually run on operating systems like Linux, Windows, or using Containers.

Web Servers

Web servers handle HTTP requests and connections. Some examples are Apache, NGINX, and IIS.

Databases

Databases (DBs) store and retrieve the web application data. Some examples of relational databases are MySQL, MSSQL, Oracle, PostgreSQL, while examples of non-relational databases include NoSQL and MongoDB.

Development Frameworks

Development Frameworks are used to develop the core Web Application. Some well-known frameworks include PHP, C#, Java, Python, and NodeJS JavaScript

OWASP WSTG 4.2 !

Burpsuite: Commercial Web app testing tool !

Awesome Application Security Checklist

OWASP Cheat Sheet Series

Awesome Web Hacking from @infoslack

Awesome Web Security

PortSwigger Web Security Academy Lab Files from @rkhal101

Hack-Tools Chrome Extension for Web Pentesting

OWASP Vulnerability Scanner Tool List

Awesome Hacking Resources

Damn Vulnerable PHP App

Vulnerable Java Application

OWASP Secrets Management focused vulnerable app

403 byebye

TCM Security PWST Lab Environment !

Web Pentesting Checklist by Joas

Hetty tool

HBSQLi

OWASP MASVS -Mobile Application Security Verification Standard

OWASP MSTG - Mobile Application Security Testing Guide

OWASP MAS Checklist

iOS Testing Guide by Security Innovation

Secure Coding guide by JSSEC

Intro to Android Pentesting by HackTheBox

Bug Hunter Handbook

Awesome Bug Bounty Resources

Awesome Bug Bounty Hunting Tool

All About Bug Bounty Note Repo

BugHunter Handbook

Bug Bounty Wiki

VulnPlanet - Vulnerable code snippets with fixes

Final Recon (Web Reconnaissance) from @thewhiteh4t

Sublist3r

patator

ffuf

wfuzz

xnLinkFinder

WebOSINT

All in One Recon Tool (AORT)

katana by ProjectDiscovery

Domain to IP converter (Python) by @YSSVirus

Cariddi by @edoardott

CeWL

fzf - Use alias in CLI to easily discover installed wordlists

SecLists - various lists

MayorSec DNS Scan !

PureDNS

DNSrr

AquaTone

DNSReaper

HackTools Browser Extension Repo (Easier install from extension menu)

Penetration Testing Kit Browser Extension !

Wappalyzer Browser Extension

Vulners Browser Extension

Awesome Burp Extensions

Burp Upload Scanner

Dorkish (Recon)

Nuclei burp plugin (in Bapp store) - generate nuclei template from burp requests

HackBar Extension (in Bapp store) - Security testing Payloads

IP Rotate Burp Extension (in BApp store)

Bypass-WAF (in BAPP store)

Autorize - Automatic authorization enforcement detection

Hackvertor – Handy type conversion

Sensitive Discoverer - Discovers sensitive information inside HTTP messages

wafw00f from @enableSecurity

---

---

Online Javascript Obfuscator

JavaScript Console (test javascript code excution)

Toptal JavaScript-Minifier

Beautifier (obfuscator/code editor for CSS, HTML and JS)

JSNice (JS de-obfuscator)

Prettier (obfuscator/code editor)

PortSwigger XSS Cheat Sheet !

XSS Exploitatation Tool

Tiny XSS Payloads

D4rkXSS

IbrahimXSS

SqlMap: An SQL injection and database takeover tool !

SQL Injection Cheatsheet

Advanced SQL Injection Cheatsheet !

Ghauri

Userefuzz - SQLi Fuzzing tool

SQLi Knowledge Base

SQLRecon - C# Recon and Exploitation for MSSQL

PySQLRecon - Python Recon and Exploitation for MSSQL

ysoerial for Java libraries

Java Deserialization CheatSheet

ysoserial for .NET libraries

PHP Generic Gadget chains (PHPGGC) - AKA "ysoserial for PHP"