rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update lists

Browse Source
This commit is contained in:
Jonas Zeunert
2025-07-18 22:22:32 +02:00
parent 55bed3b4a1
commit 5916c5c074
3078 changed files with 331679 additions and 357255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
terminal/websecurity
View File

@@ -1,20 +1,26 @@
 Awesome Web Security !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
▐ !IMPORTANT 
▐ My Web Pentest Training is accepted by Black Hat 2025 (https://www.blackhat.com/us-25/training/schedule/index.html#web-hacking-from--to--44516) 🎉🎉🎉 Please come and join the course with me 🤓
▐ 
▐ To celebrate this unforgettable moment (and sorry for not updating the repo since a while), I'll do a complete revamp of all the contents of this long-lasting repository in the coming weeks to catch up with the knowledge and tricks that have 
▐ happened over these years.
 Awesome Web Security !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
 (https://www.w3.org/TR/html5/)
▐ 🐶 Curated list of Web Security materials and resources.
Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' 
security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security 
researcher? (https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher)" first.
Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, 
etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher? 
(https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher)" first.
Please read the contribution guidelines (CONTRIBUTING.md) before contributing.
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
If you enjoy this awesome list and would like to support it, check out my Patreon (https://www.patreon.com/boik) page :)Also, don't forget to check out my repos (https://github.com/qazbnm456) 🐾 or say hi on my Twitter 
(https://twitter.com/qazbnm456)!
@@ -322,8 +328,7 @@
Crypto
- Applied Crypto Hardening (https://bettercrypto.org/) - Written by The bettercrypto.org Team (https://bettercrypto.org/).
- What is a Side-Channel Attack ? (https://www.csoonline.com/article/3388647/what-is-a-side-channel-attack-how-these-end-runs-around-encryption-put-everyone-at-risk.html) - Written by J.M Porup 
(https://www.csoonline.com/author/J.M.-Porup/).
- What is a Side-Channel Attack ? (https://www.csoonline.com/article/3388647/what-is-a-side-channel-attack-how-these-end-runs-around-encryption-put-everyone-at-risk.html) - Written by J.M Porup (https://www.csoonline.com/author/J.M.-Porup/).
Web Shell
@@ -342,8 +347,7 @@
DNS Rebinding
- Attacking Private Networks from the Internet with DNS Rebinding (https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by @brannondorsey 
(https://medium.com/@brannondorsey)
- Attacking Private Networks from the Internet with DNS Rebinding (https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by @brannondorsey (https://medium.com/@brannondorsey)
- Hacking home routers from the Internet (https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by @radekk (https://medium.com/@radekk)
@@ -360,7 +364,7 @@
OAuth
- Introduction to OAuth 2.0 and OpenID Connect (https://pragmaticwebsecurity.com/courses/introduction-oauth-oidc.html) - Written by @PhilippeDeRyck (https://twitter.com/PhilippeDeRyck).
- What is going on with OAuth 2.0? And why you should not use it for authentication. (https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - Written by @damianrusinek
- What is going on with OAuth 2.0? And why you should not use it for authentication. (https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611) - Written by @damianrusinek 
(https://medium.com/@damianrusinek).
@@ -391,8 +395,8 @@
- Web Application Firewall (WAF) Evasion Techniques (https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) - Written by @secjuice (https://twitter.com/secjuice).
- Web Application Firewall (WAF) Evasion Techniques #2 (https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0) - Written by @secjuice (https://twitter.com/secjuice).
- Airbnb  When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities 
(https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/) - Written by @Brett Buerhaus (https://twitter.com/bbuerhaus).
- Airbnb  When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities (https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/) - 
Written by @Brett Buerhaus (https://twitter.com/bbuerhaus).
- How to bypass libinjection in many WAF/NGWAF (https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f) - Written by @d0znpp (https://medium.com/@d0znpp).
@@ -403,8 +407,8 @@
Authentication
- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) (http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html) -
Written by @malerisch (https://twitter.com/malerisch) and @steventseeley (https://twitter.com/steventseeley).
- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) (http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html) - Written 
by @malerisch (https://twitter.com/malerisch) and @steventseeley (https://twitter.com/steventseeley).
Tricks
@@ -414,8 +418,7 @@
- Neat tricks to bypass CSRF-protection (https://zhuanlan.zhihu.com/p/32716181) - Written by Twosecurity (https://twosecurity.io/).
- Exploiting CSRF on JSON endpoints with Flash and redirects (https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b) - Written by @riyazwalikar (https://blog.appsecco.com/@riyazwalikar).
- Stealing CSRF tokens with CSS injection (without iFrames) (https://github.com/dxa4481/cssInjection) - Written by @dxa4481 (https://github.com/dxa4481).
- Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters (https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by @rramgattie 
(https://blog.securityevaluators.com/@rramgattie).
- Cracking Javas RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters (https://blog.securityevaluators.com/cracking-javas-rng-for-csrf-ea9cacd231d2) - Written by @rramgattie (https://blog.securityevaluators.com/@rramgattie).
- If HttpOnly You Could Still CSRF… Of CORS you can! (https://medium.com/@_graphx/if-httponly-you-could-still-csrf-of-cors-you-can-5d7ee2c7443) - Written by @GraphX (https://twitter.com/GraphX).
@@ -430,8 +433,7 @@
- WebLogic RCE (CVE-2019-2725) Debug Diary (https://paper.seebug.org/910/) - Written by Badcode@Knownsec 404 Team.
- What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. 
(https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) - Written by @breenmachine (https://twitter.com/@breenmachine).
- Exploiting Node.js deserialization bug for Remote Code Execution (https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/) - Written by OpSecX 
(https://opsecx.com/index.php/author/ajinabraham/).
- Exploiting Node.js deserialization bug for Remote Code Execution (https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/) - Written by OpSecX (https://opsecx.com/index.php/author/ajinabraham/).
- DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE (https://www.ambionics.io/blog/drupal-services-module-rce) - Written by Ambionics Security (https://www.ambionics.io/).
- How we exploited a remote code execution vulnerability in math.js (https://capacitorset.github.io/mathjs/) - Written by @capacitorset (https://github.com/capacitorset).
- GitHub Enterprise Remote Code Execution (http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html) - Written by @iblue (https://github.com/iblue).
@@ -534,8 +536,7 @@
Deserialization
- ASP.NET resource files (.RESX) and deserialisation issues (https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by @irsdl 
(https://twitter.com/irsdl).
- ASP.NET resource files (.RESX) and deserialisation issues (https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/) - Written by @irsdl (https://twitter.com/irsdl).
OAuth
@@ -557,8 +558,7 @@
- The world of Site Isolation and compromised renderer (https://speakerdeck.com/shhnjk/the-world-of-site-isolation-and-compromised-renderer) - Written by @shhnjk (https://twitter.com/shhnjk).
- The Cookie Monster in Your Browsers (https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers) - Written by @filedescriptor (https://twitter.com/filedescriptor).
- Bypassing Mobile Browser Security For Fun And Profit (https://www.blackhat.com/docs/asia-16/materials/asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit-wp.pdf) - Written by @rafaybaloch 
(https://twitter.com/@rafaybaloch).
- Bypassing Mobile Browser Security For Fun And Profit (https://www.blackhat.com/docs/asia-16/materials/asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit-wp.pdf) - Written by @rafaybaloch (https://twitter.com/@rafaybaloch).
- The inception bar: a new phishing method (https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/) - Written by jameshfisher (https://jameshfisher.com/).
- JSON hijacking for the modern web (http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html) - Written by portswigger (https://portswigger.net/).
- IE11 Information disclosure - local file detection (https://www.facebook.com/ExploitWareLabs/photos/a.361854183878462.84544.338832389513975/1378579648872572/?type=3&theater) - Written by James Lee.
@@ -583,8 +583,8 @@
- A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by RET2 SYSTEMS, INC (https://blog.ret2.io/).
- CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. (https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/) - Written by Diary of a reverse-engineer (https://doar-e.github.io/).
- CLEANLY ESCAPING THE CHROME SANDBOX (https://theori.io/research/escaping-chrome-sandbox) - Written by @tjbecker_ (https://twitter.com/tjbecker_).
- A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by @PatrickBiernat (https://twitter.com/PatrickBiernat), @gaasedelen (https://twitter.com/gaasedelen) and 
@itszn13 (https://twitter.com/itszn13).
- A Methodical Approach to Browser Exploitation (https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/) - Written by @PatrickBiernat (https://twitter.com/PatrickBiernat), @gaasedelen (https://twitter.com/gaasedelen) and @itszn13 
(https://twitter.com/itszn13).
PoCs
@@ -649,8 +649,7 @@
Sub Domain Enumeration
- Sublist3r (https://github.com/aboul3la/Sublist3r) - Sublist3r is a multi-threaded sub-domain enumeration tool for penetration testers by @aboul3la (https://github.com/aboul3la).
- EyeWitness (https://github.com/ChrisTruncer/EyeWitness) - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible by @ChrisTruncer 
(https://github.com/ChrisTruncer).
- EyeWitness (https://github.com/ChrisTruncer/EyeWitness) - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible by @ChrisTruncer (https://github.com/ChrisTruncer).
- subDomainsBrute (https://github.com/lijiejie/subDomainsBrute) - A simple and fast sub domain brute tool for pentesters by @lijiejie (https://github.com/lijiejie).
- AQUATONE (https://github.com/michenriksen/aquatone) - Tool for Domain Flyovers by @michenriksen (https://github.com/michenriksen).
- domain_analyzer (https://github.com/eldraco/domain_analyzer) - Analyze the security of any domain by finding all the information possible by @eldraco (https://github.com/eldraco).
@@ -683,8 +682,7 @@
- wpscan (https://github.com/wpscanteam/wpscan) - WPScan is a black box WordPress vulnerability scanner by @wpscanteam (https://github.com/wpscanteam).
- JoomlaScan (https://github.com/drego85/JoomlaScan) - Free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan by @drego85 (https://github.com/drego85).
- WAScan (https://github.com/m4ll0k/WAScan) - Is an open source web application security scanner that uses "black-box" method, created by @m4ll0k (https://github.com/m4ll0k).
- Nuclei (https://github.com/projectdiscovery/nuclei) - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use by @projectdiscovery 
(https://github.com/projectdiscovery).
- Nuclei (https://github.com/projectdiscovery/nuclei) - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use by @projectdiscovery (https://github.com/projectdiscovery).
Penetration Testing
@@ -755,8 +753,8 @@
- malware-jail (https://github.com/HynekPetrak/malware-jail) - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by @HynekPetrak (https://github.com/HynekPetrak).
- repo-supervisor (https://github.com/auth0/repo-supervisor) - Scan your code for security misconfiguration, search for passwords and secrets.
- bXSS (https://github.com/LewisArdern/bXSS) - bXSS is a simple Blind XSS application adapted from cure53.de/m (https://cure53.de/m) by @LewisArdern (https://github.com/LewisArdern).
- OpenRASP (https://github.com/baidu/openrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance 
reduction is observed under heavy server load.
- OpenRASP (https://github.com/baidu/openrasp) - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is 
observed under heavy server load.
- GuardRails (https://github.com/apps/guardrails) - A GitHub App that provides security feedback in Pull Requests.
@@ -799,11 +797,11 @@
DNS Rebinding
- DNS Rebind Toolkit (https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN)
by @brannondorsey (https://github.com/brannondorsey)
- DNS Rebind Toolkit (https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by 
@brannondorsey (https://github.com/brannondorsey)
- dref (https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by @mwrlabs (https://github.com/mwrlabs)
- Singularity of Origin (https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit 
vulnerable software on the target machine by @nccgroup (https://github.com/nccgroup)
- Singularity of Origin (https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable 
software on the target machine by @nccgroup (https://github.com/nccgroup)
- Whonow DNS Server (https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by @brannondorsey (https://github.com/brannondorsey)
@@ -874,8 +872,7 @@
ModSecurity / OWASP ModSecurity Core Rule Set
- ModSecurity / OWASP ModSecurity Core Rule Set (https://www.netnea.com/cms/apache-tutorials/) - Series of tutorials to install, configure and tune ModSecurity and the Core Rule Set - Written by @ChrFolini 
(https://twitter.com/ChrFolini).
- ModSecurity / OWASP ModSecurity Core Rule Set (https://www.netnea.com/cms/apache-tutorials/) - Series of tutorials to install, configure and tune ModSecurity and the Core Rule Set - Written by @ChrFolini (https://twitter.com/ChrFolini).
Community
@@ -898,16 +895,16 @@
- Internet of Things Scanner (http://iotscanner.bullguard.com/) - Check if your internet-connected devices at home are public on Shodan by BullGuard (https://www.bullguard.com/).
- The Bug Hunters Methodology v2.1 (https://docs.google.com/presentation/d/1VpRT8dFyTaFpQa9jhehtmGaC7TqQniMSYbUdlHN6VrY/edit?usp=sharing) - Written by @jhaddix (https://twitter.com/jhaddix).
- $7.5k Google services mix-up (https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up) - Written by Ezequiel Pereira (https://sites.google.com/site/testsitehacking/).
- How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting 
(https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/) - Written by @fransrosen (https://twitter.com/fransrosen).
- How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting (https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issuing-lets-encrypt-ssl-certs-for-any-domain-using-shared-hosting/) - 
Written by @fransrosen (https://twitter.com/fransrosen).
- TL:DR: VPN leaks users IPs via WebRTC. Ive tested seventy VPN providers and 16 of them leaks users IPs via WebRTC (23%) (https://voidsec.com/vpn-leak/) - Written by voidsec (https://voidsec.com/).
- Escape and Evasion Egressing Restricted Networks (https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks) - Written by Chris Patten, Tom Steele (info@optiv.com).
- Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters (https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66) - 
Written by @umpox (https://medium.com/@umpox).
- Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters (https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66) - Written by 
@umpox (https://medium.com/@umpox).
- Domato Fuzzer's Generation Engine Internals (https://www.sigpwn.io/blog/2018/4/14/domato-fuzzers-generation-engine-internals) - Written by sigpwn (https://www.sigpwn.io/).
- CSS Is So Overpowered It Can Deanonymize Facebook Users (https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/) - Written by Ruslan Habalov (https://www.evonide.com/).
- Introduction to Web Application Security (https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by @itsC0rg1 (https://twitter.com/itsC0rg1), @jmkeads 
(https://twitter.com/jmkeads) and @matir (https://twitter.com/matir).
- Introduction to Web Application Security (https://www.slideshare.net/nragupathy/introduction-to-web-application-security-blackhoodie-us-2018) - Written by @itsC0rg1 (https://twitter.com/itsC0rg1), @jmkeads (https://twitter.com/jmkeads) and 
@matir (https://twitter.com/matir).
- Finding The Real Origin IPs Hiding Behind CloudFlare or TOR (https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/) - Written by Paul Dannewitz (https://www.secjuice.com/author/paul-dannewitz/).
- Why Facebook's api starts with a for loop (https://dev.to/antogarand/why-facebooks-api-starts-with-a-for-loop-1eob) - Written by @AntoGarand (https://twitter.com/AntoGarand).
- How I could have stolen your photos from Google - my first 3 bug bounty writeups (https://blog.avatao.com/How-I-could-steal-your-photos-from-Google/) - Written by @gergoturcsanyi (https://twitter.com/gergoturcsanyi).
@@ -932,3 +929,5 @@
!CC0 (http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg) (https://creativecommons.org/publicdomain/zero/1.0/)
To the extent possible under law, @qazbnm456 (https://qazbnm456.github.io/) has waived all copyright and related or neighboring rights to this work.
websecurity Github: https://github.com/qazbnm456/awesome-web-security