Automatic SQL injection and database takeover tool

Source code for Hacker101.com - a free online web and mobile security class.

Damn Vulnerable Web Application (DVWA)

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.

w3af: web application attack and audit framework, the open source web vulnerability scanner.

🎯 SQL Injection Payload List

Web Application Security Scanner Framework

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Top disclosed reports from HackerOne

Automated NoSQL database enumeration and web application exploitation tool.

A cheat sheet that contains advanced queries for SQL Injection of all types.

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

jSQL Injection is a Java application for automatic SQL database injection.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

massive SQL injection vulnerability scanner

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

wide range mass audit toolkit

Advanced reconnaissance utility

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Database firewall written in Go