claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// Security & Compliance

awesome-web-security

🐶 A curated list of Web Security materials and resources.

// Security & Compliance[ cli ][ api ][ web ][ mobile ][ claude ]#claude#awesome#awesome-list#list#penetration-testing#security#web#websecurity$open-sourceupdated 15 days ago
Actively maintained
91/100
last commit about 1 month ago
last release none
releases 0
open issues 1
// install
git clone https://github.com/qazbnm456/awesome-web-security

Awesome Web Security

awesome-web-security

🐶 Curated list of Web Security materials and resources.

Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.

Please read the contribution guidelines before contributing.


🌈 Want to strengthen your penetration skills?
I would recommend playing some awesome-ctfs.


If you enjoy this awesome list and would like to support it, check out my Patreon page :)
Also, don't forget to check out my repos 🐾 or say hi on X (formerly Twitter)!


🤖 Using an AI assistant?

This list also ships as a Claude Code Skill so AI agents can query it at runtime — no stale snapshot, always reads the latest data/index.json from master.

Install (one-liner, recommended):

npx skills add qazbnm456/awesome-web-security -a claude-code -g -y

Or inside Claude Code, use the plugin marketplace:

/plugin marketplace add qazbnm456/awesome-web-security
/plugin install awesome-web-security

For Codex, swap -a claude-code-a codex.

Then ask any web-security question and the skill activates on topics like XSS, SQLi, SSRF, JWT, OAuth, recon, WAF evasion, deserialization, SAML, CTF write-ups, and more. See skills/awesome-web-security/SKILL.md for the full trigger list.

Contents

Digests

Forums

Introduction

XSS - Cross-Site Scripting

Prototype Pollution

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

Clickjacking

SSRF - Server-Side Request Forgery

Web Cache Poisoning

Relative Path Overwrite

Open Redirect

Security Assertion Markup Language (SAML)

Upload

Rails

AngularJS

ReactJS

SSL/TLS

Webmail

NFS

AWS

Azure

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

DNS Rebinding

Deserialization

OAuth

JWT

Evasions

XXE

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Clickjacking

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

XXE

SSRF

Web Cache Poisoning

Header Injection

URL

Deserialization

OAuth

Others

Browser Exploitation

Frontend (like SOP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

PoCs

Database

Cheetsheets

Tools

Auditing

Command Injection

Reconnaissance

OSINT - Open-Source Intelligence

  • Censys - Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet by University of Michigan.
  • FOCA - FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans by ElevenPaths.
  • FOFA - Cyberspace Search Engine by BAIMAOHUI.
  • gitrob - Reconnaissance tool for GitHub organizations by @michenriksen.
  • GSIL - Github Sensitive Information Leakage(Github敏感信息泄露)by @FeeiCN.
  • NSFOCUS - THREAT INTELLIGENCE PORTAL by NSFOCUS GLOBAL.

view the full README on GitHub.

// compatibility

Platformscli, api, web, mobile
Operating systems
AI compatibilityclaude
License
Pricingopen-source
LanguagePython

// faq

What is awesome-web-security?

🐶 A curated list of Web Security materials and resources.. It is open-source on GitHub.

Is awesome-web-security free to use?

awesome-web-security is open-source, so it is free to use.

What category does awesome-web-security belong to?

awesome-web-security is listed under security in the Claudeers registry of Claude-compatible tools.

0 views
13,559 stars
unclaimed
updated 15 days ago

// embed badge

awesome-web-security on Claudeers
[![Claudeers](https://claudeers.com/api/badge/awesome-web-security.svg)](https://claudeers.com/awesome-web-security)

// retro hit counter

awesome-web-security hit counter
[![Hits](https://claudeers.com/api/counter/awesome-web-security.svg)](https://claudeers.com/awesome-web-security)

// reviews

// guestbook

0/500

// related in Security & Compliance

🔓

A complete AI agency at your fingertips - From frontend wizards to Reddit community ninjas, from whimsy injectors to reality checkers. Each agent is a specia…

// securitymsitarzewski/Shell126,507MIT[ claude ]
🔓

π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video.

// securityruvnet/Rust76,321MIT[ claude ]
🔓

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

// securityprowler-cloud/Python14,101Apache-2.0[ claude ]
🔓

sharing current agents in use

// securitycontains-studio/12,395[ claude ]

// built by

Ecosystem hubone of the most connected projects in the claude ecosystem · 24 connections
→ see how awesome-web-security connects across the ecosystem