MCPcopy
hub / github.com/qazbnm456/awesome-web-security

github.com/qazbnm456/awesome-web-security @main sqlite

repository ↗ · DeepWiki ↗
102 symbols 290 edges 8 files 44 documented · 43%
README

Awesome Web Security - ZH Awesome

🐶 Curated list of Web Security materials and resources.

Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques, and I highly encourage you to read this article "So you want to be a web security researcher?" first.

Please read the contribution guidelines before contributing.


🌈 Want to strengthen your penetration skills?

I would recommend playing some awesome-ctfs.


If you enjoy this awesome list and would like to support it, check out my Patreon page :)

Also, don't forget to check out my repos 🐾 or say hi on X (formerly Twitter)!


🤖 Using an AI assistant?

This list also ships as a Claude Code Skill so AI agents can query it at runtime — no stale snapshot, always reads the latest data/index.json from master.

Install (one-liner, recommended):

npx skills add qazbnm456/awesome-web-security -a claude-code -g -y

Or inside Claude Code, use the plugin marketplace:

/plugin marketplace add qazbnm456/awesome-web-security
/plugin install awesome-web-security

For Codex, swap -a claude-code-a codex.

Then ask any web-security question and the skill activates on topics like XSS, SQLi, SSRF, JWT, OAuth, recon, WAF evasion, deserialization, SAML, CTF write-ups, and more. See skills/awesome-web-security/SKILL.md for the full trigger list.

Contents

Digests

Forums

Introduction

XSS - Cross-Site Scripting

Prototype Pollution

CSV Injection

SQL Injection

Command Injection

Core symbols most depended-on inside this repo

yaml_str
called by 19
scripts/migrate.py
parse_yaml
called by 7
scripts/generate.py
clamp_dim
called by 5
scripts/ci/pr_review.py
cell
called by 5
scripts/ci/pr_review.py
yaml_decode_scalar
called by 4
scripts/generate.py
slugify
called by 4
scripts/migrate.py
parse_entries
called by 4
scripts/ci/archive.py
entry_matches_lang
called by 3
scripts/generate.py

Shape

Function 92
Class 6
Method 4

Languages

Python100%

Modules by API surface

scripts/ci/pr_review.py28 symbols
scripts/migrate.py20 symbols
scripts/ci/triage_dead_links.py19 symbols
scripts/generate.py15 symbols
scripts/ci/port_legacy_pr.py7 symbols
scripts/ci/archive.py6 symbols
scripts/verify_anchors.py4 symbols
scripts/verify_schema.py3 symbols

For agents

$ claude mcp add awesome-web-security \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact