Dynamic Application Security Testing

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities

IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.

Track postMessage usage with this Chrome Extension

DOM-based XSS vulnerability scanner

CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.

Automatic authorization enforcement detection extension for Burp Suite

A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.

Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.

MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.

NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.

Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.

A web security tool that scans for vulnerabilities and known attacks.

Detects and prevents SSRF attacks

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

GAUNTLT - Security and Rugged Testing tool

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.

A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.

ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.