Dynamic Application Security Testing Tools

B-XSSRF

A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities

InQL

InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection

N-Stalker

A web security tool that scans for vulnerabilities and known attacks.

Acunetix Vulnerability Scanner

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

Wapiti

Web-application vulnerability scanner with extensive coverage of security testing modules.

Paros

A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.

ZAP The Zed Attack Proxy

ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.

Cyclops

A browser with XSS detection capabilities

Dockerfiles for Testing

Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.

IronBee

IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.

Introspy-Android

Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.

DOMPurify

DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.

Burp-Yara-Rules

A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.

w3af

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

CakeFuzzer

CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.

Yara-Scanner

A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.

ConDroid

ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.

CSP Auditor

A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.

PAPIMonitor

Python tool for monitoring user-select APIs in Android apps using Frida.

PortSwigger

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.