Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications. Task: Penetration TestingExplore 24 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
A list of vulnerable applications for testing and learning
A list of vulnerable applications for testing and learning
HTTP parameter discovery suite
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
A fuzzer for detecting open redirect vulnerabilities
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
A massive SQL injection vulnerability scanner
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
Automates SQL injection detection and exploitation
iOS application for testing iOS penetration testing skills in a legal environment.
iOS application for testing iOS penetration testing skills in a legal environment.
A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.
A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.
A VMware image for penetration testing purposes
A VMware image for penetration testing purposes
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Open source security auditing tool to search and dump system configuration.
Open source security auditing tool to search and dump system configuration.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
Simple script to check a domain's email protections and identify vulnerabilities.
Simple script to check a domain's email protections and identify vulnerabilities.
Automate the search for Exploits and Vulnerabilities in important databases.
Automate the search for Exploits and Vulnerabilities in important databases.
Vulnerable web application for beginners in penetration testing.
Vulnerable web application for beginners in penetration testing.