Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications.Explore 165 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
JavaScript library scanner and SBOM generator
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A virtual host scanner with the ability to detect catch-all scenarios, aliases, and dynamic default pages, presented at SecTalks BNE in September 2017.
A virtual host scanner with the ability to detect catch-all scenarios, aliases, and dynamic default pages, presented at SecTalks BNE in September 2017.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
A fuzzer for detecting open redirect vulnerabilities
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
DOM-based XSS vulnerability scanner
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A wargame designed to test your hacking skills and knowledge
Audits JavaScript projects for known vulnerabilities and outdated package versions using OSS Index v3 REST API.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A collection of 132 exploits added to Packet Storm in April 2024
A collection of 132 exploits added to Packet Storm in April 2024
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool to run YARA rules against node_module folders to identify suspicious scripts
A JavaScript scanner built in PHP for scraping URLs and other information.
A JavaScript scanner built in PHP for scraping URLs and other information.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
A vulnerable Android application demonstrating various security issues and vulnerabilities
A vulnerable Android application demonstrating various security issues and vulnerabilities
A Pythonic interface to the Internet Storm Center / DShield API