Explore 43 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A fast and simple DOM based XSS vulnerability scanner
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
Fast and customizable vulnerability scanner
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
A tool for Local File Inclusion (LFI) exploitation and scanning
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.
CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.
S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
Web server scanner for identifying security vulnerabilities.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
A JavaScript scanner built in PHP for scraping URLs and other information.
A JavaScript scanner built in PHP for scraping URLs and other information.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.
Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.
A massive SQL injection vulnerability scanner
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.
SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
Management portal for LoKi scanner with centralized database for scanning activities.
Management portal for LoKi scanner with centralized database for scanning activities.
A collection of tools that can be used with Honeyd for data analysis or other purposes
A collection of tools that can be used with Honeyd for data analysis or other purposes
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A simple, self-contained modular host-based IOC scanner for incident responders.
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.