Security Testing
Browse 536 security testing tools
FEATURED
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Detects and prevents SSRF attacks
A comprehensive cheat sheet providing SQLite-specific SQL injection techniques, payloads, and enumeration methods for security testing and penetration testing activities.
A comprehensive cheat sheet providing SQLite-specific SQL injection techniques, payloads, and enumeration methods for security testing and penetration testing activities.
Frontpage of the IO wargame with various versions and connection details.
Frontpage of the IO wargame with various versions and connection details.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
A simple Docker-based honeypot to detect port scanning
GAUNTLT - Security and Rugged Testing tool
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
A low-interaction SSH honeypot tool for recording authentication attempts.
A low-interaction SSH honeypot tool for recording authentication attempts.
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
Script for turning a Raspberry Pi into a Honey Pot Pi with various monitoring and logging capabilities.
A script for setting up a dionaea and kippo honeypot using Docker images.
A script for setting up a dionaea and kippo honeypot using Docker images.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
High interaction honeypot solution for Linux systems with data control and integrity features.
High interaction honeypot solution for Linux systems with data control and integrity features.
Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.
Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
Fake SSH server that sends push notifications for login attempts
Fake SSH server that sends push notifications for login attempts
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
