Security Testing
Explore 250 curated cybersecurity tools, with 14,237+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
A simple file format fuzzer for Android that can fuzz multiple readers at once
A simple file format fuzzer for Android that can fuzz multiple readers at once
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
Endlessh is an SSH tarpit that traps SSH clients by sending an endless, random SSH banner.
Endlessh is an SSH tarpit that traps SSH clients by sending an endless, random SSH banner.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.
Automatic authorization enforcement detection extension for Burp Suite
Automatic authorization enforcement detection extension for Burp Suite
A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.
A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
A utility to generate malicious network traffic for security evaluation.
A utility to generate malicious network traffic for security evaluation.
Tango is a set of scripts and Splunk apps for deploying honeypots with ease.
Tango is a set of scripts and Splunk apps for deploying honeypots with ease.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.
MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.
A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.
