Security Testing
Explore 250 curated cybersecurity tools, with 14,237+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A collection of tips and tricks for container and container orchestration hacking and security testing.
A collection of tips and tricks for container and container orchestration hacking and security testing.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
CHIPSEC is a cross-platform framework for analyzing PC platform security, including hardware, BIOS/UEFI firmware, and low-level system components.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.
A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
A Docker container that starts a SSH honeypot and reports statistics to the SANS ISC DShield project
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library with a focus on speed, reliability, and ease of integration.
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library with a focus on speed, reliability, and ease of integration.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A wargaming network for penetration testers to practice their skills in a realistic environment.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
