Explore 21 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A fast and simple DOM based XSS vulnerability scanner
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A simple Python script to test for a hypothetical JWT vulnerability
A simple Python script to test for a hypothetical JWT vulnerability
A project providing honeypots for embedded device vulnerabilities with support for AWS integration and JSON output.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
iOS application for testing iOS penetration testing skills in a legal environment.
iOS application for testing iOS penetration testing skills in a legal environment.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
A comprehensive database of exploits and vulnerabilities for researchers and professionals
A blog post discussing the often overlooked dangers of CSV injection in applications.
A blog post discussing the often overlooked dangers of CSV injection in applications.
A community website for API security news, vulnerabilities, and best practices
A community website for API security news, vulnerabilities, and best practices