Explore 95 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Pentera Surface is an external attack surface management platform that continuously maps, monitors, and validates web-facing assets through automated reconnaissance and safe exploitation testing.
Pentera Surface is an external attack surface management platform that continuously maps, monitors, and validates web-facing assets through automated reconnaissance and safe exploitation testing.
A professional web application security testing service that performs comprehensive black-box security assessments covering OWASP Top 10 vulnerabilities with manual validation and detailed reporting.
A professional web application security testing service that performs comprehensive black-box security assessments covering OWASP Top 10 vulnerabilities with manual validation and detailed reporting.
A comprehensive application security service provider offering manual penetration testing, vulnerability assessment, and security solutions across various industries.
A comprehensive application security service provider offering manual penetration testing, vulnerability assessment, and security solutions across various industries.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.
ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.
An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.
An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.
An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.
An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A powerful directory/file, DNS and VHost busting tool written in Go.
A simple snippet to increment ../ on the URL.
Fast passive subdomain enumeration tool
A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.
A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
Jaeles is an automated web application testing tool that helps identify vulnerabilities and security issues through customizable testing scenarios.
Jaeles is an automated web application testing tool that helps identify vulnerabilities and security issues through customizable testing scenarios.
A command-line tool that identifies and extracts parameters from HTTP requests and responses to assist with web application security testing and vulnerability assessment.
A command-line tool that identifies and extracts parameters from HTTP requests and responses to assist with web application security testing and vulnerability assessment.
A security analysis tool that detects and analyzes open redirection vulnerabilities in web applications.
A security analysis tool that detects and analyzes open redirection vulnerabilities in web applications.
A security tool that performs whitebox evaluation of S3 object permissions to identify publicly accessible files and generate reports on potential exposure risks.
A security tool that performs whitebox evaluation of S3 object permissions to identify publicly accessible files and generate reports on potential exposure risks.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A bash script for scanning a target network for HTTP resources through XXE
A bash script for scanning a target network for HTTP resources through XXE
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A tool to discover new target domains using Content Security Policy
S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.
S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.
A PowerShell security assessment script that evaluates Siemens SIMATIC PCS 7 industrial control systems for security misconfigurations and vulnerabilities.
A PowerShell security assessment script that evaluates Siemens SIMATIC PCS 7 industrial control systems for security misconfigurations and vulnerabilities.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
Powerfully simple endpoint security solution that takes down threats without interrupting business.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
OWASP Project for making vulnerability management easier.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
CloudJack identifies subdomain hijacking vulnerabilities in AWS accounts by detecting misconfigurations between Route53 DNS aliases and CloudFront distributions.
CloudJack identifies subdomain hijacking vulnerabilities in AWS accounts by detecting misconfigurations between Route53 DNS aliases and CloudFront distributions.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.
AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.
Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.
A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.
A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A list of Windows privilege escalation techniques, categorized and explained in detail.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.
A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.
AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.
CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.
Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.
CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.
CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.
Hands-on cybersecurity training and testing platform with 1800+ labs
Hands-on cybersecurity training and testing platform with 1800+ labs
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.
SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
A platform providing an activity feed on exploited vulnerabilities.
A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.
A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.
MetaHub is an open-source vulnerability management tool that provides impact-contextual analysis of security findings in AWS environments through automated contextualization, ownership identification, and prioritization scoring.
MetaHub is an open-source vulnerability management tool that provides impact-contextual analysis of security findings in AWS environments through automated contextualization, ownership identification, and prioritization scoring.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A wargaming network for penetration testers to practice their skills in a realistic environment.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.
A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.