57 tools and resources
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A simple snippet to increment ../ on the URL.
A small script to check a list of domains against open redirect vulnerability
A multithreaded vulnerability scanner for web-based applications
A tool to fuzz query strings and identify vulnerabilities
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
A Burp extension for scanning JavaScript files for endpoint links
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A tool for identifying sensitive secrets in public GitHub repositories
Pre-commit hook for validating outgoing changeset
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A tool for analyzing pentest screenshots using a convolutional neural network
JavaScript library scanner and SBOM generator
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A sensitive data detection tool for scanning source code repositories
IronBee is an open source project building a universal web application security sensor.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A comprehensive collection of security assessment lists for security testers.
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A tool to scan for CORS misconfigurations in web applications
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A tool for identifying potential security vulnerabilities in web applications
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
Tool to inform about potential risks in project dependencies list.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A tool for dynamic analysis of mobile applications in a controlled environment.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
Detects and prevents SSRF attacks
A tool that reveals invisible links within JavaScript files
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
A platform providing an activity feed on exploited vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
ESLint plugin to prevent Trojan Source attacks.
Identifies misconfigured CloudFront domains vulnerable to hijacking
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Vulnerable Android application for learning security concepts.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
