Explore 99 curated tools and resources
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A tool to find XSS vulnerabilities in web applications
An open-source attack surface management platform for identifying and managing vulnerabilities
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A small script to check a list of domains against open redirect vulnerability
A tool for finding and exploiting SQL injection vulnerabilities in web applications
WPRecon is a tool for recognizing vulnerabilities and blackbox information for WordPress.
A multithreaded vulnerability scanner for web-based applications
A tool to escalate SSRF vulnerabilities on modern cloud environments
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
A powerful tool for finding and exploiting subdomain takeover vulnerabilities
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A Burp intruder extender for automating and validating XSS vulnerabilities
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A tool for testing subdomain takeover possibilities at a mass scale.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Burp extension for identifying cloud buckets and testing for vulnerabilities
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
DOM-based XSS vulnerability scanner
Audits JavaScript projects for known vulnerabilities and outdated package versions using OSS Index v3 REST API.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A simple, fast web crawler for discovering endpoints and assets in a web application
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
A Burp plugin for identifying potential vulnerabilities in web applications
A runtime threat management and attack path enumeration tool for cloud-native environments
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
Check for known vulnerabilities in your Node.js installation.
A tool for generating permutations, alterations and mutations of subdomains and resolving them
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
A series of small test cases designed to exercise different parts of a static security analyzer
A tool to profile web applications based on response time discrepancies.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A tool for detecting and exploiting Android application vulnerabilities
Second-order subdomain takeover scanner
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
WordPress security scanner for identifying vulnerabilities in WordPress websites.
Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.
Android vulnerability analysis system with efficient scanning and high accuracy.
A massive SQL injection vulnerability scanner
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
A web security tool that scans for vulnerabilities and known attacks.
Automates SQL injection detection and exploitation
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments
Automatic tool for pentesting XSS attacks against different applications
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
Automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
A centralized platform for managing open source components and automating software supply chain security.
A tool to find and search for registered CVEs, creating a local CVE database for offline use.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A free online tool that scans and fixes common security issues in WordPress websites.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
An open source project for static analysis of vulnerabilities in application containers
Simple script to check a domain's email protections and identify vulnerabilities.
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
Web-application vulnerability scanner with extensive coverage of security testing modules.
Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
Automate version scraping and vulnerability scanning for Ruby on Rails stacks.
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
Automate the search for Exploits and Vulnerabilities in important databases.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
An Open Source supply chain security and auditing tool that tracks projects and dependencies, monitoring for vulnerabilities and issues.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.