Explore 70 curated tools and resources
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A fast and simple recursive content discovery tool
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A simple snippet to increment ../ on the URL.
A tool for finding and exploiting SQL injection vulnerabilities in web applications
A python tool for discovering endpoints, parameters, and wordlists in a given target
A Python-based web application scanner for OSINT and fuzzing OWASP vulnerabilities
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A collection of tools for extracting and analyzing information from .git repositories
A tool for detecting and exploiting vulnerabilities in web applications
A Python library for exploiting race conditions in web apps
IronBee is an open source project building a universal web application security sensor.
Deliberately vulnerable web application for security professionals to practice attack techniques.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
Web server scanner for identifying security vulnerabilities.
A tool to scan for CORS misconfigurations in web applications
A deliberately insecure web application for teaching web application security lessons maintained by OWASP.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
Modular framework for web services penetration testing with support for various attacks.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A simple command-line tool that scans a website for CORS misconfigurations
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
A tool for identifying potential security vulnerabilities in web applications
A Python-based tool for detecting XSS vulnerabilities
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
A tool to profile web applications based on response time discrepancies.
A penetration testing tool that focuses on web browser exploitation
A Linux-based environment for penetration testing and vulnerability exploitation
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
A vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigurations.
A PHP/MySQL web application designed to aid security professionals in testing their skills and tools in a legal environment.
Automatic tool for pentesting XSS attacks against different applications
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
ModSecurity is an open-source web application firewall that provides a flexible and scalable way to monitor and control HTTP traffic.
Open source web application security scanner with 200+ vulnerability identification capabilities.
Automated vulnerability discovery tool for Cake PHP framework with limited false positives.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
A free online tool that scans and fixes common security issues in WordPress websites.
A popular free security tool for automatically finding security vulnerabilities in web applications
Deliberately vulnerable web application for educational purposes.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
Web-application vulnerability scanner with extensive coverage of security testing modules.
A blog post discussing the often overlooked dangers of CSV injection in applications.
A tool for automated security scanning of web applications and manual penetration testing.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
A vulnerable web site for testing Sentinel features
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
A Burp Suite content discovery plugin that adds smart functionality to the Buster plugin.
Vulnerable web application for beginners in penetration testing.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.