Loading...

Popular Free Commercial Categories Tasks Blog

CyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

Copyright © 2025 - All rights reserved

LINKS

LEGAL

Terms of services Privacy policy

Web Application Security

Explore 48 curated tools and resources

Search by name, description, or purpose... (⌘+K)

Home
Tasks
Web Application Security

PINNED

Promoted • 4 tools

Commercial

Consulting

Commercial

Application Security

Commercial

Cloud Security

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

ImmuniWeb® On-Demand
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
0
Commercial
Application Security
Web Application Security
Penetration Testing
Api Security
Vulnerability Assessment
Compliance
Owasp
Pci Dss
Gdpr
Cloud Security
Devsecops
ImmuniWeb® On-Demand
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
0
Commercial
Application Security
Web Application Security
Penetration Testing
Api Security
+7
Tenable Web App Scanning
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
0
Commercial
Application Security
Vulnerability Management
Web Application Security
Attack Surface
Cloud Security
Tenable Web App Scanning
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
0
Commercial
Application Security
Vulnerability Management
Web Application Security
Attack Surface
+1
AWVS
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
0
Free
Vulnerability Management
Appsec
App Security
Web App Security
Vulnerability Scanning
Vulnerability Assessment
Web Application Security
AWVS
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
0
Free
Vulnerability Management
Appsec
App Security
Web App Security
+3
DShield Raspberry Pi Sensor
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
0
Free
Honeypots
Honeypot
Raspberry Pi
Cowrie
Web Application Security
Telnet
Ssh
DShield Raspberry Pi Sensor
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
0
Free
Honeypots
Honeypot
Raspberry Pi
Cowrie
+3
BruteXSS
A tool to find XSS vulnerabilities in web applications
0
Free
Malware Analysis
Xss
Vulnerability Scanning
Web Security
Web Application Security
Security Testing
BruteXSS
A tool to find XSS vulnerabilities in web applications
0
Free
Malware Analysis
Xss
Vulnerability Scanning
Web Security
+2
Liffy
A local file inclusion exploitation tool
0
Free
Honeypots
Exploit
Local File Inclusion
Web Application Security
Vulnerability Exploitation
Liffy
A local file inclusion exploitation tool
0
Free
Honeypots
Exploit
Local File Inclusion
Web Application Security
+1
Katana
A next-generation crawling and spidering framework for extracting data from websites
0
Free
Digital Forensics
Crawling
Web Scraping
Web Application Security
Data Extraction
Katana
A next-generation crawling and spidering framework for extracting data from websites
0
Free
Digital Forensics
Crawling
Web Scraping
Web Application Security
+1
Eagle
A multithreaded vulnerability scanner for web-based applications
0
Free
Vulnerability Management
Vulnerability Scanning
Web Application Security
Vulnerability Detection
Web Security
Eagle
A multithreaded vulnerability scanner for web-based applications
0
Free
Vulnerability Management
Vulnerability Scanning
Web Application Security
Vulnerability Detection
+1
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
Security Research
Web Application Security
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
+2
LinksDumper
LinksDumper extracts links and potential endpoints from HTTP responses with filtering capabilities for web application security testing.
0
Free
Application Security
Application Security
Web Security
Reconnaissance
Penetration Testing
Web Application Security
Security Testing
Appsec
Enumeration
LinksDumper
LinksDumper extracts links and potential endpoints from HTTP responses with filtering capabilities for web application security testing.
0
Free
Application Security
Application Security
Web Security
Reconnaissance
+5
extended-ssrf-search
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
0
Free
Network Security
Ssrf
Web Application Security
Vulnerability Scanning
Penetration Testing
Security Research
extended-ssrf-search
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
0
Free
Network Security
Ssrf
Web Application Security
Vulnerability Scanning
+2
jaeles
Automated web application testing tool
0
Free
Application Security
Appsec
Web Application Security
Vulnerability Scanning
Security Testing
jaeles
Automated web application testing tool
0
Free
Application Security
Appsec
Web Application Security
Vulnerability Scanning
+1
headi
A tool for automated HTTP header injection
0
Free
Application Security
Security Testing
Vulnerability Scanning
Web Application Security
headi
A tool for automated HTTP header injection
0
Free
Application Security
Security Testing
Vulnerability Scanning
Web Application Security
Filebuster
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
0
Free
Network Security
Web App Security
Fuzzing
Vulnerability Detection
Web Application Security
Filebuster
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
0
Free
Network Security
Web App Security
Fuzzing
Vulnerability Detection
+1
OWASP Joomla Vulnerability Scanner
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
0
Free
Vulnerability Management
Vulnerability Scanner
Sql Injection
Xss
Csrf
Web App Security
Web Application Security
OWASP Joomla Vulnerability Scanner
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
0
Free
Vulnerability Management
Vulnerability Scanner
Sql Injection
Xss
+3
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
Web Application Security
Network Security
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
+2
SSTImap
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
0
Free
Application Security
Application Security
Vulnerability Scanner
Web Security
Penetration Testing
Security Testing
Vulnerability Detection
Web Application Security
Injection
Interactive
SSTImap
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
0
Free
Application Security
Application Security
Vulnerability Scanner
Web Security
+6
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
0
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
Security Research
Web Application Security
Web Scraping
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
0
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
+3
xsshunter
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
0
Free
Malware Analysis
Xss
Web Application Security
Vulnerability Scanning
xsshunter
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
0
Free
Malware Analysis
Xss
Web Application Security
Vulnerability Scanning
OpenRedireX
A fuzzer for detecting open redirect vulnerabilities
0
Free
Vulnerability Management
Open Redirect
Vulnerability Scanner
Web Application Security
Penetration Testing
Security Research
OpenRedireX
A fuzzer for detecting open redirect vulnerabilities
0
Free
Vulnerability Management
Open Redirect
Vulnerability Scanner
Web Application Security
+2
Stack Honeypot
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
0
Free
Application Security
Php
Honeypot
Middleware
Security
Web Application Security
Stack Honeypot
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
0
Free
Application Security
Php
Honeypot
Middleware
+2
dom-based-xss-finder
DOM-based XSS vulnerability scanner
0
Free
Vulnerability Management
Xss
Web Application Security
Vulnerability Scanning
Chrome Extension
dom-based-xss-finder
DOM-based XSS vulnerability scanner
0
Free
Vulnerability Management
Xss
Web Application Security
Vulnerability Scanning
+1
InsightAppSec
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
0
Commercial
Application Security
Appsec
Application Security
Web Application Security
Vulnerability Scanning
InsightAppSec
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
0
Commercial
Application Security
Appsec
Application Security
Web Application Security
+1
OWASP TOP 10 Presentation
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
0
Free
Vulnerability Management
Owasp
Web Application Security
Security Risks
OWASP TOP 10 Presentation
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
0
Free
Vulnerability Management
Owasp
Web Application Security
Security Risks
OWASP AppSec Europe '16
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
0
Free
Miscellaneous
Appsec
Conference
Owasp
Security Conference
Web Application Security
OWASP AppSec Europe '16
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
0
Free
Miscellaneous
Appsec
Conference
Owasp
+2
Naxsi
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
0
Free
Application Security
Appsec
Nginx
Web Security
Sql Injection
Xss
Web Application Security
Naxsi
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
0
Free
Application Security
Appsec
Nginx
Web Security
+3
Glastopf Analytics
A Python web application honeypot that provides simple statistics for the Glastopf.
0
Free
Honeypots
Appsec
Honeypot
Python
Web Application Security
Analytics
Glastopf Analytics
A Python web application honeypot that provides simple statistics for the Glastopf.
0
Free
Honeypots
Appsec
Honeypot
Python
+2
Raccoon
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
0
Free
Offensive Security
Dns
Reconnaissance
Port Scanning
Subdomain Enumeration
Web Application Security
Raccoon
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
0
Free
Offensive Security
Dns
Reconnaissance
Port Scanning
+2
timing_attack
A tool to profile web applications based on response time discrepancies.
0
Free
Application Security
Web App Security
Vulnerability Scanning
Timing Attack
Web Application Security
Penetration Testing
Security Testing
timing_attack
A tool to profile web applications based on response time discrepancies.
0
Free
Application Security
Web App Security
Vulnerability Scanning
Timing Attack
+3
Vulnerable Node
A vulnerable web site in NodeJS for testing security source code analyzers.
0
Free
Vulnerability Management
Nodejs
Source Code Analysis
Security Testing
Web Application Security
Vulnerable Node
A vulnerable web site in NodeJS for testing security source code analyzers.
0
Free
Vulnerability Management
Nodejs
Source Code Analysis
Security Testing
+1
OpenRASP
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
0
Free
Application Security
Appsec
Application Security
Instrumentation
Forensic Analysis
Web Application Security
Linux
OpenRASP
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
0
Free
Application Security
Appsec
Application Security
Instrumentation
+3
PortSwigger
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
0
Free
Application Security
Appsec
App Security
Bug Bounty
Compliance
Penetration Testing
Web Application Security
Web Security
PortSwigger
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
0
Free
Application Security
Appsec
App Security
Bug Bounty
+4
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
0
Free
Offensive Security
Appsec
Appsec Tool
Web Application Security
Dns Rebinding
Blind Xss
Rebinding
Xss Scanner
Jwt
Jwt Security
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security.
0
Free
Offensive Security
Appsec
Appsec Tool
Web Application Security
+6
NoSQLMap
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
0
Free
Vulnerability Management
Mongodb
Injection
Exploit
Web Application Security
Database Security
NoSQLMap
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
0
Free
Vulnerability Management
Mongodb
Injection
Exploit
+2
Glastopf
Python web application honeypot with vulnerability type emulation and modular design.
0
Free
Honeypots
Honeypot
Web Application Security
Php
File Inclusion
Glastopf
Python web application honeypot with vulnerability type emulation and modular design.
0
Free
Honeypots
Honeypot
Web Application Security
Php
+1
Modlishka
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
0
Free
Offensive Security
Reverse Proxy
Penetration Testing
Web Application Security
Security Testing
Modlishka
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
0
Free
Offensive Security
Reverse Proxy
Penetration Testing
Web Application Security
+1
BW-Pot
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
0
Free
Honeypots
Honeypot
Web Application Security
Log Analysis
Docker
Cloud Security
BW-Pot
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
0
Free
Honeypots
Honeypot
Web Application Security
Log Analysis
+2
bWAPP
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
0
Free
Vulnerability Management
Appsec
Bug Bounty
Ethical Hacking
Penetration Testing
Php
Web Application Security
Web Security
bWAPP
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
0
Free
Vulnerability Management
Appsec
Bug Bounty
Ethical Hacking
+4
Yasuo
A ruby script that scans for vulnerable 3rd-party web applications
0
Free
Vulnerability Management
Appsec
Appsec Tool
Vulnerability Scanning
Web Application Security
Red Team
Penetration Testing
Yasuo
A ruby script that scans for vulnerable 3rd-party web applications
0
Free
Vulnerability Management
Appsec
Appsec Tool
Vulnerability Scanning
+3
w3af
Open source web application security scanner with 200+ vulnerability identification capabilities.
0
Free
Vulnerability Management
Appsec
App Security
Vulnerability Scanning
Web App Security
Web Application Security
Penetration Testing
Security Scanning
w3af
Open source web application security scanner with 200+ vulnerability identification capabilities.
0
Free
Vulnerability Management
Appsec
App Security
Vulnerability Scanning
+4
Nodepot
A nodejs web application honeypot designed for small environments.
0
Free
Honeypots
Blue Team
Honeypot
Nodejs
Web Application Security
Nodepot
A nodejs web application honeypot designed for small environments.
0
Free
Honeypots
Blue Team
Honeypot
Nodejs
+1
SNARE
A web application honeypot sensor attracting malicious traffic from the Internet
0
Free
Honeypots
Honeypot
Web Application Security
SNARE
A web application honeypot sensor attracting malicious traffic from the Internet
0
Free
Honeypots
Honeypot
Web Application Security
Damn Small Vulnerable Web
Deliberately vulnerable web application for educational purposes.
0
Free
Application Security
Appsec
Appsec Testing
Vulnerable App
Educational
Web App Security
Web Application Security
Damn Small Vulnerable Web
Deliberately vulnerable web application for educational purposes.
0
Free
Application Security
Appsec
Appsec Testing
Vulnerable App
+3
Web Application Exploits and Defenses
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
0
Free
Application Security
Educational
Web Application Security
Xss
Csrf
Application Security
Training
Vulnerability Exploitation
Web Security
Security Training
Web Application Exploits and Defenses
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
0
Free
Application Security
Educational
Web Application Security
Xss
+6
Wfuzz
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
0
Free
Offensive Security
Appsec
Bruteforce
Injection
Web Application Security
Web Security
Wfuzz
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
0
Free
Offensive Security
Appsec
Bruteforce
Injection
+2
modpot
A modular web application honeypot framework with automation and logging capabilities.
0
Free
Honeypots
Honeypot
Web Application Security
Golang
Security Automation
modpot
A modular web application honeypot framework with automation and logging capabilities.
0
Free
Honeypots
Honeypot
Web Application Security
Golang
+1
BeEF
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
0
Free
Offensive Security
Penetration Testing
Web Application Security
Browser Security
Exploitation Framework
BeEF
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
0
Free
Offensive Security
Penetration Testing
Web Application Security
Browser Security
+1
Arachni
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
0
Free
Application Security
Appsec
App Security
Web App Security
Web Application Security
Vulnerability Scanning
Vulnerability Detection
Arachni
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
0
Free
Application Security
Appsec
App Security
Web App Security
+3

1
2
Next