Explore 48 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
A tool to find XSS vulnerabilities in web applications
A local file inclusion exploitation tool
A next-generation crawling and spidering framework for extracting data from websites
A next-generation crawling and spidering framework for extracting data from websites
A multithreaded vulnerability scanner for web-based applications
Automatic tool for DNS rebinding-based SSRF attacks
LinksDumper extracts links and potential endpoints from HTTP responses with filtering capabilities for web application security testing.
LinksDumper extracts links and potential endpoints from HTTP responses with filtering capabilities for web application security testing.
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A fuzzer for detecting open redirect vulnerabilities
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
DOM-based XSS vulnerability scanner
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python web application honeypot that provides simple statistics for the Glastopf.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A tool to profile web applications based on response time discrepancies.
A tool to profile web applications based on response time discrepancies.
A vulnerable web site in NodeJS for testing security source code analyzers.
A vulnerable web site in NodeJS for testing security source code analyzers.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A list of useful payloads and bypasses for Web Application Security.
A list of useful payloads and bypasses for Web Application Security.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Python web application honeypot with vulnerability type emulation and modular design.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A ruby script that scans for vulnerable 3rd-party web applications
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
Open source web application security scanner with 200+ vulnerability identification capabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
Deliberately vulnerable web application for educational purposes.
Deliberately vulnerable web application for educational purposes.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A modular web application honeypot framework with automation and logging capabilities.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.