web-application-security

43 tools and resources

NEW

AWVS Logo

AWVS

0 (0)

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

Vulnerability Management
Free
appsecapp-securityweb-app-securityvulnerability-scanningvulnerability-assessmentweb-application-security
DShield Raspberry Pi Sensor Logo

DShield Raspberry Pi Sensor

0 (0)

The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.

Honeypots
Free
honeypotraspberry-picowrieweb-application-securitytelnetssh
BruteXSS Logo

BruteXSS

0 (0)

A tool to find XSS vulnerabilities in web applications

Malware Analysis
Free
xssvulnerability-scanningweb-securityweb-application-securitysecurity-testing
Liffy Logo

Liffy

0 (0)

A local file inclusion exploitation tool

Honeypots
Free
exploitlocal-file-inclusionweb-application-securityvulnerability-exploitation
Katana Logo

Katana

0 (0)

A next-generation crawling and spidering framework for extracting data from websites

Digital Forensics
Free
crawlingweb-scrapingweb-application-securitydata-extraction
Eagle Logo

Eagle

0 (0)

A multithreaded vulnerability scanner for web-based applications

Vulnerability Management
Free
vulnerability-scanningweb-application-securityvulnerability-detectionweb-security
httprebind Logo

httprebind

0 (0)

Automatic tool for DNS rebinding-based SSRF attacks

Offensive Security
Free
dns-rebindingssrfpenetration-testingsecurity-researchweb-application-security
extended-ssrf-search Logo

extended-ssrf-search

0 (0)

A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.

Network Security
Free
ssrfweb-application-securityvulnerability-scanningpenetration-testingsecurity-research
jaeles Logo

jaeles

0 (0)

Automated web application testing tool

Application Security
Free
appsecweb-application-securityvulnerability-scanningsecurity-testing
headi Logo

headi

0 (0)

A tool for automated HTTP header injection

Application Security
Free
security-testingvulnerability-scanningweb-application-security
Filebuster Logo

Filebuster

0 (0)

A fast and flexible web fuzzer for identifying vulnerabilities in web applications

Network Security
Free
web-app-securityfuzzingvulnerability-detectionweb-application-security
OWASP Joomla Vulnerability Scanner Logo

OWASP Joomla Vulnerability Scanner

0 (0)

A free and open-source tool for identifying vulnerabilities in Joomla-based websites.

Vulnerability Management
Free
vulnerability-scannersql-injectionxsscsrfweb-app-securityweb-application-security
Singularity Logo

Singularity

0 (0)

A DNS rebinding attack framework for security researchers and penetration testers.

Offensive Security
Free
dns-rebindingpenetration-testingsecurity-researchweb-application-securitynetwork-security
ParamSpider Logo

ParamSpider

0 (0)

A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Offensive Security
Free
bug-bountybug-huntingfuzzingsecurity-researchweb-application-securityweb-scraping
xsshunter Logo

xsshunter

0 (0)

A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssweb-application-securityvulnerability-scanning
OpenRedireX Logo

OpenRedireX

0 (0)

A fuzzer for detecting open redirect vulnerabilities

Vulnerability Management
Free
open-redirectvulnerability-scannerweb-application-securitypenetration-testingsecurity-research
Stack Honeypot Logo

Stack Honeypot

0 (0)

A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots

Application Security
Free
phphoneypotmiddlewaresecurityweb-application-security
dom-based-xss-finder Logo

dom-based-xss-finder

0 (0)

DOM-based XSS vulnerability scanner

Vulnerability Management
Free
xssweb-application-securityvulnerability-scanningchrome-extension
InsightAppSec Logo

InsightAppSec

0 (0)

Dynamic application security testing tool for identifying and fixing web application vulnerabilities.

Application Security
Commercial
appsecapplication-securityweb-application-securityvulnerability-scanning
OWASP TOP 10 Presentation Logo

OWASP TOP 10 Presentation

0 (0)

A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.

Vulnerability Management
Free
owaspweb-application-securitysecurity-risks

OWASP AppSec Europe '16

0 (0)

The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.

Miscellaneous
Free
appsecconferenceowaspsecurity-conferenceweb-application-security
Naxsi Logo

Naxsi

0 (0)

A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.

Application Security
Free
appsecnginxweb-securitysql-injectionxssweb-application-security
Glastopf Analytics Logo

Glastopf Analytics

0 (0)

A Python web application honeypot that provides simple statistics for the Glastopf.

Honeypots
Free
appsechoneypotpythonweb-application-securityanalytics
Raccoon Logo

Raccoon

0 (0)

Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.

Offensive Security
Free
dnsreconnaissanceport-scanningsubdomain-enumerationweb-application-security
timing_attack Logo

timing_attack

0 (0)

A tool to profile web applications based on response time discrepancies.

Application Security
Free
web-app-securityvulnerability-scanningtiming-attackweb-application-securitypenetration-testingsecurity-testing
Vulnerable Node Logo

Vulnerable Node

0 (0)

A vulnerable web site in NodeJS for testing security source code analyzers.

Vulnerability Management
Free
nodejssource-code-analysissecurity-testingweb-application-security
OpenRASP Logo

OpenRASP

0 (0)

OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.

Application Security
Free
appsecapplication-securityinstrumentationforensic-analysisweb-application-securitylinux
PortSwigger Logo

PortSwigger

0 (0)

A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.

Application Security
Free
appsecapp-securitybug-bountycompliancepenetration-testingweb-application-securityweb-security
Payloads All The Things Logo

Payloads All The Things

0 (0)

A list of useful payloads and bypasses for Web Application Security.

Offensive Security
Free
appsecappsec-toolweb-application-securitydns-rebindingblind-xssrebindingxss-scannerjwtjwt-security
NoSQLMap Logo

NoSQLMap

0 (0)

NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.

Vulnerability Management
Free
mongodbinjectionexploitweb-application-securitydatabase-security
Glastopf Logo

Glastopf

0 (0)

Python web application honeypot with vulnerability type emulation and modular design.

Honeypots
Free
honeypotweb-application-securityphpfile-inclusion
Modlishka Logo

Modlishka

0 (0)

Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.

Offensive Security
Free
reverse-proxypenetration-testingweb-application-securitysecurity-testing
BW-Pot Logo

BW-Pot

0 (0)

A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.

Honeypots
Free
honeypotweb-application-securitylog-analysisdockercloud-security
bWAPP Logo

bWAPP

0 (0)

A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.

Vulnerability Management
Free
appsecbug-bountyethical-hackingpenetration-testingphpweb-application-securityweb-security
Yasuo Logo

Yasuo

0 (0)

A ruby script that scans for vulnerable 3rd-party web applications

Vulnerability Management
Free
appsecappsec-toolvulnerability-scanningweb-application-securityred-teampenetration-testing
w3af Logo

w3af

0 (0)

Open source web application security scanner with 200+ vulnerability identification capabilities.

Vulnerability Management
Free
appsecapp-securityvulnerability-scanningweb-app-securityweb-application-securitypenetration-testingsecurity-scanning
Nodepot Logo

Nodepot

0 (0)

A nodejs web application honeypot designed for small environments.

Honeypots
Free
blue-teamhoneypotnodejsweb-application-security
SNARE Logo

SNARE

0 (0)

A web application honeypot sensor attracting malicious traffic from the Internet

Honeypots
Free
honeypotweb-application-security
Damn Small Vulnerable Web Logo

Damn Small Vulnerable Web

0 (0)

Deliberately vulnerable web application for educational purposes.

Application Security
Free
appsecappsec-testingvulnerable-appeducationalweb-app-securityweb-application-security

Wfuzz

0 (0)

Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.

Offensive Security
Free
appsecbruteforceinjectionweb-application-securityweb-security
modpot Logo

modpot

0 (0)

A modular web application honeypot framework with automation and logging capabilities.

Honeypots
Free
honeypotweb-application-securitygolangsecurity-automation
BeEF Logo

BeEF

0 (0)

BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.

Offensive Security
Free
penetration-testingweb-application-securitybrowser-securityexploitation-framework

Arachni

0 (0)

An open-source web application security scanner framework that identifies vulnerabilities in web applications.

Application Security
Free
appsecapp-securityweb-app-securityweb-application-securityvulnerability-scanningvulnerability-detection