58 tools and resources
A tool to find XSS vulnerabilities in web applications
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A golang utility to spider through a website searching for additional links.
A multithreaded vulnerability scanner for web-based applications
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A tool to fuzz query strings and identify vulnerabilities
A command-line tool for taking screenshots of web pages using Chrome Headless
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A simple SSRF-testing sheriff written in Go
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A simple web crawler written in Go
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool for taking website screenshots and mobile emulations
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A Python library for exploiting race conditions in web apps
Express middleware for detecting and redirecting Tor or Surface users.
A simple, fast web crawler for discovering endpoints and assets in a web application
Technique used to forward one URL to another.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A Yara ruleset for detecting PHP shells and other webserver malware.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A low overhead rate limiter for your routes
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python-based tool for detecting XSS vulnerabilities
Important security headers for Fastify with granular control over application routes.
Fast and simple way to check any HTTP Headers
A crawler-based low-interaction client honeypot for exposing website threats.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
A web security tool that scans for vulnerabilities and known attacks.
Detects and prevents SSRF attacks
A browser with XSS detection capabilities
A deliberately vulnerable modern day app with lots of DOM related bugs
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A security feature to prevent unexpected manipulation of fetched resources.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Cybersecurity industry portal offering articles, tools, and resources.
Cross-site scripting labs for web application security enthusiasts
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A popular free security tool for automatically finding security vulnerabilities in web applications
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
