Explore 64 curated tools and resources
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
A tool to find XSS vulnerabilities in web applications
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A golang utility to spider through a website searching for additional links.
A multithreaded vulnerability scanner for web-based applications
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A command-line tool for taking screenshots of web pages using Chrome Headless
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool for taking website screenshots and mobile emulations
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A Python library for exploiting race conditions in web apps
Express middleware for detecting and redirecting Tor or Surface users.
A simple, fast web crawler for discovering endpoints and assets in a web application
Technique used to forward one URL to another.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A Yara ruleset for detecting PHP shells and other webserver malware.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A low overhead rate limiter for your routes
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python-based tool for detecting XSS vulnerabilities
Important security headers for Fastify with granular control over application routes.
A crawler-based low-interaction client honeypot for exposing website threats.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
A web security tool that scans for vulnerabilities and known attacks.
A deliberately vulnerable modern day app with lots of DOM related bugs
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A security feature to prevent unexpected manipulation of fetched resources.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Cybersecurity industry portal offering articles, tools, and resources.
Cross-site scripting labs for web application security enthusiasts
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A popular free security tool for automatically finding security vulnerabilities in web applications
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.