Web Security
Browse 407 web security tools
FEATURED
Detects and prevents SSRF attacks
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
A comprehensive cheat sheet providing SQLite-specific SQL injection techniques, payloads, and enumeration methods for security testing and penetration testing activities.
A comprehensive cheat sheet providing SQLite-specific SQL injection techniques, payloads, and enumeration methods for security testing and penetration testing activities.
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
Automatic tool for pentesting XSS attacks against different applications
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
ModSecurity is an open-source web application firewall that provides a flexible and scalable way to monitor and control HTTP traffic.
ModSecurity is an open-source web application firewall that provides a flexible and scalable way to monitor and control HTTP traffic.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.
w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.
A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
A security feature to prevent unexpected manipulation of fetched resources.
A security feature to prevent unexpected manipulation of fetched resources.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
