Web Security
Browse 526 web security tools
FEATURED
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
Jaeles is an automated web application testing tool that helps identify vulnerabilities and security issues through customizable testing scenarios.
A Chrome browser extension that uses machine learning to detect and alert users about sensitive data exposure and potential data breaches across web environments.
A command-line tool that identifies and extracts parameters from HTTP requests and responses to assist with web application security testing and vulnerability assessment.
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
A security analysis tool that detects and analyzes open redirection vulnerabilities in web applications.
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through systematic testing and analysis.
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.
Deliberately vulnerable web application for security professionals to practice attack techniques.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
