Web Security
Explore 64 curated tools and resources
LATEST ADDITIONS
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
A tool to find XSS vulnerabilities in web applications
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A golang utility to spider through a website searching for additional links.
A multithreaded vulnerability scanner for web-based applications
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A command-line tool for taking screenshots of web pages using Chrome Headless
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool for taking website screenshots and mobile emulations
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A Python library for exploiting race conditions in web apps
Express middleware for detecting and redirecting Tor or Surface users.
A simple, fast web crawler for discovering endpoints and assets in a web application
Technique used to forward one URL to another.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A Yara ruleset for detecting PHP shells and other webserver malware.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A low overhead rate limiter for your routes
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python-based tool for detecting XSS vulnerabilities
Important security headers for Fastify with granular control over application routes.
A crawler-based low-interaction client honeypot for exposing website threats.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
A web security tool that scans for vulnerabilities and known attacks.
A deliberately vulnerable modern day app with lots of DOM related bugs
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A security feature to prevent unexpected manipulation of fetched resources.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Cybersecurity industry portal offering articles, tools, and resources.
Cross-site scripting labs for web application security enthusiasts
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A popular free security tool for automatically finding security vulnerabilities in web applications
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security