w3af is an open source web application security scanner that helps developers and penetration testers identify and exploit vulnerabilities in their web applications. The scanner can identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection, and OS commanding. Contributions are welcome, and the project is sponsored by Holm Security for automated vulnerability assessment.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Simple script to check a domain's email protections and identify vulnerabilities.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.