Best Tools For Security Testing

Protect your user data and ensure your app is protocted against bad actors with these powerful tools & resources for security testing.

The purpose of the project is to collect and share malware samples.

Sniffing out credentials.

Use Docker and Dockery Compose to test and find blind cross-site scripting vulnerabilities.

Analyze webpack production bundle

A CLI tool that helps you avoid undefined user behaviour by validating your API specifications.


Browser templates for Browser In The Browser (BITB) attack.

Lint an npm or Yarn lockfile to analyze and detect security issues via predefined security policies.

A framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

An on-path blackbox network traffic security testing tool


Automate web applications security assessments


It is a penetration testing tool that focuses on the web browser.

Web Application Security Scanner Framework


Web vulnerability scanner written in Python3

Curated lists of tools, tips and resources for protecting digital security and privacy

Enter a URL and this tool will tell you if the website is violating GDPR laws.

List of Static Code Analyzers

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

It scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc

online tool that you can use to check any website’s header status.

Open-source tests of web browser privacy.

Static analysis at ludicrous speed.

Static code analyzer for Infrastructure as Code

Scan git repos (or files) for secrets using regex and entropy 🔑

Identify vulnerabilities in running containers, images, hosts and repositories

A collection of awesome penetration testing and offensive cybersecurity resources.

Mariana Trench is a security focused static analysis platform targeting Android.

Clean Code starts in your IDE

Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.

A collection of useful links for Pentesters

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.


Automatic SQL injection and database takeover tool


Operating System


Scanning tool for security vulnerabilities