The best Security Testing tools and resources on the internet.

Check how well your Web Application Firewall (WAF) protects your product against common web attacks.

Generate insightful PDF Reports for code analysis done using SonarQube Community Edition

The world’s most used penetration testing framework

Ultimate Network Service Exploitation Tool

All-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

98 apps to perform reverse engineering and binary/malware analysis.

Security auditing and hardening tool, for UNIX-based systems.

A list of useful payloads and bypasses for Web Application Security

Advanced Logging for Burp Suite.

Execute role based security tests on APIs

A platform that interactively links resources together using connecting threats, weaknesses, standards, code samples, and test instructions.

The purpose of the project is to collect and share malware samples.

Sniffing out credentials.

Use Docker and Dockery Compose to test and find blind cross-site scripting vulnerabilities.

Analyze webpack production bundle

A CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Browser templates for Browser In The Browser (BITB) attack.

Lint an npm or Yarn lockfile to analyze and detect security issues via predefined security policies.

Simple, continuous and fully automated application security testing.

An on-path blackbox network traffic security testing tool

Automate web applications security assessments

It is a penetration testing tool that focuses on the web browser.

Web Application Security Scanner Framework

Web vulnerability scanner written in Python3

Curated lists of tools, tips and resources for protecting digital security and privacy

Enter a URL and this tool will tell you if the website is violating GDPR laws.

List of Static Code Analyzers

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

It scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc

online tool that you can use to check any website’s header status.

open source tests of web browser privacy.

Static analysis at ludicrous speed.

Static code analyzer for Infrastructure as Code

Scan git repos (or files) for secrets using regex and entropy 🔑

Identify vulnerabilities in running containers, images, hosts and repositories

A collection of awesome penetration testing and offensive cybersecurity resources.

Mariana Trench is a security focused static analysis platform targeting Android.

Clean Code starts in your IDE

Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.

A collection of useful links for Pentesters

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Security Testing

Security standard

Automatic SQL injection and database takeover tool

Operating System

Operatng System

Scanning tool for security vulnerabilities