Over 46+ awesome Security Testing tools and resources on the internet to supercharge your testing.
The worldβs most used penetration testing framework
Ultimate Network Service Exploitation Tool
All-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework.
π΅οΈββοΈ All-in-one OSINT tool for analysing any website
98 apps to perform reverse engineering and binary/malware analysis.
Security auditing and hardening tool, for UNIX-based systems.
A list of useful payloads and bypasses for Web Application Security
Advanced Logging for Burp Suite.
Execute role based security tests on APIs
A platform that interactively links resources together using connecting threats, weaknesses, standards, code samples, and test instructions.
The purpose of the project is to collect and share malware samples.
Sniffing out credentials.
Use Docker and Dockery Compose to test and find blind cross-site scripting vulnerabilities.
Analyze webpack production bundle
A CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Browser templates for Browser In The Browser (BITB) attack.
Lint an npm or Yarn lockfile to analyze and detect security issues via predefined security policies.
Simple, continuous and fully automated application security testing.
An on-path blackbox network traffic security testing tool
Automate web applications security assessments
It is a penetration testing tool that focuses on the web browser.
Web Application Security Scanner Framework
Web vulnerability scanner written in Python3
Curated lists of tools, tips and resources for protecting digital security and privacy
Enter a URL and this tool will tell you if the website is violating GDPR laws.
List of Static Code Analyzers
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
It scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc
online tool that you can use to check any websiteβs header status.
open source tests of web browser privacy.
Static analysis at ludicrous speed.
Static code analyzer for Infrastructure as Code
Scan git repos (or files) for secrets using regex and entropy π
Identify vulnerabilities in running containers, images, hosts and repositories
A collection of awesome penetration testing and offensive cybersecurity resources.
Mariana Trench is a security focused static analysis platform targeting Android.
Clean Code starts in your IDE
Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.
A collection of useful links for Pentesters
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Security Testing
Security standard
Automatic SQL injection and database takeover tool
Operating System
Operatng System
Scanning tool for security vulnerabilities