The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
SOC Multi-tool Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft...
pip-audit pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail...
GDA(GJoy Dex Analysizer) Most reverse engineers mainly use Java decompiler, commercial Dalvik decompiler Jeb, and smali2java to analyze Android APPs. Java decompiler is based on Java bytecode, including JD, JD-GUI, jadx, and others. smali2java...
Velociraptor – Endpoint visibility and collection tool. Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic, and cyber response platform. It was originally developed by DFIR professionals who needed a powerful and efficient...
Beanshooter Beanshooter is a command-line tool written in Java, which helps to identify common vulnerabilities on JMX endpoints. JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from the remote. Applications like tomcat or JBoss are...
Katana A next-generation crawling and spidering framework Feature Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control – Preconfigured field / Regex Customizable output – Preconfigured fields INPUT – STDIN, URL and LIST...
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names, and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
