toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS)...
WebApp PenTest
xnLinkFinder This is a tool used to discover endpoints for a given target. It can find them...
autoSSRF autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools,...
riskscanner RiskScanner is an open-source multi-cloud security compliance scanning platform, Based on Cloud Custodian, Prowler, and Nuclei...
crAPI At a high level, the crAPI application is modeled as a B2C application that allows any...
SCodeScanner SCodeScanner stands for Source Code scanner where the user can scan the source code for finding...
JSubFinder JSubFinder is a tool written in golang to search webpages & javascript for hidden subdomains and...
cats REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with...
fuzzuli fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic...
VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross-Site Scripting (XSS) Command Injection...
CrackQL CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing...
Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through...
GraphCrawler Graph Crawler is an automated testing toolkit for any GraphQL endpoint. It will run through and...
File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability...