Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
murphysec MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Features Analyze dependencies being used by your project, including direct and indirect dependencies Detect...
What is TCA Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a code comprehensive analysis platform, which includes three components: server, web, and client. It supports the integration...
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. You can also check...
What is afrog afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command...
Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the gathered intelligence in a...
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
Safety is a command-line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues. If you are using something insecure, you’ll get...
InQL Scanner InQL Scanner is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Changelog v4.0.6 Fixes: Try to avoid...
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security...
