OSV-Scanner Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since...
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
Bearer Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We...
DefectDojo is an open-source application vulnerability correlation and security orchestration application. It allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities, and push findings into defect...
Osmedeus Automatic Reconnaissance and Scanning in Penetration Testing What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Feature Subdomain Scan. Subdomain TakeOver...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
RevSuit – A Flexible and Powerful Reverse Connection Platform RevSuit is a flexible and powerful reverse connection platform designed for receiving connections from the target hosts in penetration. It currently supports HTTP, DNS, RMI,...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...
murphysec MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Features Analyze dependencies being used by your project, including direct and indirect dependencies Detect...
Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for...
