Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
BunkerWeb BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them “secure by default”. BunkerWeb integrates...
Faraday – Open Source Vulnerability Manager Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security...
Flow Analyzer Flow Analyzer is designed for helping in low-level understanding and testing of OAuth 2.0 Grants/Flows. OpenID Connect (OIDC) OAuth 2.0 was designed for authorization. OpenID Connect (OIDC) extends the OAuth 2.0 functionality...
Janusec Application Gateway Janusec Application Gateway is an application security solution that provides WAF (Web Application Firewall), CC attack defense, a unified web administration portal, private key protection, web routing, and scalable load balancing....
CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64,...
MyJWT A cli for cracking, and testing vulnerabilities on Json Web Token(JWT). This cli is for pentesters, CTF players, or devs. You can modify your jwt, sign, inject, etc… Features copy new jwt to...
graphw00f – GraphQL Server Fingerprinting graphw00f is a Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint. How does it work? graphw00f...
Go Test WAF GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to...
CloudFox CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open-source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure....
route-detect Find authentication (authn) and authorization (authz) security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard...
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
FACTION PenTesting Report Generation and Collaboration Framework FACTION is your entire assessment workflow in a box. With FACTION you can: Automate pen testing and security assessment Reports Peer review and track changes for reports...
