interactsh Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction...
Crawl4AI Crawl4AI simplifies asynchronous web crawling and data extraction, making it accessible for large language models (LLMs) and AI applications. Feature 🆓 Completely free and open-source 🚀 Blazing fast performance, outperforming many paid services...
AuditForge AuditForge (PwnDoc fork) is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to search...
snuffleupagus Security module for php7 and php8 – Killing bugclasses and virtual-patching the rest! Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire...
authelia Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them...
HaE – Highlighter and Extractor HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide...
OWASP SecurityRAT OWASP SecurityRAT (Requirement Automation Tool) is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you’re...
HybridTestFramewrok In the era of the cloud-native world, we cannot stick to a particular framework, however, due to project requirements we often need to evolve the existing testing solution in such a way that...
Continuous Secure Delivery – Out of the Box secureCodeBox is a docker based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of...
Blinks Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue...
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
OWASP Coraza Web Application Firewall Welcome to OWASP Coraza WAF, Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset. Coraza...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
