O-Saft: OWASP SSL advanced forensic tool
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
OWASP Coraza Web Application Firewall Welcome to OWASP Coraza WAF, Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset. Coraza...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass...
Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
BunkerWeb BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them “secure by default”. BunkerWeb integrates...
Faraday – Open Source Vulnerability Manager Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security...
Flow Analyzer Flow Analyzer is designed for helping in low-level understanding and testing of OAuth 2.0 Grants/Flows. OpenID Connect (OIDC) OAuth 2.0 was designed for authorization. OpenID Connect (OIDC) extends the OAuth 2.0 functionality...
Janusec Application Gateway Janusec Application Gateway is an application security solution that provides WAF (Web Application Firewall), CC attack defense, a unified web administration portal, private key protection, web routing, and scalable load balancing....
CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64,...
MyJWT A cli for cracking, and testing vulnerabilities on Json Web Token(JWT). This cli is for pentesters, CTF players, or devs. You can modify your jwt, sign, inject, etc… Features copy new jwt to...
graphw00f – GraphQL Server Fingerprinting graphw00f is a Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint. How does it work? graphw00f...
Go Test WAF GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to...
CloudFox CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open-source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure....