mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

created at Feb. 16, 2010, 4:10 a.m.

Python

626 +0

37,151 +65

4,060 +5

GitHub
sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

created at June 26, 2012, 9:52 a.m.

Python

1,096 +1

32,844 +53

5,745 +1

GitHub
CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

created at Nov. 28, 2016, 10:34 a.m.

JavaScript

393 +0

29,575 +61

3,307 +8

GitHub
nuclei by projectdiscovery

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

created at April 3, 2020, 6:47 p.m.

Go

238 +0

21,030 +97

2,535 +8

GitHub
radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

C

487 -2

20,862 +36

3,020 +1

GitHub
gitleaks by gitleaks

Find secrets with Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

Go

161 +1

18,153 +52

1,484 +3

GitHub
DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

JavaScript

153 +0

14,236 +39

739 +1

GitHub
XSStrike by UltimateHackers

Most advanced XSS scanner.

created at June 26, 2017, 7:24 a.m.

Python

275 +0

13,450 +26

1,915 +3

GitHub
Photon by UltimateHackers

Incredibly fast crawler designed for OSINT.

created at March 30, 2018, 7:38 p.m.

Python

324 -1

11,120 +8

1,530 +1

GitHub
prowler by prowler-cloud

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

created at Aug. 24, 2016, 3:12 p.m.

Python

130 -1

10,944 +22

1,561 +5

GitHub
juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

TypeScript

162 +0

10,581 +29

11,252 +69

GitHub
webshell by tennc

This is a webshell open source project

created at May 23, 2013, 7:37 a.m.

PHP

488 +0

10,166 +12

5,579 +2

GitHub
Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

created at Dec. 15, 2015, 12:55 a.m.

Python

230 +0

9,949 +14

2,114 +4

GitHub
beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

JavaScript

443 +0

9,914 +12

2,191 +2

GitHub
wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

created at July 11, 2012, 8:27 p.m.

Ruby

268 +0

8,666 +19

1,269 +1

GitHub
fuzzdb by fuzzdb-project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

created at Sept. 10, 2015, 5:54 p.m.

PHP

367 +0

8,287 +14

2,104 +0

GitHub
xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

created at April 23, 2018, 6:09 a.m.

Unknown languages

139 +0

6,481 +16

1,707 +3

GitHub
wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

Python

169 +1

5,978 +1

1,386 +1

GitHub
gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

Go

154 +0

5,954 +1

831 -2

GitHub
aquatone by michenriksen

A Tool for Domain Flyovers

created at Nov. 19, 2015, 11:30 a.m.

Go

136 +0

5,671 +10

880 +0

GitHub