Stars
Learn about a type of vulnerability that specifically targets machine learning models
Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.
A fast, simple, recursive content discovery tool written in Rust.
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
All-in-one tool for managing vulnerability reports from AppSec pipelines
A GitHub Action for running the ZAP Baseline scan
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
SAMM stands for Software Assurance Maturity Model.
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens