Learn about a type of vulnerability that specifically targets machine learning models

Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.

Contextual Content Discovery Tool

A fast, simple, recursive content discovery tool written in Rust.

🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

This project is deprecated. Use https://github.com/returntocorp/semgrep instead

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths

qsinject (Query String Inject) is a tool that allows you to quickly substitute query string values with regex matches, one-at-a-time.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Main Sigma Rule Repository

All-in-one tool for managing vulnerability reports from AppSec pipelines

A GitHub Action for running the ZAP Baseline scan

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

SAMM stands for Software Assurance Maturity Model.

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Application Security Verification Standard

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens