dast

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

The ZAP by Checkmarx Core project

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

ZAP Add-ons

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

SecHub provides a central API to test software with different security tools.

A GitHub Action for running the ZAP Baseline scan

A GitHub Action for running the ZAP Full scan

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

API Security Vulnerability Scanner designed to help you secure your APIs.

OWASP PTK - application security browser extension.

Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

⚡️ Multiple target ZAP Scanning

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Udemy Course on DevSecOps

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.