Proactively identify and fix security weaknesses to prevent cyber threats and protect your assets.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
A tool to find and search for registered CVEs, creating a local CVE database for offline use.
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
iOS application for testing iOS penetration testing skills in a legal environment.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
A multithreaded vulnerability scanner for web-based applications
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
OWASP Project for making vulnerability management easier.
Web server scanner for identifying security vulnerabilities.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A tool that checks for hijackable packages in NPM and Python Pypi registries
A collection of 132 exploits added to Packet Storm in April 2024
A tool to run YARA rules against node_module folders to identify suspicious scripts
A non-profit organization focused on improving the security of software through resources and training.
A tool that finds unprotected secrets in container images or file systems, matching against a database of 140 secret types.
