AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Security tools report parsers for Faradaysec.com

HowToLogin is a tool that tests web application login pages for login page vulnerabilities and impelementations.

Sample Python script for automating WebInspect scans and pushing results to SSC

Лабораторные работы по курсам для AppSec, Risk Analysis, Securty Champion: Toolchain, Orchestration, CI/CD, UML, etc.

Probely's GitHub Action

DAST scanner(http headers, https enforcement, cookie security, TLS/SSl analysis) . Security purposes only

Comprehensive security scanner for Model Context Protocol (MCP) servers

Automatic DevSecOps builder

(in)secure git workshop 🔓+🔑 = 🔐

Tool for automated scanning of the common vulnerabilities of company subdomains

Suite of web browser fuzzing tools aimed at optimising code coverage. Test case generation from a built-in Context-Free Grammar, mutation fuzzing from a corpus of scraped web pages, DOM fuzzing and more.

Automated Security testing using ZAP Python API. This can be used with any functional UI automation tool.

Exemplo de workflow de segurança que realiza testes SAST, SCA, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

SOOS DAST Scanning - Register for a Free Trial at https://app.soos.io/register

A demo security vault application, for training and experimenting with OWASP and security tools.

Open Redirect Hunter is a Burp Suite extension designed to automatically detect open redirect vulnerabilities in web applications.

Карта инструментов AppSec, которая дает возможность выбрать выгодные для себя решения под все необходимые ситуации: когда нет денег, когда не можем интегрировать большой инструмент, когда никого нет и приходится делать все одному и тд.