#Dast

Showing 27 of 27 repositories tagged #dast, ranked by stars

projectdiscovery
projectdiscovery
nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Score
100
★ 29.6k ⑂ 3.5k +47/day
Go
zaproxy
zaproxy
zaproxy

The ZAP by Checkmarx Core project

Score
100
★ 15.4k ⑂ 2.6k +3/day
Java
zaproxy
zaproxy
zap-extensions

ZAP Add-ons

Score
95
★ 934 ⑂ 796
HTML
FuzzingLabs
FuzzingLabs
secpipe

MCP server for AI-driven security pipelines

Score
89
★ 798 ⑂ 95
Python
vigolium
vigolium
vigolium

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

Score
0
★ 766 ⑂ 120 +8/day
Go
alipay
alipay
ant-application-security-testing-benchmark

xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

Score
84
★ 483 ⑂ 62 +1/day
Java
FrancescoStabile
FrancescoStabile
numasec

The AI Agent for Cyber Security.

Score
74
★ 419 ⑂ 49 +4/day
TypeScript
zaproxy
zaproxy
action-full-scan

A GitHub Action for running the ZAP Full scan

Score
79
★ 378 ⑂ 70
JavaScript
zaproxy
zaproxy
action-baseline

A GitHub Action for running the ZAP Baseline scan

Score
68
★ 363 ⑂ 61
JavaScript
mercedes-benz
mercedes-benz
sechub

SecHub provides a central API to test software with different security tools.

Score
47
★ 353 ⑂ 80
Java
PortSwigger
PortSwigger
dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Score
0
★ 297 ⑂ 99
Dockerfile
cerberauth
cerberauth
vulnapi

API Security Vulnerability Scanner designed to help you secure your APIs.

Score
58
★ 275 ⑂ 37 +1/day
Go
hahwul
hahwul
mzap

⚡️ Multiple target ZAP Scanning

Score
42
★ 111 ⑂ 18 +1/day
Crystal
Zigrin-Security
Zigrin-Security
CakeFuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Score
11
★ 104 ⑂ 9
Python
sidd-harth
sidd-harth
kubernetes-devops-security

Udemy Course on DevSecOps

Score
100
★ 103 ⑂ 1.8k
Java
Zeronleft
Zeronleft
lotus

:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:

Score
0
★ 93 ⑂ 13
Rust
inno-devops-labs
inno-devops-labs
DevSecOps-Intro

🚀 DevSecOps intro elective — 10 hands-on labs + 2 bonus hardening OWASP Juice Shop: threat modeling (STRIDE/Threagile), signed commits & secret scanning, SBOM/SCA, SAST + DAST, IaC security (Checkov/KICS), container & supply-chain hardening (Trivy, Cosign), runtime detection with Falco, and DefectDojo vuln management.

Score
63
★ 81 ⑂ 135
Shell
zaproxy
zaproxy
zaproxy-website

The source of ZAP website

Score
53
★ 80 ⑂ 131
HTML
zaproxy
zaproxy
action-api-scan

A GitHub Action for running the ZAP API scan

Score
37
★ 74 ⑂ 24
JavaScript
secdec
secdec
attack-surface-detector-zap

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Score
0
★ 69 ⑂ 15
Java
rmkanda
rmkanda
tools

Curated list of security tools

Score
5
★ 69 ⑂ 16
Armur-Ai
Armur-Ai
vibescan

Security scanner for AI-generated ("vibe-coded") code. Runs SAST, DAST, and sandboxed exploit simulation across 15+ languages using 30+ tools. Catches what LLMs introduce before it ships — with AI-powered fixes and PR review integration.

Score
32
★ 67 ⑂ 13 +2/day
Go
ncc-erik-steringer
ncc-erik-steringer
Aerides

An implementation of infrastructure-as-code scanning using dynamic tooling.

Score
0
★ 56 ⑂ 0
HCL
CloudDefenseAI
CloudDefenseAI
cd

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Score
16
★ 49 ⑂ 5
Shell
ErdemOzgen
ErdemOzgen
DevSecOps-Vault

Collection of roadmaps, tools, best practice, resources about DevSecOps

Score
50
★ 40 ⑂ 9
Shell
mythos-agent
mythos-agent
mythos-agent

The AI security agent guards your code.

Score
26
★ 36 ⑂ 7
TypeScript
akinerkisa
akinerkisa
HTLogin

HowToLogin is a tool that tests web application login pages for login page vulnerabilities and impelementations.

Score
21
★ 30 ⑂ 5
Python
Related Topics
#security#devsecops#sast#security-scanner#appsec#security-tools#cybersecurity#vulnerability-scanner#zaproxy#opensource#automation

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly