#Dast
Showing 27 of 27 repositories tagged #dast, ranked by stars
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
The ZAP by Checkmarx Core project
ZAP Add-ons
MCP server for AI-driven security pipelines
Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
The AI Agent for Cyber Security.
A GitHub Action for running the ZAP Full scan
A GitHub Action for running the ZAP Baseline scan
SecHub provides a central API to test software with different security tools.
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
API Security Vulnerability Scanner designed to help you secure your APIs.
⚡️ Multiple target ZAP Scanning
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Udemy Course on DevSecOps
:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:
🚀 DevSecOps intro elective — 10 hands-on labs + 2 bonus hardening OWASP Juice Shop: threat modeling (STRIDE/Threagile), signed commits & secret scanning, SBOM/SCA, SAST + DAST, IaC security (Checkov/KICS), container & supply-chain hardening (Trivy, Cosign), runtime detection with Falco, and DefectDojo vuln management.
The source of ZAP website
A GitHub Action for running the ZAP API scan
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Curated list of security tools
Security scanner for AI-generated ("vibe-coded") code. Runs SAST, DAST, and sandboxed exploit simulation across 15+ languages using 30+ tools. Catches what LLMs introduce before it ships — with AI-powered fixes and PR review integration.
An implementation of infrastructure-as-code scanning using dynamic tooling.
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Collection of roadmaps, tools, best practice, resources about DevSecOps
The AI security agent guards your code.
HowToLogin is a tool that tests web application login pages for login page vulnerabilities and impelementations.