#Security-testing
Showing 60 of 80 repositories tagged #security-testing, ranked by stars
Automatic SQL injection and database takeover tool
Fully autonomous AI Agents system capable of performing complex penetration testing tasks
Automated Adversary Emulation Platform
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Proactive, Open source API security β API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
secureCodeBox (SCB) - continuous secure delivery out of the box
Hacking Toolkit
Awesome Python Security resources πΆππ
A friendly car security exploration tool for the CAN bus
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Resources for Application Security including Web, API, Android, iOS and Thick Client
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
Red Team Attack Lab for TTP testing & research
Awesome .NET Security Resources
Fuzz your Rust code with Google-developed Honggfuzz !
Web application vulnerability scanner
NERVE Continuous Vulnerability Scanner
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
The AI Agent for Cyber Security.
EMBArk - The firmware security scanning environment
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
SecHub provides a central API to test software with different security tools.
Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
Cyber Security Notes, Methodology, Resources and Tips
We are systematizing everything we know about Solana security into one structured resource: the Solana Security Strategy. Itβs a field-tested knowledge base for teams building serious products β packed with practical guidance, reference links, and strategy templates.
Welcome Cybersecurity's World. An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources in Cybersecurity.
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
:closed_lock_with_key: Open Source Python Keylogger Collection
one-stop resource for all things offensive security.
WireBug is a toolset for Voice-over-IP penetration testing
Vulnerable Banking Suite
Fuzzing tutorial with easy-to-learn labs π
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.
Mobile application security testing toolkit for Android, iOS & Flutter β ready-to-use FRIDA scripts (SSL pinning, root & anti-debug bypass, crypto monitoring), a full testing methodology, and hands-on guides.
a useful utility for android app security testing
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js
An AI red-team agent for authorized labs and web app pentesting workflows. Turns Claude Code / OpenCode / Codex into a structured recon β test β exploit β report workflow, with containerized tools and resumable state.
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Evil-BW16-WebUI is a dual-band (2.4GHz/5GHz) WiFi deauthentication tool for BW16 and ESP32 boards, featuring real-time monitoring, a web-based interface, channel hopping, and advanced packet injectionβintended solely for ethical security testing.
Linkable sandbox explorer
Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
RAG/LLM Security Scanner identifies critical vulnerabilities in AI-powered applications, including chatbots, virtual assistants, and knowledge retrieval systems.
BOAST is a server designed to receive and report Out-of-Band Application Security Testing (OAST) reactions.
Automated XSS Finder
Integrated Security Testing Environment for Web Applications as Burp Extension.
Want to test your applications using the latest OWASP security toolchains and the NIST National Vulnerability Database using Jenkins, Ansible and docker? :whale: :shield: :lock:
Script to manage and create local pentesting training virtual lab
Open-source AI agent red-team engine, SDK, and CLI. Run offline or against the Humanbound Platform.
:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
The purpose of this repo is to list all the related Research Papers focused on Smart-contracts security topics. As well as listing all the encountered smart-contracts defects with a summary description. π‘οΈ
BeeXSS is a specialized automated tool designed to detect Blind XSS (Cross-Site Scripting) vulnerabilities in web applications.
My Hacking Activities!
RAG pipeline security testing toolkit - 27 techniques across 6 kill chain phases, mapped to MITRE ATLAS
Collaborative application security testing between humans and agents via CLI and MCP