Web Application Tools

462 tools
research
research
Free Web Application

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks
resolvers
resolvers
Open Source Exploitation Password Attacks

The most exhaustive list of reliable DNS resolvers.
resources
resources
Open Source Web Application

Tools, data, and contact lists relevant to The disclose.io Project.
Resources-for-Beginner-Bug-Bounty-Hunters
Resources-for-Beginner-Bug-Bounty-Hunters
Free Web Application

A list of resources for those interested in getting started in bug bounties
Retire.js
Retire.js
Open Source Scanning & Enumeration Web Application

Detects the use of JavaScript libraries with known vulnerabilities. Available as a CLI tool, browser extension, Grunt plugin, and Burp Suite…
ronin-vulns
ronin-vulns
Open Source Exploitation Web Application

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side …
rustchain-bounties
rustchain-bounties
Free Web Application

Earn RTC crypto by contributing to the RustChain ecosystem. Bounties from 1-150 RTC. Star, code, write tutorials, find bugs.
safe-marked
safe-marked
Open Source Web Application

Markdown to HTML using marked and DOMPurify. Safe by default.
SafeLine
SafeLine
Open Source Exploitation Web Application

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
sanitizer-polyfill
sanitizer-polyfill
Open Source Web Application

rewrite constructor arguments, call DOMPurify, profit
scant3r
scant3r
Open Source Web Application

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
SCANter
SCANter
Open Source Exploitation Web Application

Websites Vulnerability Scanner
scary-strings
scary-strings
Open Source Password Attacks Reverse Engineering

If these strings are in your code, you might have a problem!
scope
scope
Free Reconnaissance Web Application

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/…
ScopeSentry
ScopeSentry
Free Reconnaissance Web Application

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed n…
Scrummage
Scrummage
Open Source Reconnaissance Web Application

A Holistic OSINT and Threat Hunting Platform
SecAutoBan
SecAutoBan
Open Source Web Application

恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、天融信WAF、科来网络安全分析审计系统、深信服态势感知、启明星辰全网安全态势感知系统。支持如下设备联动封禁:RouterOS、OPNse…
secfiles
secfiles
Open Source Exploitation Password Attacks

My useful files for penetration tests, security assessments, bug bounty and other security related stuff
second-order
second-order
Open Source Password Attacks Reconnaissance

Second-order subdomain takeover scanner
SecReport
SecReport
Open Source Exploitation Web Application

ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
sectemplates
sectemplates
Free Forensics Web Application

Open source templates you can use to bootstrap your security programs
sectracker
sectracker
Free Reconnaissance Web Application

A Modern Bug Bounty and Security Research Management Platform
secure
secure
Open Source Web Application

Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Dja…
secureCodeBox
secureCodeBox
Free Web Application

secureCodeBox (SCB) - continuous secure delivery out of the box