An auditing tool for detecting vulnerabilities, powered by advisory databases that follow the OSV specification.

Application Security Testing Software.
Free, lightweight web application security scanning for CI/CD.
manual tools to start web security testing.

A fast tool to scan CRLF vulnerability written in Goc

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.

Most advanced XSS scanner.
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

A Burp Extension for GraphQL Security Testing.
A security testing tool to facilitate GraphQL technology security auditing efforts.

LightBulb is an open source python framework for auditing web applications firewalls.

NIST Certified SCAP 1.2 toolkit. The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines. We maintain great flexibility and interoperability, reducing costs of performing security audits.

• OpenSCAP @ GitHub.
• Auditez la sécurité de vos serveurs avec OpenScap @ Culture et Outils DevSecOps :fr:.

WebSploit Is An Open Source Project For Scan And Analysis Remote Syste