RedTeam.Blue

Web Application Security

PyCript

Burp extension to encrypt/decrypt traffic with custom logic in Python, Go, Node.js, etc.

Marcos Henrique

☆

Web Application Security

Pentest Mapper

Burp extension to map API flows and link them to custom security test checklists.

Marcos Henrique

☆

Web Application Security

InterceptSuite

Intercepts and inspects TLS/SSL traffic across all protocols beyond HTTP/S.

Marcos Henrique

☆

Web Application Security

Swego

Go webserver with many features, simple like Python&amp;#039;s SimpleHTTPServer.

Marcos Henrique

☆

Web Application Security

CAIDO

Modern, lightweight web security proxy with clean UI and modular design for web testing.

Luan Nutels

☆

Web Application Security

HackTools

Browser extension with payloads, cheatsheets, shells for web app penetration testing.

Marcos Henrique

☆

Web Application Security

WP Recon

Tool for vulnerability recognition and blackbox info gathering on WordPress sites.

Marcos Henrique

☆

Web Application Security

ZAP Proxy

Open-source scanner to find web app vulnerabilities, useful for developers and pentesters.

Marcos Henrique

☆

Web Application Security

HTTP Toolkit

Open-source tool to intercept, inspect, and modify HTTP(S) traffic for testing and debugging.

Marcos Henrique

☆

Web Application Security

Hetty

HTTP toolkit for security testing, open source alternative to Burp Suite Pro.

Marcos Henrique

☆

Web Application Security

BeEF

BeEF exploits web browsers for client-side attacks and security assessments.

Marcos Henrique

☆

Web Application Security

ZERO Threat

AI-powered continuous pentest platform detecting 40,000+ vulnerabilities in real time.

Marcos Henrique

☆

Web Application Security

WuppieFuzz

WuppieFuzz is a coverage-guided REST API fuzzer focused on usability, flaw explainability, and modularity.

Marcos Henrique

☆

Web Application Security

Wapiti

Wapiti performs black-box scans on web apps, injecting payloads to identify vulnerabilities.

Marcos Henrique

☆

Web Application Security

snyk API

Discover and test API and web app security, prioritize risks, and find/fix vulnerabilities.

Marcos Henrique

☆

Web Application Security

OSTE Meta Scanner

DAST meta scanner combining Nikto, ZAP, Nuclei, SkipFish, and Wapiti to detect web vulnerabilities.

Marcos Henrique

☆

Web Application Security

WPScan Online

Scanner tailored to detect and assess vulnerabilities in WordPress websites with precision.

Marcos Henrique

☆

Web Application Security

proxify

Multifunction proxy with filtering, traffic replay and upstream support for Burp integration.

Marcos Henrique

☆

Web Application Security

Nikto

Web server scanner detecting dangerous files, outdated versions, and config vulnerabilities.

Marcos Henrique

☆

Web Application Security

ImmuniWeb

Free app/API security, phishing detection, and dark web monitoring for awareness and safety.

Marcos Henrique

☆

Web Application Security

GraphQL Security

Quickly assesses GraphQL app security for vulnerabilities and misconfigurations.

Marcos Henrique

☆

Web Application Security

Veracode Dynamic Analysis

Dynamic scanner to detect risks in web apps and APIs for agile development teams.

Marcos Henrique

☆

Web Application Security

Burp Suite Community

Free manual toolkit to start web application security testing.

Marcos Henrique

☆

Web Application Security

Barrion

Automated scans to detect flaws in websites, web apps, and APIs no setup needed.

Marcos Henrique

☆

Web Application Security

Indusface

PTaaS platform for testing apps/APIs, logic flaws, and continuous malware monitoring.

Marcos Henrique

☆

Web Application Security

aikido

DAST tool for monitoring apps/APIs to detect OWASP risks like XSS, SQLi, and CSRF.

Marcos Henrique

☆

Web Application Security

HTTP Observatory

Scanner that checks websites for compliance with recommended security best practices.

Marcos Henrique

☆

Web Application Security

cleanhttp

Library to detect and filter wildcard HTTP servers using signature-based rules.

Marcos Henrique

☆