Contextual Content Discovery Tool

Automated All-in-One OS Command Injection Exploitation Tool

Most advanced XSS scanner.

Automatic SQL injection and database takeover tool

Fast web fuzzer written in Go

Take a list of domains and probe for working HTTP and HTTPS servers

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…