Open Source Libs
Find Open Source Packages
Open Source Libraries
👉
Security
👉
Appsec
67 Open Source Appsec Software Projects
Free and open source appsec code projects including engines, APIs, generators, and tools.
Cheatsheetseries
13836 ⭐
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Zaproxy
7847 ⭐
The OWASP ZAP core project
Maurosoria Dirsearch
4577 ⭐
Web path scanner
Juice Shop
3847 ⭐
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
W3af
3351 ⭐
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Whatweb
2670 ⭐
Next generation web scanner
Payloads
2452 ⭐
Git All the Payloads! A collection of web attack payloads.
Wstg
1661 ⭐
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Numirias Security
830 ⭐
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Railsgoat
670 ⭐
A vulnerable version of Rails that follows the OWASP Top 10
Kamus
655 ⭐
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Dependency Track
613 ⭐
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Zap Extensions
446 ⭐
OWASP ZAP Add-ons
Owasp Vwad
422 ⭐
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Race The Web
329 ⭐
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Dependency Check Sonar Plugin
308 ⭐
Integrates Dependency-Check reports into SonarQube
Www Community
266 ⭐
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Application Security Engineer Interview Questions
221 ⭐
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Awesome Threat Modelling
214 ⭐
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Yawast
176 ⭐
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Sbt Dependency Check
176 ⭐
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Rfi Lfi Payload List
145 ⭐
🎯 RFI/LFI Payload List
Kurukshetra
129 ⭐
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Solutions Bwapp
121 ⭐
In progress rough solutions to bWAPP / bee-box
Blisqy
119 ⭐
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Nist Data Mirror
120 ⭐
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Bag Of Holding
112 ⭐
An application to assist in the organization and prioritization of software security activities.
Securityrat
109 ⭐
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Threat Model Cookbook
121 ⭐
This project is about creating and publishing threat model examples.
Websocket Fuzzer
109 ⭐
HTML5 WebSocket message fuzzer
Oob Server
108 ⭐
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Shiftleftsecurity Sast Scan
132 ⭐
A Free & Open Source DevSecOps Platform
Jwt Fuzzer
93 ⭐
JWT fuzzer
Dvfaas Damn Vulnerable Functions As A Service
87 ⭐
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
Dependency Check Plugin
85 ⭐
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Njsscan
86 ⭐
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Threatmodel Sdk
59 ⭐
A Java library for parsing and programmatically using threat models
Nodejssecurity
55 ⭐
Documentation for Essential Node.js Security
Faloker Purify
59 ⭐
All-in-one tool for managing vulnerability reports from AppSec pipelines
Resources For Application Security
54 ⭐
Some good resources for getting started with application security
Zap Sonar Plugin
50 ⭐
Integrates OWASP Zed Attack Proxy reports into SonarQube
Jwtweak
47 ⭐
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Typeerror Bookmarks
44 ⭐
A Burp Suite Extension to take back your repeater tabs
Softrams Bulwark
58 ⭐
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Gore
36 ⭐
A modular bug hunting and web application pentesting framework written in Go
Reapsaw
33 ⭐
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Appsec Education
35 ⭐
Presentations, training modules, and other education materials from Duo Security's Application Security team.
Ukraine Infosec Conferences
33 ⭐
Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки.
Sqlinjection Training App
31 ⭐
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Libsast
36 ⭐
Generic SAST Library
Hakbot Origin Controller
28 ⭐
Vendor-Neutral Security Tool Automation Controller (over REST)
Embeddedappsec
29 ⭐
Embedded AppSec Best Practices
Zap Mini Workshop
26 ⭐
Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0
Tutorials
27 ⭐
Additional Resources For Securing The Stack Tutorials
Awesome Frontend Security
25 ⭐
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
Sample Scan Files
25 ⭐
Sample scan files for testing DefectDojo imports
Cryptonice
25 ⭐
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Whoof
19 ⭐
Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities
Appsec_awareness_training
16 ⭐
Application Security Awareness Training
Vulndb Data Mirror
16 ⭐
A simple Java command-line utility to mirror the entire contents of VulnDB.
Ovaa
38 ⭐
Oversecured Vulnerable Android App
Obsidiansailboat
11 ⭐
Nmap and NSE command line wrapper in the style of Metasploit
Www Project Vulnerable Web Applications Directory
10 ⭐
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
Web Methodology
117 ⭐
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Whitepass
10 ⭐
Whitepass Bypass Whitelist/Ratelimit Implementations in Web Applications/APIs
bad-slug
183 ⭐
The OWASP ZAP Heads Up Display (HUD)
bad-slug
13 ⭐
Checkmarx Scan Github Action