Open source vulnerability DB and triage service.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

A simple threat modeling tool to help humans to reduce time-to-value when threat modeling

Linux kernel source tree

ESLint rules for Node Security

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

InSpec: Auditing and Testing Framework

This Packer provisioner has been archived due to it no longer being maintained. Users are encouraged to use the shell or shell-local provisioner to run the provisioning tools made available by this…

The OpenTF Manifesto expresses concern over HashiCorp's switch of the Terraform license from open-source to the Business Source License (BSL) and calls for the tool's return to a truly open-source …

gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

A command line security audit tool for Amazon Web Services

Lint the licenses for iOS projects

Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers Benchmark specification

The developer first cloud governance platform

Pentesting Reporting Tool

Wmap ("Web Mapper") Information gathering for web hacking.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

React Suspended is an educational frontend application riddled with security vulnerabilities

A deliberately vulnerable js app made with reactjs. For educational purposes.

Intentionally vulnerable React web application for exercising vulnerability detection

The ICS Advisory Project is an open-source project to provide DHS CISA ICS Advisories data in Comma Separated Value (CSV) format to support vulnerability analysis for the ICS/OT community. This is …

Repository containing all the artifacts needed for the demos. IMPLEMENT SECURITY IN MICROSERVICE ARCHITECTURE ON AWS.

OWASP Foundation Web Respository

A tool to dump a git repository from a website