A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
β332Jun 10, 2026Updated 2 weeks ago
Alternatives and similar repositories for capital
Users that are interested in capital are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β141May 3, 2026Updated last month
- An extension to use Semgrep inside Burp Suite.β90May 23, 2025Updated last year
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practisβ¦β1,691May 24, 2025Updated last year
- completely ridiculous API (crAPI)β1,527May 14, 2026Updated last month
- Vulnerable app with examples showing how to not use secretsβ1,448Updated this week
- Bare Metal GPUs on DigitalOcean Gradient AI β’ AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Vulnerable REST API with OWASP top 10 vulnerabilities for security testingβ1,248Apr 7, 2026Updated 2 months ago
- Proactive, Open source API security β API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom teβ¦β1,486Updated this week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ112Feb 16, 2024Updated 2 years ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,845May 22, 2024Updated 2 years ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.β237Jan 10, 2024Updated 2 years ago
- Burp Suite Certified Practitioner Exam Studyβ1,420Mar 12, 2026Updated 3 months ago
- Black box fuzzer for web applicationsβ437Jul 20, 2025Updated 11 months ago
- AWSGoat : A Damn Vulnerable AWS Infrastructureβ2,026May 20, 2025Updated last year
- β246Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- β17May 16, 2022Updated 4 years ago
- vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.β1,339Jan 10, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,569Mar 8, 2026Updated 3 months ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.β1,340Updated this week
- Kraken, a modular multi-language webshell coded by @secu_x11β553Feb 10, 2024Updated 2 years ago
- Automating situational awareness for cloud penetration tests.β2,502May 26, 2026Updated last month
- Awesome secure by default libraries to help you eliminate bug classes!β708Dec 6, 2025Updated 6 months ago
- A GraphQL enumeration and extraction toolβ134Jan 29, 2023Updated 3 years ago
- Secrets scanner that understands codeβ192Nov 2, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,362Aug 7, 2025Updated 10 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β1,082Mar 24, 2026Updated 3 months ago
- Unleash the power of cloudβ820Nov 19, 2024Updated last year
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.β651Nov 21, 2019Updated 6 years ago
- π§° Multi Tool Kubernetes Pentest Imageβ260Mar 30, 2026Updated 2 months ago
- A very simple AEM detector written in rust.π¦β20Jun 27, 2023Updated 3 years ago
- β88May 1, 2023Updated 3 years ago
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.β331Jun 5, 2026Updated 3 weeks ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.β1,507Aug 6, 2025Updated 10 months ago
- Simple, predictable pricing with DigitalOcean hosting β’ AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- GCP GOAT is the vulnerable application for learn the GCP Securityβ71May 20, 2026Updated last month
- AzureGoat : A Damn Vulnerable Azure Infrastructureβ945Oct 30, 2024Updated last year
- A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that β¦β255Aug 31, 2022Updated 3 years ago
- β383May 17, 2023Updated 3 years ago
- β15Jul 17, 2024Updated last year
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assetsβ874Mar 28, 2025Updated last year
- Twitter vulnerable snippetsβ1,162Feb 11, 2026Updated 4 months ago