A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
β322Aug 13, 2025Updated 6 months ago
Alternatives and similar repositories for capital
Users that are interested in capital are comparing it to the libraries listed below
Sorting:
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β142Nov 3, 2025Updated 3 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ109Feb 16, 2024Updated 2 years ago
- An extension to use Semgrep inside Burp Suite.β88May 23, 2025Updated 9 months ago
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practisβ¦β1,676May 24, 2025Updated 9 months ago
- Vulnerable app with examples showing how to not use secretsβ1,395Updated this week
- Burp Suite Certified Practitioner Exam Studyβ1,323Feb 5, 2026Updated 3 weeks ago
- Vulnerable REST API with OWASP top 10 vulnerabilities for security testingβ1,173Nov 25, 2024Updated last year
- A GraphQL enumeration and extraction toolβ133Jan 29, 2023Updated 3 years ago
- AWSGoat : A Damn Vulnerable AWS Infrastructureβ1,975May 20, 2025Updated 9 months ago
- Kraken, a modular multi-language webshell coded by @secu_x11β548Feb 10, 2024Updated 2 years ago
- Black box fuzzer for web applicationsβ437Jul 20, 2025Updated 7 months ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,771May 22, 2024Updated last year
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.β238Jan 10, 2024Updated 2 years ago
- Awesome secure by default libraries to help you eliminate bug classes!β700Dec 6, 2025Updated 2 months ago
- Automating situational awareness for cloud penetration tests.β2,295Updated this week
- A very vulnerable implementation of a GraphQL API.β61Nov 12, 2021Updated 4 years ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.β1,105Updated this week
- Proactive, Open source API security β API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom teβ¦β1,449Updated this week
- completely ridiculous API (crAPI)β1,435Updated this week
- β227Dec 18, 2025Updated 2 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,524Jan 15, 2026Updated last month
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.β646Nov 21, 2019Updated 6 years ago
- β380May 17, 2023Updated 2 years ago
- User enumeration and password spraying tool for testing Azure ADβ71Mar 3, 2022Updated 3 years ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,290Aug 7, 2025Updated 6 months ago
- β17May 16, 2022Updated 3 years ago
- vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.β1,328Jan 10, 2025Updated last year
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.β1,344Aug 6, 2025Updated 6 months ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.β605Nov 28, 2024Updated last year
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.β319Nov 12, 2025Updated 3 months ago
- Secrets scanner that understands codeβ192Nov 2, 2023Updated 2 years ago
- β84May 1, 2023Updated 2 years ago
- Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.β1,864Oct 1, 2025Updated 4 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.β338Feb 13, 2026Updated 2 weeks ago
- π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.β427Feb 20, 2026Updated last week
- Unleash the power of cloudβ818Nov 19, 2024Updated last year
- β522Apr 29, 2024Updated last year
- VyAPI - A cloud based vulnerable hybrid Android Appβ86Feb 21, 2020Updated 6 years ago
- π§° Multi Tool Kubernetes Pentest Imageβ254Sep 1, 2025Updated 5 months ago