A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
β331May 30, 2026Updated last week
Alternatives and similar repositories for capital
Users that are interested in capital are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β141May 3, 2026Updated last month
- An extension to use Semgrep inside Burp Suite.β90May 23, 2025Updated last year
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practisβ¦β1,689May 24, 2025Updated last year
- completely ridiculous API (crAPI)β1,521May 14, 2026Updated 3 weeks ago
- Vulnerable app with examples showing how to not use secretsβ1,441Jun 1, 2026Updated last week
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Vulnerable REST API with OWASP top 10 vulnerabilities for security testingβ1,227Apr 7, 2026Updated 2 months ago
- Proactive, Open source API security β API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom teβ¦β1,483Updated this week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ111Feb 16, 2024Updated 2 years ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,836May 22, 2024Updated 2 years ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.β238Jan 10, 2024Updated 2 years ago
- Burp Suite Certified Practitioner Exam Studyβ1,410Mar 12, 2026Updated 2 months ago
- Black box fuzzer for web applicationsβ437Jul 20, 2025Updated 10 months ago
- AWSGoat : A Damn Vulnerable AWS Infrastructureβ2,021May 20, 2025Updated last year
- β243Updated this week
- End-to-end encrypted cloud storage - Proton Drive β’ AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- β17May 16, 2022Updated 4 years ago
- vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.β1,336Jan 10, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,561Mar 8, 2026Updated 3 months ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.β1,320Updated this week
- Kraken, a modular multi-language webshell coded by @secu_x11β553Feb 10, 2024Updated 2 years ago
- Automating situational awareness for cloud penetration tests.β2,416May 26, 2026Updated last week
- Awesome secure by default libraries to help you eliminate bug classes!β708Dec 6, 2025Updated 6 months ago
- A GraphQL enumeration and extraction toolβ134Jan 29, 2023Updated 3 years ago
- Secrets scanner that understands codeβ192Nov 2, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,354Aug 7, 2025Updated 10 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β1,083Mar 24, 2026Updated 2 months ago
- Unleash the power of cloudβ818Nov 19, 2024Updated last year
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.β651Nov 21, 2019Updated 6 years ago
- π§° Multi Tool Kubernetes Pentest Imageβ260Mar 30, 2026Updated 2 months ago
- A very simple AEM detector written in rust.π¦β20Jun 27, 2023Updated 2 years ago
- β88May 1, 2023Updated 3 years ago
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.β329Nov 12, 2025Updated 6 months ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.β1,497Aug 6, 2025Updated 10 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits β’ AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- AzureGoat : A Damn Vulnerable Azure Infrastructureβ940Oct 30, 2024Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Securityβ71May 20, 2026Updated 2 weeks ago
- A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that β¦β255Aug 31, 2022Updated 3 years ago
- β385May 17, 2023Updated 3 years ago
- β16Jul 17, 2024Updated last year
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assetsβ872Mar 28, 2025Updated last year
- Twitter vulnerable snippetsβ1,161Feb 11, 2026Updated 3 months ago