juice-shop / juice-shopView external linksLinks
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
☆12,501Updated this week
Alternatives and similar repositories for juice-shop
Users that are interested in juice-shop are comparing it to the libraries listed below
Sorting:
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF☆75,135Feb 2, 2026Updated 2 weeks ago
- SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in …☆68,783Updated this week
- The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.☆8,817Feb 8, 2026Updated last week
- In-depth attack surface mapping and asset discovery☆14,103Updated this week
- Damn Vulnerable Web Application (DVWA)☆12,588Jan 21, 2026Updated 3 weeks ago
- WebGoat is a deliberately insecure application☆8,912Feb 8, 2026Updated last week
- Fast web fuzzer written in Go☆15,574Apr 24, 2025Updated 9 months ago
- The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topic…☆31,324Feb 6, 2026Updated last week
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆26,985Updated this week
- The ZAP by Checkmarx Core project☆14,751Updated this week
- PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)☆19,268Feb 4, 2026Updated last week
- Directory/File, DNS and VHost busting tool written in Go☆13,379Feb 9, 2026Updated last week
- Fast passive subdomain enumeration tool.☆13,054Feb 5, 2026Updated last week
- Nishang - Offensive PowerShell for red team, penetration testing and offensive security.☆9,740Apr 25, 2024Updated last year
- Impacket is a collection of Python classes for working with network protocols.☆15,448Updated this week
- Attack Surface Management Platform☆9,386Jan 12, 2026Updated last month
- A swiss army knife for pentesting networks☆9,056Dec 6, 2023Updated 2 years ago
- A collection of awesome penetration testing resources, tools and other shiny things☆25,238Jan 25, 2026Updated 3 weeks ago
- CTF framework and exploit development library☆13,250Jan 23, 2026Updated 3 weeks ago
- Fast subdomains enumeration tool for penetration testers☆10,802Aug 2, 2024Updated last year
- Find, verify, and analyze leaked credentials☆24,487Feb 7, 2026Updated last week
- Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and n…☆10,870Updated this week
- Web path scanner☆13,979Updated this week
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,810Nov 10, 2023Updated 2 years ago
- This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.☆10,115Sep 29, 2025Updated 4 months ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.☆5,638Jan 5, 2026Updated last month
- A curated list of CTF frameworks, libraries, resources and softwares☆11,245Jul 22, 2024Updated last year
- Most advanced XSS scanner.☆14,735Apr 26, 2025Updated 9 months ago
- A Tool for Domain Flyovers☆5,897May 22, 2022Updated 3 years ago
- A list of public penetration test reports published by several consulting firms and academic security groups.☆9,359Nov 24, 2025Updated 2 months ago
- A Modern Orchestration Engine for Security☆6,096Updated this week
- GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.☆12,638Updated this week
- A list of resources for those interested in getting started in bug bounties☆11,782Jul 23, 2024Updated last year
- Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.☆5,430Feb 13, 2025Updated last year
- Scripted Local Linux Enumeration & Privilege Escalation Checks☆7,822Sep 6, 2023Updated 2 years ago
- The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse enginee…☆12,716Updated this week
- Web application fuzzer☆6,411Jan 21, 2026Updated 3 weeks ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆6,376Sep 14, 2023Updated 2 years ago
- E-mails, subdomains and names Harvester - OSINT☆15,617Feb 8, 2026Updated last week