The ZAP by Checkmarx Core project
☆14,856Mar 10, 2026Updated this week
Alternatives and similar repositories for zaproxy
Users that are interested in zaproxy are comparing it to the libraries listed below
Sorting:
- ZAP Add-ons☆919Updated this week
- Nikto web server scanner☆10,152Mar 4, 2026Updated last week
- w3af: web application attack and audit framework, the open source web vulnerability scanner.☆4,853Feb 22, 2023Updated 3 years ago
- Metasploit Framework☆37,673Updated this week
- Automatic SQL injection and database takeover tool☆36,768Feb 26, 2026Updated 2 weeks ago
- In-depth attack surface mapping and asset discovery☆14,222Updated this week
- SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in …☆69,337Updated this week
- Web application fuzzer☆6,434Jan 21, 2026Updated last month
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆32,947Mar 6, 2026Updated last week
- Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…☆27,411Updated this week
- Web Application Security Scanner Framework☆4,013May 22, 2025Updated 9 months ago
- The Browser Exploitation Framework Project☆10,755Mar 6, 2026Updated last week
- Open Source Vulnerability Management Platform☆6,290Feb 13, 2026Updated last month
- The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topic…☆31,499Mar 6, 2026Updated last week
- An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.☆42,540Mar 1, 2026Updated last week
- Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices☆12,052Mar 6, 2026Updated last week
- Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and sys…☆15,362Jan 28, 2026Updated last month
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,835Nov 10, 2023Updated 2 years ago
- WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websit…☆9,504Feb 16, 2026Updated 3 weeks ago
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,452Updated this week
- TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.☆25,397Jun 5, 2025Updated 9 months ago
- Directory/File, DNS and VHost busting tool written in Go☆13,486Mar 6, 2026Updated last week
- Fast web fuzzer written in Go☆15,723Apr 24, 2025Updated 10 months ago
- Most advanced XSS scanner.☆14,805Apr 26, 2025Updated 10 months ago
- Vulnerability Static Analysis for Containers☆10,940Updated this week
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF☆75,937Updated this week
- OWASP Juice Shop: Probably the most modern and sophisticated insecure web application☆12,665Updated this week
- Web path scanner☆14,065Feb 20, 2026Updated 3 weeks ago
- Find, verify, and analyze leaked credentials☆24,933Mar 7, 2026Updated last week
- Fast subdomains enumeration tool for penetration testers☆10,849Aug 2, 2024Updated last year
- WebGoat is a deliberately insecure application☆9,006Feb 8, 2026Updated last month
- Attack Surface Management Platform☆9,449Feb 15, 2026Updated 3 weeks ago
- Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and …☆20,524Mar 4, 2026Updated last week
- Automated All-in-One OS Command Injection Exploitation Tool☆5,661Updated this week
- Fast passive subdomain enumeration tool.☆13,192Mar 5, 2026Updated last week
- ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-base…☆9,542Updated this week
- A collection of ZAP scripts and tips provided by the community - pull requests very welcome!☆868Mar 1, 2026Updated last week
- A little tool to play with Windows security☆21,316May 11, 2025Updated 10 months ago
- Find secrets with Gitleaks 🔑☆25,320Feb 21, 2026Updated 2 weeks ago