Application Security

Application SecurityReporting

Faction Security

Automate PenTest reporting and AppSec Posture Management (ASPM) for penetration testers, red teams, and application security teams.

Report

ReconnaissanceApplication Security

Visit Website

Feroxbuster

Details

Feroxbuster is a fast, simple, recursive content discovery tool written in Rust, designed for forced browsing.

Web Bug Bounty

Reverse EngineeringApplication SecurityExploit Development

Visit Website

Frida

Details

Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers to analyze and modify application behavior.

Mobile

Application Security

Visit Website

Ghauri

Details

Ghauri is a cross-platform tool for detecting and exploiting SQL injection flaws, automating the process for security professionals.

Web Bug Bounty

Application SecurityCloud Security

Visit Website

Gitleaks

Details

Gitleaks detects secrets like passwords, API keys, and tokens in git repositories, files, and standard input.

Static Analysis

Application SecurityReconnaissanceInfrastructure Security

Visit Website

Gobuster

Details

Gobuster is a tool to brute-force URIs, DNS subdomains, and virtual hostnames, aiding in web application reconnaissance.

Web External Bug Bounty Classification

API SecurityApplication Security

Visit Website

GraphQLmap

Details

GraphQLmap is a scripting engine for GraphQL endpoint pentesting, automating queries and fuzzing for vulnerabilities.

API

Application SecurityReconnaissance

Visit Website

Grep by Vercel

Details

Grep is a code search tool by Vercel that allows users to search code, files, and paths across a million public GitHub repositories.

OSINT

Infrastructure SecurityApplication SecurityRed Team Operations

Visit Website

HORIZON3.ai

Details

Next‑gen autonomous penetration testing with NodeZero®—Horizon3.ai uncovers real‑world attack paths across cloud, on‑prem, and hybrid environments without human intervention.

Internal External Services

Application Security

Visit Website

Interactsh

Details

Interactsh is a tool and service for capturing and handling out-of-band interactions during security testing.

Internal Web API

Application SecurityAPI Security

Visit Website

JWT Debugger

Details

JWT Debugger is a web application to create, encode, decode, and debug JWT (JSON Web Tokens).

Web API Static Analysis

Application Security

Visit Website

Mobile Security Framework

Details

Mobile Security Framework (MobSF) is a mobile application security assessment framework for static and dynamic analysis.

Mobile

Category

Explore by categories

All

AI Security

API Security