Category

Gobuster is a tool to brute-force URIs, DNS subdomains, and virtual hostnames, aiding in web application reconnaissance.

GraphQLmap is a scripting engine for GraphQL endpoint pentesting, automating queries and fuzzing for vulnerabilities.

Grep is a code search tool by Vercel that allows users to search code, files, and paths across a million public GitHub repositories.

Horizon3.ai provides autonomous pentesting via NodeZero, allowing red teams to find exploitable attack paths and verify security fixes in real-time.

Interactsh is a tool and service for capturing and handling out-of-band interactions during security testing.

Unified exposure management platform for automated vulnerability scanning, attack surface monitoring, and cloud security posture management.

JWT Debugger is a web application to create, encode, decode, and debug JWT (JSON Web Tokens). It helps developers inspect claims and test token integrity.

MCPHammer is a security assessment tool for the Model Context Protocol. It helps red teams test LLM integrations for prompt injection and data leakage.

Mobile Security Framework (MobSF) is a mobile application security assessment framework for static and dynamic analysis.

Moxy is an open-source DAST tool with agentic AI for modern web application security testing and automated pentesting workflows.

NeroSwarm Deception Lab offers free cyber deception tools including honeytoken creation, honeypot script generation, and IP threat reputation checking.

Nessus Essentials is a free vulnerability scanner by Tenable, offering high-speed, in-depth scanning for up to 16 IP addresses.