Submit your favorite resources for free.
Browse the newest offensive security tools, platforms, and services recently added to HackDB.
DefectDojo automates application security vulnerability management, unifying security tools and streamlining DevSecOps workflows.
Dradis CE is an open-source reporting and collaboration tool for InfoSec professionals to streamline security project reporting for free.
PwnDoc is a pentest reporting application that simplifies writing findings and generating customizable Docx reports, saving time on documentation.
Automate PenTest reporting and AppSec Posture Management (ASPM) for penetration testers, red teams, and application security teams.
Empire is a post-exploitation framework for red teams and penetration testers, featuring encrypted comms and a modular design.
Havoc is a modern, malleable post-exploitation C2 framework with sleep obfuscation, return address spoofing, and indirect syscalls.
Mythic is a collaborative, multi-platform, red teaming framework with a user-friendly interface for operators and managers.
shcheck is a tool to check security headers of a website, reporting which are enabled and which are not.
Prism is an open-source HTTP mock and proxy server that accelerates API development with realistic mock servers powered by OpenAPI documents.
RESTler is a stateful REST API fuzzing tool for automatically testing cloud services and finding security and reliability bugs.
WuppieFuzz: coverage-guided REST API fuzzer using LibAFL, easy-to-use, explainable flaws, modular, supports black/grey/white box testing.
Arjun is an HTTP parameter discovery suite to find valid web parameters and uncover hidden endpoints.
