Submit your favorite resources for free.
Browse the newest offensive security tools, platforms, and services recently added to HackDB.
RESTler is a stateful REST API fuzzing tool for automatically testing cloud services and finding security and reliability bugs.
WuppieFuzz: coverage-guided REST API fuzzer using LibAFL, easy-to-use, explainable flaws, modular, supports black/grey/white box testing.
Arjun is an HTTP parameter discovery suite to find valid web parameters and uncover hidden endpoints.
Graphw00f is a GraphQL server engine fingerprinting tool. It identifies backend technologies and security defenses by analyzing unique endpoint responses.
Garak is an LLM vulnerability scanner that probes for weaknesses like prompt injection, data leakage, hallucination, and toxicity.
Practical measures for enterprises to secure AI and LLM technology adoption, reducing security risks with pragmatic advice.
ModelScan: scans ML models for unsafe code, supporting H5, Pickle, and SavedModel formats, protecting against serialization attacks.
Assess the security of your GraphQL apps: authorization, access control, complexity limits, introspection, DDOS, and injections.
Kiterunner is a contextual content discovery tool for modern web applications and APIs, excelling in route/endpoint bruteforcing.
GraphQL Cop is a Python utility for running security tests against GraphQL APIs, ideal for CI/CD checks and vulnerability reproduction.
crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.
Altair GraphQL Client is a feature-rich IDE for debugging GraphQL queries and implementations across all platforms, simplifying development workflows.