Submit your favorite resources for free.
Browse the newest offensive security tools, platforms, and services recently added to HackDB.
Dalfox is a powerful open-source XSS scanner and utility focused on automation, designed for detecting and verifying XSS vulnerabilities.
ffuf is a fast web fuzzer written in Go, designed for content discovery and web application security testing.
Nuclei is a fast, customizable vulnerability scanner using YAML templates to detect vulnerabilities in applications, networks, and cloud.
Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple vulnerabilities.
Osmedeus is a workflow engine for offensive security, designed to build customizable reconnaissance systems for large-scale targets.
sqlmap is an automatic SQL injection and database takeover tool for penetration testing and vulnerability detection.
The GPEN certification validates a professional's ability to conduct penetration tests using best-practice techniques and methodologies.
The GWAPT certification validates web application penetration testing skills, covering exploits, security issues, and testing methodologies.
Retire.js: Scans web/Node.js apps for vulnerable JS libraries & generates SBOMs, aiding in identifying & mitigating security risks.
Foundational web application security course with Kali Linux, teaching vulnerability exploitation and leading to OSWA certification.
Learn foundational wireless network attacks and earn the OffSec Wireless Security Professional (OSWP) certification.
Advanced web application penetration testing course for ethical hacking, vulnerability discovery, and exploit development, leading to OSWE.