Submit your favorite resources for free.
Static application security testing (SAST) tools and code analysis resources used to identify vulnerabilities without executing the targeted application.
Ghidra is a software reverse engineering suite developed by the NSA. It includes tools for disassembly, decompilation, and analyzing malicious code.
Gitleaks detects secrets like passwords, API keys, and tokens in git repositories, files, and standard input.
IDA Pro: The ultimate multi-platform, multi-processor reverse engineering and malware analysis tool with a powerful disassembler and debugger.
JWT Debugger is a web application to create, encode, decode, and debug JWT (JSON Web Tokens). It helps developers inspect claims and test token integrity.
Opengrep is a static code analysis engine for finding security issues in code, supporting 30+ languages and customizable rules.
OSINT.ly is a specialized intelligence engine that helps red teams discover subdomains, exposed assets, and digital footprints for advanced target recon.
PE-bear: A multiplatform reversing tool for PE files, offering a fast and flexible first view for malware analysis.
Probely is an automated web application and API vulnerability scanner designed for agile teams to automate security testing in their SDLC.
Retire.js: Scans web/Node.js apps for vulnerable JS libraries & generates SBOMs, aiding in identifying & mitigating security risks.
Schemathesis is a tool that automatically generates API tests from OpenAPI and GraphQL schemas to find bugs.
OWASP Threat Dragon is a free, open-source threat modeling tool for creating threat model diagrams and listing threats.
Titus is a high-performance secrets scanner that detects and validates leaked credentials in code, binaries, and HTTP traffic for offensive engagements.
