121 Open source projects that are alternatives of or similar to crAPI

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Automated Penetration Testing Framework

Automated Security Testing For REST API's

Awesome Node.js Security resources

In-depth Attack Surface Mapping and Asset Discovery

OWASP Honeypot, Automated Deception Framework.

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Threat Dragon core files

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

CSRF Protector library: standalone library for CSRF mitigation

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

Audit tool to find common vulnerabilities in PHP source code

Desktop variant of OWASP Threat Dragon

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

In-depth Attack Surface Mapping and Asset Discovery

OWASP Joomla Vulnerability Scanner Project

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

OWASP Web Application Security Testing Checklist

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

OWASP ZAP Add-ons

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

Hacking tools

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A simple web app that helps developers understand the ASVS requirements.

A simple tool for interacting with OWASP ZAP from the commandline.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

The OWASP ZAP core project

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Learning Penetration Testing of Android Applications

The Secure Coding Dojo is a platform for delivering secure coding training.

An open source, online threat modelling tool from OWASP

OWASP Cloud Security - Enabling conversations through threat and control stories

nodejs + express security and performance boilerplate.

Run Capture the Flags and Security Trainings with OWASP Juice Shop

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

Ready to use images of Zap and Glue, especially for CI integration.

The OWASP ZAP Heads Up Display (HUD)

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Sqreen's Application Security Management for the Go language

OWASP WEB Directory Scanner

An application to catch, search and analyze HTTP secure headers.

Vulnerability Patterns Detector for C# and VB.NET

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

OWASP ZSC - Shellcode/Obfuscate Code Generator

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A collection of hacking / penetration testing resources to make you better!

OWASP Code Review Guide Web Repository

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

The DevSecOps toolset for REST APIs

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development