147 Open source projects that are alternatives of or similar to headers

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

OWASP Threat Dragon core files

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Automated Security Testing For REST API's

Automated Penetration Testing Framework

The DevSecOps toolset for REST APIs

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

In-depth Attack Surface Mapping and Asset Discovery

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Audit tool to find common vulnerabilities in PHP source code

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Desktop variant of OWASP Threat Dragon

In-depth Attack Surface Mapping and Asset Discovery

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

OWASP Joomla Vulnerability Scanner Project

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

OWASP Web Application Security Testing Checklist

CSRF Protector library: standalone library for CSRF mitigation

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A curated list of resources for learning about application security

Damn Vulnerable NodeJS Application

A simple web app that helps developers understand the ASVS requirements.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The OWASP ZAP Heads Up Display (HUD)

The OWASP ZAP core project

OWASP Cloud Security - Enabling conversations through threat and control stories

Learning Penetration Testing of Android Applications

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

An open source, online threat modelling tool from OWASP

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

nodejs + express security and performance boilerplate.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Sqreen's Application Security Management for the Go language

Ready to use images of Zap and Glue, especially for CI integration.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

OWASP WEB Directory Scanner

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

Vulnerability Patterns Detector for C# and VB.NET

A collection of hacking / penetration testing resources to make you better!

OWASP ZSC - Shellcode/Obfuscate Code Generator

The Secure Coding Dojo is a platform for delivering secure coding training.

OWASP ZAP Add-ons

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

A simple tool for interacting with OWASP ZAP from the commandline.

Application Security Automation

Hacking tools

EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples

All Day DevOps - Automated Infrastructure Security Monitoring and Defence (ELK + AWS Lambda)

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Honeypot, Automated Deception Framework.

Awesome Node.js Security resources