5444 Open source projects that are alternatives of or similar to Juice Shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Next generation web scanner

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Some good resources for getting started with application security

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

🤖 The Modern Port Scanner 🤖

Web path scanner

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

OWASP ZAP Add-ons

A tool to fastly get all javascript sources/files

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Micro-framework for rapid development of reusable security tools

A collection of hacking / penetration testing resources to make you better!

The OWASP ZAP core project

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

The OWASP ZAP Heads Up Display (HUD)

A curated list of awesome privilege escalation

GitHub Action to set up Fortify ScanCentral Client

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Useful tools and scripts during Penetration Testing engagements

locate and attack Lync/Skype for Business

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Application Security Awareness Training

Awesome cloud enumerator

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

The iCTF Framework, presented by Shellphish!

secureCodeBox (SCB) - continuous secure delivery out of the box

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Hacker101 CTF Writeup

Penetration Testing notes, resources and scripts

This is a multi-use bash script for Linux systems to audit wireless networks.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

👻 A LAN dropbox chatbot controllable via Telegram

Full Nuclei automation script with logic explanation.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

OSINT

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

swiss army knife for hackers

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

My own OSCP guide

CTF (Capture The Flag) writeups, code snippets, notes, scripts

Web application vulnerability scanner

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Steganography brute-force utility to uncover hidden data inside files

Idiomatic nmap library for go developers