Web-Security

An automated, all-in-one mobile application security testing framework supporting static and dynamic analysis of Android, iOS, and Windows mobile apps.

A fast, open-source static analysis tool that uses lightweight pattern matching to find bugs, security vulnerabilities, and anti-patterns across 30+ programming languages.

Developer security platform providing software composition analysis, static code analysis, container scanning, and IaC security testing integrated into the development workflow.

The most widely deployed platform for continuous code quality and security analysis, performing static analysis across 30+ languages to detect bugs, vulnerabilities, and code smells.

Commercial DAST/IAST web application security scanner with proof-based scanning, DeepScan JavaScript rendering, and optional grey-box AcuSensor agent for code-level precision.

Enterprise-grade DAST platform using proof-based scanning to automatically confirm exploitable vulnerabilities in web applications and APIs with near-zero false positives.

The world's most widely used penetration testing framework, providing a modular library of 2,600+ exploits, 2,100+ payloads, and 1,300+ auxiliary tools for the full attack lifecycle.

A fast, template-driven vulnerability scanner with 12,000+ community-maintained detection templates covering CVEs, misconfigurations, and exposures across web, network, and cloud.

Cloud-native enterprise security platform delivering continuous vulnerability management, web application scanning, and compliance auditing across IT assets and cloud workloads.

The de facto WordPress security scanner, enumerating plugins, themes, and core versions against a curated database of 71,900+ known WordPress vulnerabilities.

A modern web application security proxy built in Rust, designed for penetration testers and bug bounty hunters as a fast alternative to legacy Java-based tools.

Open-source web server scanner that checks for dangerous files, outdated software, and misconfigurations across 6,700+ known vulnerability signatures.

The definitive open-source SQL injection detection and exploitation tool, supporting 30+ database management systems and six injection techniques.

Professional tools for web application security testing, from scanning for vulnerabilities to exploiting them.

The world's most widely used web app scanner. Free and open source for both automation and manual testing.