dast

There are 94 repositories under dast topic.

projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Language:Go24.8k 248 2.7k2.9k
zaproxy/zaproxy
The ZAP by Checkmarx Core project
Language:Java14.1k 402 5.2k2.4k
analysis-tools-dev/dynamic-analysis
⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
Language:Markdown1k 32 107111
zaproxy/zap-extensions
ZAP Add-ons
Language:HTML895 54 0734
zaproxy/community-scripts
A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
Language:JavaScript846 60 13249
alipay/ant-application-security-testing-benchmark
xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
Language:Java416 8 2655
mercedes-benz/sechub
SecHub provides a central API to test software with different security tools.
Language:Java344 11 2.5k79
zaproxy/action-baseline
A GitHub Action for running the ZAP Baseline scan
Language:JavaScript336 8 3056
zaproxy/action-full-scan
A GitHub Action for running the ZAP Full scan
Language:JavaScript330 11 2362
PortSwigger/dastardly-github-action
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Language:Dockerfile287 11 0102
we45/ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Language:Python282 25 2659
cerberauth/vulnapi
API Security Vulnerability Scanner designed to help you secure your APIs.
Language:Go173 2 5618
DenisPodgurskii/pentestkit
OWASP PTK - application security browser extension.
Language:JavaScript156 5 424
karthikuj/sasori
Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
Language:JavaScript145 4 2716
hahwul/mzap
⚡️ Multiple target ZAP Scanning
Language:Go103 3 718
secdec/attack-surface-detector-burp
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Language:Java101 14 730
Zigrin-Security/CakeFuzzer
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Language:Python98 4 17
sidd-harth/kubernetes-devops-security
Udemy Course on DevSecOps
Language:Java93 6 41.7k
CyAxe/lotus
:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:
Language:Rust87 2 8012
projectdiscovery/fuzzing-templates
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
64 5 811
rmkanda/tools
Curated list of security tools
64 3 217
secdec/attack-surface-detector-zap
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Language:Java63 10 1314
zaproxy/action-api-scan
A GitHub Action for running the ZAP API scan
Language:JavaScript61 10 821
ncc-erik-steringer/Aerides
An implementation of infrastructure-as-code scanning using dynamic tooling.
Language:HCL56 3 00
infobyte/faraday_plugins
Security tools report parsers for Faradaysec.com
Language:Python54 12 2120
ASTTeam/DAST
《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.
53 2 02
ionutbalosin/java-application-security-practices
Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.
Language:Java53 4 09
CloudDefenseAI/cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Language:Shell49 6 25
arall/vulnerabilities
Examples of different vulnerabilities, in a variety of languages, shapes and sizes.
Language:HTML29 1 016
secdec/astam-correlator
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
Language:Java24 9 39
ErdemOzgen/DevSecOps-Vault
Collection of roadmaps, tools, best practice, resources about DevSecOps
23 3 07
fortify/WebInspectAutomation
Sample Python script for automating WebInspect scans and pushing results to SSC
Language:Python22 3 312
SasanLabs/owasp-zap-fileupload-addon
OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
Language:Java22 2 116
zaproxy/action-af
A GitHub Action for running ZAP Automation Framework plans
Language:JavaScript19 7 38
kh4sh3i/DevSecOps
Collection and Roadmap for everyone who wants DevSecOps, contains list of tools and methodologies
18 2 08
Probely/probely-github-action
Probely's GitHub Action
Language:Python17 2 00

dast

projectdiscovery/nuclei

zaproxy/zaproxy

analysis-tools-dev/dynamic-analysis

zaproxy/zap-extensions

zaproxy/community-scripts

alipay/ant-application-security-testing-benchmark

mercedes-benz/sechub

zaproxy/action-baseline

zaproxy/action-full-scan

PortSwigger/dastardly-github-action

we45/ThreatPlaybook

cerberauth/vulnapi

DenisPodgurskii/pentestkit

karthikuj/sasori

hahwul/mzap

secdec/attack-surface-detector-burp

Zigrin-Security/CakeFuzzer

sidd-harth/kubernetes-devops-security

CyAxe/lotus

projectdiscovery/fuzzing-templates

rmkanda/tools

secdec/attack-surface-detector-zap

zaproxy/action-api-scan

ncc-erik-steringer/Aerides

infobyte/faraday_plugins

ASTTeam/DAST

ionutbalosin/java-application-security-practices

CloudDefenseAI/cd

arall/vulnerabilities

secdec/astam-correlator

ErdemOzgen/DevSecOps-Vault

fortify/WebInspectAutomation

SasanLabs/owasp-zap-fileupload-addon

zaproxy/action-af

kh4sh3i/DevSecOps

Probely/probely-github-action