The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

OWASP CRS (Official Repository)

Automated Security Testing For REST API's

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Maryam: Open-source Intelligence(OSINT) Framework

AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

OWASP WEB Directory Scanner

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

OWASP Honeypot, Automated Deception Framework.

OWASP Domain Protect - prevent subdomain takeover

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy

The DevSecOps toolset for REST APIs

AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.