Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

A standard API specification for exchanging supply chain artifacts and intelligence

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

AI-powered cybersecurity code review skill for Claude Code. 8 specialist agents, OWASP 2025, CWE Top 25, MITRE ATT&CK, 11 languages, zero configuration.

Want to test your applications using the latest OWASP security toolchains and the NIST National Vulnerability Database using Jenkins, Ansible and docker? 🐳 🛡️ 🔒

Script to manage and create local pentesting training virtual lab

OWASP EKS Goat is a deliberately vulnerable EKS cluster environment to explore AWS cloud-native security through hands-on attack and defense labs with walkthrough.

Don Cheli — SDD Framework. The most comprehensive Specification-Driven Development framework for AI agents. 88+ commands, 51 skills, 15 reasoning models. TDD mandatory, OWASP audit, Autonomous Mode, Crash Recovery, PRD Generator. Works with Claude Code, Gemini/Antigravity, Cursor, Codex, Warp, Amp, OpenCode, Continue.dev. ES/EN/PT.

Bash script to manage insecure web apps using docker and hosts aliases for pentest practice

Ready to use images of Zap and Glue, especially for CI integration.

DEPRECATED: Docker support moved to https://github.com/owtf/owtf

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

A learning and testing environment for web application hacking and pentesting.

Offensive penetration testing. Perform multiple attack types against web applications, vulnerable programs and OSes in predefined and safe test environment

Secure nginx proxy with letsencrypt, modsecurity, fail2ban, crowdsec, clamav and serval other security components based on alpine docker

A simple Web Application Firewall docker image.

A fast encrypted compression tool in Go Language

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The xss finder gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place.

All Labs of the Security for Developers Training

acquirer.sh A Automated recon script made by @Albonycal