The ZAP by Checkmarx Core project

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.

SecHub provides a central API to test software with different security tools.

A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.

An extension to use Semgrep inside Burp Suite.

Powerful Shodan API client using RxJava and Retrofit

Codety Scanner is a comprehensive code scanner designed to detect code issues for 30+ programming languages and IaC frameworks. It embeds more than 6,000 code analysis rules and can detect code smells, vulnerable code, secrets in the code, performance issues, style violations, and more.

JWTLens - Burp Suite extension for automated JWT security testing. 62 checks: passive scanning, algorithm confusion, signature bypass, KID injection, weak secret brute force, and a built-in JWT Forge tab. Works automatically as you browse.

A BurpSuite extension for vulnerability Scanning

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

Custom semgrep rules registry

Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

Integrate our security scans with your Jenkins CI/CD pipeline

The TLS-Scanner for the SIWECOS Project

Detect and test JSON Web Tokens for security flaws with automated checks in Burp Suite extensions, including token analysis and active exploitation.

An android application for scanning security of wifi networks

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

The Sec1 Security plugin provides both SCA and SAST capabilities, enabling teams to scan SCM repositories for open-source vulnerabilities and analyze code to detect security issues early in development.