Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with dast

A curated list of projects in awesome lists tagged with dast .

https://github.com/projectdiscovery/nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner dast hacktoberfest nuclei-engine security security-scanner subdomain-takeover vulnerability-assessment vulnerability-detection vulnerability-scanner

Last synced: 28 Jan 2026

https://github.com/mre/awesome-dynamic-analysis

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

analysis dast dynamic dynamic-analysis dynamic-code-analysis

Last synced: 19 Mar 2025

https://github.com/zaproxy/community-scripts

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

appsec dast scripts tips webappsec zaproxy

Last synced: 10 May 2025

https://github.com/alipay/ant-application-security-testing-benchmark

xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

application benchmark dast evaluation iast sast sca security testing

Last synced: 15 May 2025

https://github.com/zaproxy/action-baseline

A GitHub Action for running the ZAP Baseline scan

actions dast devsecops github-actions security

Last synced: 10 Apr 2025

https://github.com/zaproxy/action-full-scan

A GitHub Action for running the ZAP Full scan

actions dast devsecops github-actions security

Last synced: 23 Aug 2025

https://github.com/we45/ThreatPlaybook

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

application-security dast devsecops python sast threat-model

Last synced: 01 Apr 2025

https://github.com/portswigger/dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

automation dast devsecops security-tools

Last synced: 27 Jun 2025

https://github.com/karthikuj/sasori

Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.

automation crawler crawling dast dynamic endpoint-discovery infosec puppeteer scraping security

Last synced: 15 Aug 2025

https://github.com/hahwul/mzap

⚡️ Multiple target ZAP Scanning

bugbounty dast hacking security zaproxy zaproxy-automation

Last synced: 28 Feb 2026

https://github.com/Zigrin-Security/CakeFuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

cybersecurity dast hacking iast sast

Last synced: 20 Jul 2025

https://github.com/secdec/attack-surface-detector-burp

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

dast pentesting security vulnerability

Last synced: 19 Apr 2025

https://github.com/projectdiscovery/fuzzing-templates

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

api dast fuzzing nuclei security

Last synced: 14 Jan 2026

https://github.com/secdec/attack-surface-detector-zap

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

dast pentesting security vulnerability

Last synced: 10 May 2025

https://github.com/astteam/dast

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

0e0w dast

Last synced: 01 Mar 2026

https://github.com/arall/vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

dast sast security vulnerabilities vulnerability vulnerable vulnerable-app vulnerable-application

Last synced: 22 Jan 2026

https://github.com/SasanLabs/owasp-zap-fileupload-addon

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

dast fileupload hacktoberfest java sasanlabs scanner security security-tools zap zaproxy

Last synced: 11 Jul 2025

https://github.com/sasanlabs/owasp-zap-fileupload-addon

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

dast fileupload hacktoberfest java sasanlabs scanner security security-tools zap zaproxy

Last synced: 13 Apr 2025

https://github.com/geminishkv/course_labs

Лабораторные работы по курсам для AppSec, Risk Analysis, Securty Champion: Toolchain, Orchestration, CI/CD, UML, etc.

appsec appsec-tutorials bash bmstu containersecurity course dast docker growth-team lerning-platform owasp-top-10 python sast sca secretdetection security security-team-testing toolchain tools training-materials

Last synced: 01 Apr 2026

https://github.com/zaproxy/action-af

A GitHub Action for running ZAP Automation Framework plans

actions dast devsecops github-actions security

Last synced: 30 Jun 2025

https://github.com/paulveillard/cybersecurity-static-analysis

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines, technical resources and most important static application security testing (SAST)

analysis cybersecurity cybersecurity-education dast dynamic-programming rsa rsa-cryptography sast static static-analysis static-analysis-plugin

Last synced: 07 Jan 2026

https://github.com/paulveillard/cybersecurity-dynamic-analysis

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines and technical resources and most important dynamic application security testing (DAST)

dast dynamic-analysis dynamic-analysis-engines sast static-analysis vulnerabilities vulnerability-assessment vulnerability-identification vulnerability-management vulnerability-scanner vulnerability-scanners

Last synced: 06 Jan 2026

https://github.com/kingthorin/neonmarker

Continuation of the ZAP Neonmarker add-on previously by Juha Kivekäs

appsec dast hacktoberfest pentest pentest-tool pentesting pentesting-tools webappsec zap zaproxy

Last synced: 22 Mar 2025

https://github.com/huntridge-labs/argus

Argus brings “a hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.

container-security dast devsecops fedramp hardening iac-security malware-detection sast secret-detection security-automation security-scanning security-tools vulnerability-scanning

Last synced: 01 Apr 2026

https://github.com/portswigger/enterprise-helm-charts

Helm charts for Burp Suite DAST Kubernetes installation.

burp dast enterprise helm-chart kubernetes

Last synced: 07 Apr 2026

https://github.com/soos-io/soos-dast

SOOS DAST Scanning - Register for a Free Trial at https://app.soos.io/register

dast penetration-testing security soos web-security

Last synced: 24 Feb 2026

https://github.com/fadhilthomas/zap-reporter

run summary report of owasp zap findings

dast golang security

Last synced: 10 Mar 2026

https://github.com/fadhilthomas/nuclei-reporter

run summary report of nuclei findings

dast golang security

Last synced: 10 Mar 2026

https://github.com/duriantaco/ravage

AI pentesting research agent for controlled local labs, evidence gated exploit chains, memory-assisted learning, and benchmark eval.

ai-agent authorized-testing benchmarking dast pentesting python research security web-security

Last synced: 31 May 2026

https://github.com/adamlahbib/devsecops-boilerplate

DevSecOps boilerplate that syncs the AWS Infrastrcuture, performs comprehensive SAST and DAST checks of the application, and entails advanced out-of-the-box Cloud Native Monitoring and Security solutions, as well as, implementing Kubernetes Policies as Code.

aws crowdsec dast dependabot eks falco grafana grype helm iac kubernetes owasp-top-10 owasp-zap policies prometheus sast terraform

Last synced: 13 Apr 2026

https://github.com/hautph/awesome-devsecops

🚀 Curated resources for shifting security left: SAST, DAST, SCA, Container Security, and Compliance as Code for modern DevOps teams.

awesome-list ci-cd cloud-security compliance-as-code dast devsecops infosec sast security

Last synced: 21 Feb 2026

https://github.com/ridematch1/a.e.g.i.s

AEGIS — Automated Enterprise-Grade Inspection Suite. The paranoid audit tool your vibe-coded app deserves.

audit cli compliance dast gdpr mcp nextjs owasp sast scanner security supabase typescript

Last synced: 21 Apr 2026

https://github.com/fluidfocuschannel/ai-code-review-prompts

Comprehensive AI code review prompts for enterprise development teams. Covers security scanning, SOLID principles, performance optimization, and framework-specific best practices. Ready-to-use with GitHub Copilot, ChatGPT, and Claude for consistent, detailed code quality analysis.

ai codereview dast java prompts sast solid-principles springboot

Last synced: 27 Apr 2026

https://github.com/haikalrfadhilahh/go-ci-devsecops

Package Docker Image for Implementing Continous Integration Security with SCA, SAST, and DAST in Go-Lang

ci-cd dast devsecops docker gosec govulncheck owasp-zap-baseline sast sca

Last synced: 05 May 2026

https://github.com/neuralegion/issue-linker

A CLI tool to link between SAST issues and BrightSec issues

appsec dast sast vulnerability-scanners

Last synced: 08 Jul 2025

https://github.com/fluidattacks/benchmark-infrastructure

The infrastructure for the benchmark includes a set of Vulnerable by Design (VbD) Targets of Evaluation (ToEs) used to measure the speed and accuracy of automated Application Security Testing (AST) tools.

ast benchmark compare cspm dast mpt re sast sca scr

Last synced: 14 Mar 2025