The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Automated Security Testing For REST API's

OWASP CRS (Official Repository)

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more

Maryam: Open-source Intelligence(OSINT) Framework

OWASP WEB Directory Scanner

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

OWASP Honeypot, Automated Deception Framework.

OWASP Domain Protect - prevent subdomain takeover

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

The DevSecOps toolset for REST APIs

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments