Shadowd – The Shadow Daemon Web Application Firewall

Shadowd (Shadow Daemon) is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall

Droopescan – Plugin-based Scanner for Several CMSs

Droopescan is a plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets

w3af – Web Application Attack and Audit Framework

w3af is a not a standard web application scanner but it is an advanced framework that may allow penetration tester to make automated

sqlmap – Automatic SQL Injection Tool

sqlmap is an advance open source tool for penetration testing that automate the process of searching and performing SQL injection.

Talisman – Tool to Prevent Secrets from Getting Checked in

Talisman is a tool is to validate code changes that are to be pushed out of a local Git repository on a developer’s workstation.

Archery – Centralize Vulnerability Assessment Framework

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities.

NAXSI – Low Rules Maintenance WAF for NGINX

NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms.