The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)

This page summarizes the projects mentioned and recommended in the original post on /r/SaaS

Our great sponsors
  • Onboard AI - ChatGPT with full context of any GitHub repo.
  • WorkOS - The modern API for authentication & user identity.
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • dirsearch

    Web path scanner


  • ZAP

    The ZAP core project

    OWASP ZAP (open source)

  • Onboard AI

    ChatGPT with full context of any GitHub repo. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

  • recollapse

    REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications


  • soapui

    SoapUI is a free and open source cross-platform functional testing solution for APIs and web services.


  • ffuf

    Fast web fuzzer written in Go


  • nexpose-client

    DEPRECATED: Rapid7 Nexpose API client library written in Ruby


  • thc-hydra



  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • Newman

    Newman is a command-line collection runner for Postman


  • Sublist3r

    Fast subdomains enumeration tool for penetration testers


  • Metasploit

    Metasploit Framework


  • nuclei

    Fast and customizable vulnerability scanner based on simple YAML based DSL.


  • swagger-ui

    Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.


  • SQLMap

    Automatic SQL injection and database takeover tool


  • cli

    Snyk CLI scans and monitors your projects for security vulnerabilities. (by snyk)


  • Apache JMeter

    Apache JMeter open-source load testing tool for analyzing and measuring the performance of a variety of services


  • insomnia

    The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.


  • ESLint

    Find and fix problems in your JavaScript code.

    ESLint (free, open-source option)

  • bandit

    Bandit is a tool designed to find common security issues in Python code.

    Bandit (for Python, open-source and free)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts