Top 10 Dast Open-Source Projects

ZAP

61 12,033 9.2 Java

The ZAP core project

Project mention: Bruno | news.ycombinator.com | 2024-03-09

I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.
If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.
[1]: https://www.zaproxy.org/

dynamic-analysis

2 877 8.5 Rust

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

Project mention: Static Analysis Tools for C | news.ycombinator.com | 2023-10-26

They keep the dynamic analysis tools in a separate repository: https://github.com/analysis-tools-dev/dynamic-analysis
Both repos link each other close to the tops of their respective readmes. Annoyingly, though, their dynamic webstite seems to only include the static tools.

InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
ThreatPlaybook

2 268 0.0 Python

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
sechub

1 247 9.7 Java

SecHub provides a central API to test software with different security tools.
dastardly-github-action

1 216 3.5 Dockerfile

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
lotus

4 65 7.1 Rust

:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab: (by BugBlocker)
cd

1 49 5.9 Shell

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
SaaSHub

www.saashub.com featured

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
faraday_plugins

1 45 8.2 Python

Security tools report parsers for Faradaysec.com
owasp-zap-fileupload-addon

2 19 5.2 Java

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
soos-dast

1 6 8.4 Python

SOOS DAST - The affordable no limit web vulnerability scanner

Project mention: OWASP ZAP and Jenkins | /r/devops | 2023-05-04

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Dast related posts

Is this fraud? And if so, to what extent am I responsible?

1 project | news.ycombinator.com | 16 Sep 2023
How can i make web server from scratch

2 projects | /r/webdev | 24 Apr 2023
🔒Security Tips for Frontend

1 project | dev.to | 14 Apr 2023
Is it normal for library security patches to be ignored?

1 project | /r/ExperiencedDevs | 29 Nov 2022
How to Become a Pirate Archivist

2 projects | news.ycombinator.com | 17 Oct 2022
How to Automate OWASP ZAP

1 project | dev.to | 14 Sep 2022
Is learning Burpsuite worth it?

1 project | /r/hacking | 13 Sep 2022
A note from our sponsor - InfluxDB
www.influxdata.com | 14 May 2024

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

What are some of the best open-source Dast projects? This list will help you:

	Project	Stars
1	ZAP	12,033
2	dynamic-analysis	877
3	ThreatPlaybook	268
4	sechub	247
5	dastardly-github-action	216
6	lotus	65
7	cd	49
8	faraday_plugins	45
9	owasp-zap-fileupload-addon	19
10	soos-dast	6