Red - Web App Hacking

Web App Testing Resources



There is a bug bounty focused search engine at that can point you in the direction of tools, attacks, methodology, writeups, anything you want. It is amazing.

Resource Collections

Bug Bounty


Resources and Reference

Web App Testing Frameworks

Scanning Utilities

Mapping the Site

Web Technologies

Attacks and Vulnerabilities

Misc Tools

Training and Resources

For resources including offensive security courses, books, CTFs and much more, please check out the Training and Resources section of this guide.
  • ​crAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.