Security Scanning Tools
Automated security scanners for web applications, networks, and infrastructure vulnerability detection and assessment.
Browse 114 security scanning tools
FEATURED
USE CASES
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
A security analysis tool that detects and analyzes open redirection vulnerabilities in web applications.
Command line tool for testing CRLF injection on a list of domains.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
A JavaScript scanner built in PHP for scraping URLs and other information.
DirSearch is a simple tool for finding files and directories on a web server.
FingerprintX is a standalone utility for service discovery on open ports.
A fast and multi-purpose HTTP toolkit for sending HTTP requests and parsing responses
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
A tool for automated security scanning of web applications and manual penetration testing.
Security Scanning Tools FAQ
Common questions about Security Scanning tools, selection guides, pricing, and comparisons.
Scan frequency depends on asset criticality and change rate: internet-facing assets should be scanned continuously or daily, internal critical systems weekly, and all other systems at least monthly. Additionally, run scans after any significant infrastructure changes, new deployments, or when critical CVEs are published. Compliance frameworks like PCI DSS require at least quarterly external scans.
