Vulnerability Management for Misconfiguration

Quantara AI Threat & Exposure Management

AI-driven platform that prioritizes cyber exposures by financial impact.

SafeHill SecureIQ

AI-powered TEM platform covering external, internal, cloud, code & web security.

Galileo Security

Exposure management platform for asset discovery, risk prioritization & remediation.

ZEST Security

Agentic cloud exposure management platform with AI-driven remediation.

Veriti

Exposure assessment platform for safe remediation of misconfigs and vulns.

Reach Security Tool Optimization

Optimizes security tool configs by fixing misconfigs & activating unused features.

Reach Security - MS E3/E5 Optimization

Optimizes Microsoft E3/E5 security configs using real-world attack data.

Reach Security Posture Visibility & Control

Centralized platform for continuous security posture visibility and control.

ditno Threat Exposure

Network attack path analysis tool mapping vuln exploitation paths to critical assets.

Rebasoft Secure Configuration

Checks device config settings against standards to detect misconfigurations

Axonius Exposure Management

Platform for unified exposure mgmt across IT assets and security tools

Balbix Vulnerability Management

AI-powered vuln & exposure mgmt platform with risk prioritization & automation

Trickest Vulnerability Scanning

Customizable vulnerability scanning platform for infrastructure and applications

Halo Security Server Scanning

External server vulnerability scanning for CVEs, patches, and misconfigurations

Semperis Purple Knight

Free AD, Entra ID, and Okta security assessment tool for vulnerability scanning

kicks3

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

mass-s3-bucket-tester

A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.

off-by-slash

A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.

CorsMe

CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.

CORStest

A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.

CORSy

A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.

S3Scanner

S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.