Vulnerability Management for Open Source

DefectDojo

Open-source vuln management platform with automated triage and ASPM.

Labrador IVAS

Integrated portal for open source vulnerability analysis and action plan mgmt.

Labrador Server Care

Periodically scans servers for open source SW vulnerabilities and license issues.

Oligo Runtime Vulnerability Mgmt

Runtime tool that identifies truly exploitable open-source vulns in production.

Guardian360 Quickscan WP Plugin

WordPress plugin for website security scanning via the Guardian360 API.

DeployHub Automated Vulnerability Detection Platform

Continuous vulnerability detection platform for live production environments

ProjectDiscovery Nuclei

Vulnerability scanner using templates to scan apps, cloud, and networks

Attify AttifyOS

Penetration testing distro for IoT device security assessment

Greenbone OPENVAS AI

AI assistant that transforms OpenVAS scans into prioritized remediation plans

Greenbone OPENVAS SCAN

Vulnerability scanning appliance for IT infrastructure attack surface reduction

SaltWorks SaltMiner Community

Pen test management and reporting platform for manual assessments

Aqua Trivy

Open source vulnerability & IaC scanner for containers & cloud native apps

Dradis Community Edition (CE)

Open-source platform for pentest reporting and security team collaboration

OpenVAS

OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.

CloudJack

Assesses AWS accounts for subdomain hijacking via Route53/CloudFront

bounty-targets-data

A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.

Sn1per

An open-source attack surface management platform for identifying and managing vulnerabilities

Git-Vuln-Finder

A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages

Shadow Workers

Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.

Dalfox

Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.

ParamPamPam

ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.

WeirdAAL (AWS Attack Library)

WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.

MetaHub

MetaHub is an open-source vulnerability management tool that provides impact-contextual analysis of security findings in AWS environments through automated contextualization, ownership identification, and prioritization scoring.

Recon-ng Framework

A full-featured reconnaissance framework for web-based reconnaissance with a modular design.