Vulnerability Management Tools
Vulnerability management tools for security scanning, penetration testing, bug bounty programs, and vulnerability assessment.
Browse 662 vulnerability management tools
FEATURED
USE CASES
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
A powerful tool for finding and exploiting subdomain takeover vulnerabilities
A simple Python script to test for a hypothetical JWT vulnerability
A Burp extension to check JWT tokens for potential weaknesses
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
WPRecon is a tool for recognizing vulnerabilities and blackbox information for WordPress.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.
A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.
A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.
Vulnerability Management Specializations
662 tools across 5 specializations · 309 free, 353 commercial
Bug Bounty Platforms
Bug bounty platforms that connect organizations with security researchers for crowdsourced vulnerability discovery and responsible disclosure.
Exposure Management
Exposure management solutions for identifying, prioritizing, and remediating security exposures across the entire attack surface.
Penetration Testing
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Vulnerability Management Tools FAQ
Common questions about Vulnerability Management tools, selection guides, pricing, and comparisons.
Vulnerability scanning is automated, runs continuously, and identifies known CVEs and misconfigurations across your infrastructure at scale. Penetration testing is manual, performed periodically (quarterly or annually), and involves skilled testers attempting to exploit vulnerabilities, chain findings, and demonstrate real-world impact. Scanning finds what is vulnerable; pen testing proves what is exploitable.
Prioritize based on exploitability and business impact, not just CVSS score. Consider: is there a known exploit in the wild (CISA KEV catalog), is the asset internet-facing, what data does it hold, and can the vulnerability be chained with others. Risk-based vulnerability management tools combine these factors to rank vulnerabilities by actual risk to your organization.
Vulnerability management focuses on identifying and patching software vulnerabilities (CVEs). Exposure management takes a broader view, encompassing vulnerabilities, misconfigurations, identity weaknesses, and attack path analysis to understand and reduce your overall exposure to attacks. It asks "how could an attacker reach our critical assets?" rather than just "what CVEs do we have?"
