Vulnerability Management Tools
Vulnerability management tools for security scanning, penetration testing, bug bounty programs, and vulnerability assessment.
Browse 662 vulnerability management tools
FEATURED
USE CASES
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
A bash script for scanning a target network for HTTP resources through XXE
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.
A collection of XSS payloads designed to turn alert(1) into P1
Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
Vulnerability Management Specializations
662 tools across 5 specializations · 309 free, 353 commercial
Bug Bounty Platforms
Bug bounty platforms that connect organizations with security researchers for crowdsourced vulnerability discovery and responsible disclosure.
Exposure Management
Exposure management solutions for identifying, prioritizing, and remediating security exposures across the entire attack surface.
Penetration Testing
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Vulnerability Management Tools FAQ
Common questions about Vulnerability Management tools, selection guides, pricing, and comparisons.
Vulnerability scanning is automated, runs continuously, and identifies known CVEs and misconfigurations across your infrastructure at scale. Penetration testing is manual, performed periodically (quarterly or annually), and involves skilled testers attempting to exploit vulnerabilities, chain findings, and demonstrate real-world impact. Scanning finds what is vulnerable; pen testing proves what is exploitable.
Prioritize based on exploitability and business impact, not just CVSS score. Consider: is there a known exploit in the wild (CISA KEV catalog), is the asset internet-facing, what data does it hold, and can the vulnerability be chained with others. Risk-based vulnerability management tools combine these factors to rank vulnerabilities by actual risk to your organization.
Vulnerability management focuses on identifying and patching software vulnerabilities (CVEs). Exposure management takes a broader view, encompassing vulnerabilities, misconfigurations, identity weaknesses, and attack path analysis to understand and reduce your overall exposure to attacks. It asks "how could an attacker reach our critical assets?" rather than just "what CVEs do we have?"
