Vulnerability Management
Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications.Explore 128 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
A fuzzer for detecting open redirect vulnerabilities
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
DOM-based XSS vulnerability scanner
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A wargame designed to test your hacking skills and knowledge
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
A collection of 132 exploits added to Packet Storm in April 2024
A collection of 132 exploits added to Packet Storm in April 2024
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool to run YARA rules against node_module folders to identify suspicious scripts
A JavaScript scanner built in PHP for scraping URLs and other information.
A JavaScript scanner built in PHP for scraping URLs and other information.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A Pythonic interface to the Internet Storm Center / DShield API
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
A runtime threat management and attack path enumeration tool for cloud-native environments
A runtime threat management and attack path enumeration tool for cloud-native environments
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
Threat intelligence and digital risk protection platform