Vulnerability Management Tools
Vulnerability management tools for security scanning, penetration testing, bug bounty programs, and vulnerability assessment.
Browse 662 vulnerability management tools
FEATURED
USE CASES
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.
A security analysis tool that detects and analyzes open redirection vulnerabilities in web applications.
Automatic authorization enforcement detection extension for Burp Suite
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A tool for identifying and analyzing Java serialized objects in network traffic
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
Command line tool for testing CRLF injection on a list of domains.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
Vulnerability Management Specializations
662 tools across 5 specializations · 309 free, 353 commercial
Bug Bounty Platforms
Bug bounty platforms that connect organizations with security researchers for crowdsourced vulnerability discovery and responsible disclosure.
Exposure Management
Exposure management solutions for identifying, prioritizing, and remediating security exposures across the entire attack surface.
Penetration Testing
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Vulnerability Management Tools FAQ
Common questions about Vulnerability Management tools, selection guides, pricing, and comparisons.
Vulnerability scanning is automated, runs continuously, and identifies known CVEs and misconfigurations across your infrastructure at scale. Penetration testing is manual, performed periodically (quarterly or annually), and involves skilled testers attempting to exploit vulnerabilities, chain findings, and demonstrate real-world impact. Scanning finds what is vulnerable; pen testing proves what is exploitable.
Prioritize based on exploitability and business impact, not just CVSS score. Consider: is there a known exploit in the wild (CISA KEV catalog), is the asset internet-facing, what data does it hold, and can the vulnerability be chained with others. Risk-based vulnerability management tools combine these factors to rank vulnerabilities by actual risk to your organization.
Vulnerability management focuses on identifying and patching software vulnerabilities (CVEs). Exposure management takes a broader view, encompassing vulnerabilities, misconfigurations, identity weaknesses, and attack path analysis to understand and reduce your overall exposure to attacks. It asks "how could an attacker reach our critical assets?" rather than just "what CVEs do we have?"
