Vulnerability Management Tools
Vulnerability management tools for security scanning, penetration testing, bug bounty programs, and vulnerability assessment.
Browse 662 vulnerability management tools
FEATURED
USE CASES
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
Automatic tool for pentesting XSS attacks against different applications
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Tool for attacking Active Directory environments through SQL Server access.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.
A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities
A tool for automated security scanning of web applications and manual penetration testing.
Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Vulnerability Management Specializations
662 tools across 5 specializations · 309 free, 353 commercial
Bug Bounty Platforms
Bug bounty platforms that connect organizations with security researchers for crowdsourced vulnerability discovery and responsible disclosure.
Exposure Management
Exposure management solutions for identifying, prioritizing, and remediating security exposures across the entire attack surface.
Penetration Testing
Penetration testing tools and frameworks for manual security testing, exploit development, and vulnerability validation.
Vulnerability Management Tools FAQ
Common questions about Vulnerability Management tools, selection guides, pricing, and comparisons.
Vulnerability scanning is automated, runs continuously, and identifies known CVEs and misconfigurations across your infrastructure at scale. Penetration testing is manual, performed periodically (quarterly or annually), and involves skilled testers attempting to exploit vulnerabilities, chain findings, and demonstrate real-world impact. Scanning finds what is vulnerable; pen testing proves what is exploitable.
Prioritize based on exploitability and business impact, not just CVSS score. Consider: is there a known exploit in the wild (CISA KEV catalog), is the asset internet-facing, what data does it hold, and can the vulnerability be chained with others. Risk-based vulnerability management tools combine these factors to rank vulnerabilities by actual risk to your organization.
Vulnerability management focuses on identifying and patching software vulnerabilities (CVEs). Exposure management takes a broader view, encompassing vulnerabilities, misconfigurations, identity weaknesses, and attack path analysis to understand and reduce your overall exposure to attacks. It asks "how could an attacker reach our critical assets?" rather than just "what CVEs do we have?"
Based on user ratings and community engagement on CybersecTools, the top-rated Vulnerability Management tools are:
