Vulnerability Management
Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications.Explore 165 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.
A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A script that checks for common best-practices around deploying Docker containers in production.
A script that checks for common best-practices around deploying Docker containers in production.
A runtime threat management and attack path enumeration tool for cloud-native environments
A runtime threat management and attack path enumeration tool for cloud-native environments
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
A repository of open-source plugins for Rapid7 InsightConnect
A repository of open-source plugins for Rapid7 InsightConnect
A framework for building code injection vulnerability testbeds
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
Threat intelligence and digital risk protection platform
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
A collection of Ansible roles for hardening various systems and services
A collection of Ansible roles for hardening various systems and services
Check for known vulnerabilities in your Node.js installation.
Check for known vulnerabilities in your Node.js installation.
An open-source tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code
An open-source tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Donate to your favorite open-source projects and charities using PayPal
Donate to your favorite open-source projects and charities using PayPal
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
A series of small test cases designed to exercise different parts of a static security analyzer
A series of small test cases designed to exercise different parts of a static security analyzer
A tool for detecting and exploiting Android application vulnerabilities
A tool for detecting and exploiting Android application vulnerabilities
A comprehensive online resource for application security knowledge
A comprehensive online resource for application security knowledge
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.