Vulnerability Management
Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications.Explore 129 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.
CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.
XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.
XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library with a focus on speed, reliability, and ease of integration.
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library with a focus on speed, reliability, and ease of integration.
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A non-profit organization focused on improving the security of software through resources and training.
A non-profit organization focused on improving the security of software through resources and training.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
tfsec is being replaced by Trivy, a more comprehensive open-source security solution
tfsec is being replaced by Trivy, a more comprehensive open-source security solution
Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.
Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.
Simple script to check a domain's email protections and identify vulnerabilities.
Simple script to check a domain's email protections and identify vulnerabilities.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
A comprehensive database of exploits and vulnerabilities for researchers and professionals
Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.
Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.
Weekly security newsletter with advisories from major software vendors
Weekly security newsletter with advisories from major software vendors
Web-application vulnerability scanner with extensive coverage of security testing modules.
Web-application vulnerability scanner with extensive coverage of security testing modules.
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Fuzzapi is a Rails application with a user-friendly UI for API_Fuzzer gem and Docker setup.