Vulnerability Assessment Tools and Resources

Framework

CAI (Cybersecurity AI)

CAI is an open-source framework that enables security professionals to build and deploy AI-powered agents for automated offensive and defensive cybersecurity operations.

0

+7

Resecurity Risk Digital Risk Monitoring Platform

A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.

0

Automation

Dashboard

Resecurity Risk Digital Risk Monitoring Platform

A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.

0

Monitoring

+7

A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.

0

Siemba

A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.

0

+7

OSINTLeak

OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

0

OSINTLeak

OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

0

+7

ImmuniWeb® On-Demand

ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.

0

Web Application Security

Api Security

ImmuniWeb® On-Demand

ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.

0

Web Application Security

Api Security

+7

ImmuniWeb® MobileSuite

ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

0

ImmuniWeb® MobileSuite

ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

0

+11

Beagle Security

An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.

0

Beagle Security

An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.

0

+7

ZeroFox EASM

A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.

0

Asset Discovery

Security Monitoring

Cloud Security

Security Posture

ZeroFox EASM

A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.

0

Asset Discovery

+6

MazeBolt RADAR

An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.

0

Security Monitoring

Security Analysis

Security Automation

Threat Prevention

Monitoring

MazeBolt RADAR

An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.

0

+7

Vulcan Cyber

An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.

0

Vulcan Cyber

An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.

0

Security Automation

+7

Burp Suite Professional

A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.

0

Burp Suite Professional

A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.

0

+7

StrikeOne

StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.

0

Ai

Vulnerability Prioritization

Security Posture

StrikeOne

StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.

0

Ai

+7

XRATOR

XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.

0

Security Posture

XRATOR

XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.

0

+7

Fluid Attacks Continuous Hacking

An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.

0

Fluid Attacks Continuous Hacking

An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.

0

+7

Bima Scanner

An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.

0

Web Security

Scanner

Security Analysis

Javascript

Bima Scanner

An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.

0

Web Security

+6

OpenVAS

OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.

0

Security Automation

OpenVAS

OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.

0

+3

AWVS

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

0

App Security

Web Application Security

AWVS

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

0

App Security

+3

SecurityVulnerability.io

SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.

0

Security Information

SecurityVulnerability.io

SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.

0

+1

Gobuster

A powerful directory/file, DNS and VHost busting tool written in Go.

0

Gobuster

A powerful directory/file, DNS and VHost busting tool written in Go.

0

+1

liffier

A simple snippet to increment ../ on the URL.

0

liffier

A simple snippet to increment ../ on the URL.

0

+2

Subfinder

Fast passive subdomain enumeration tool

0

Subdomain Enumeration

Dns Lookup

Web Scraping

Subfinder

Fast passive subdomain enumeration tool

0

Subdomain Enumeration

Dns Lookup

Web Scraping

+2

Param Miner

A tool for identifying and extracting parameters from HTTP requests and responses

0

Param Miner

A tool for identifying and extracting parameters from HTTP requests and responses

0

+1

parameth

A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.

0

parameth

A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.

0

+3

metahttp

A bash script for scanning a target network for HTTP resources through XXE

0

Xxe

Curl

metahttp

A bash script for scanning a target network for HTTP resources through XXE

0

Xxe

+1

csprecon

A tool to discover new target domains using Content Security Policy

0

Csp

Content Security Policy

Security Research

csprecon

A tool to discover new target domains using Content Security Policy

0

Csp

Content Security Policy

Industrial Control Systems

+2

Siemens Simatic PCS 7 Hardening Tool Version 1.0

A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.

0

Configuration Management

Siemens Simatic PCS 7 Hardening Tool Version 1.0

A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.

0

+7

ThreatDown EDR

Powerfully simple endpoint security solution that takes down threats without interrupting business.

0

Endpoint Security

Antivirus

Incident Response

Endpoint Detection

Patch Management

ThreatDown EDR

Powerfully simple endpoint security solution that takes down threats without interrupting business.

0

Endpoint Security

Antivirus

+3

DefectDojo

OWASP Project for making vulnerability management easier.

0

Collaboration

Owasp

DefectDojo

OWASP Project for making vulnerability management easier.

0

+2

AFE Android Framework for Exploitation

A framework for exploiting Android-based devices and applications

0

Security Research

AFE Android Framework for Exploitation

A framework for exploiting Android-based devices and applications

0

+2

Webhacking.kr

Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.

0

Webhacking.kr

Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.

0

+2

AttackSurfaceMapper

Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.

0

Reconnaissance

Network Discovery

AttackSurfaceMapper

Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.

0

Reconnaissance

Network Discovery

+2

Flan

A vulnerability scanner that helps you identify and fix vulnerabilities in your code

0

Flan

A vulnerability scanner that helps you identify and fix vulnerabilities in your code

0

+2

DefaultCreds-cheat-sheet

A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment

0

DefaultCreds-cheat-sheet

A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment

0

+1

Windows Privilege Escalation Techniques

A list of Windows privilege escalation techniques, categorized and explained in detail.

0

Windows Privilege Escalation Techniques

A list of Windows privilege escalation techniques, categorized and explained in detail.

0

+2

HTB Academy

HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.

0

HTB Academy

HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.

0

+3

Cybersecurity Evaluation Tool (CSET)

CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.

0

Cybersecurity

Cybersecurity Evaluation Tool (CSET)

CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.

0

Cybersecurity

+1

Acunetix Vulnerability Scanner

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

0

Acunetix Vulnerability Scanner

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

0

+4

Cloud Security Suite (cs-suite)

Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.

0

Cloud Security Suite (cs-suite)

Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.

0

+4

Alien Vault Ossim

AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.

0

SIEM

Asset Inventory

Intrusion Detection

Siem

Alien Vault Ossim

AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.

0

SIEM

Asset Inventory

Intrusion Detection

+1

CAPEC

CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.

0

CAPEC

CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.

0

Penetration Testing Execution Standard (PTES)

A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.

0

Penetration Testing Execution Standard (PTES)

A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.

0

+1

Vim Syntax Highlighting for YARA Rules

Vim syntax-highlighting plugin for YARA rules with support up to v4.3.

0

Binary Security

File Analysis

Vim Syntax Highlighting for YARA Rules

Vim syntax-highlighting plugin for YARA rules with support up to v4.3.

0

+2

Attack-Defense Online Lab

Hands-on cybersecurity training and testing platform with 1800+ labs

0

Resources

Attack-Defense Online Lab

Hands-on cybersecurity training and testing platform with 1800+ labs

0

Resources

Kali

Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.

0

Kali

Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.

0

+2

AttackerKB

A platform providing an activity feed on exploited vulnerabilities.

0

Vulnerability Exploitation

Cve

Exploit

AttackerKB

A platform providing an activity feed on exploited vulnerabilities.

0

Vulnerability Exploitation

+2

IntelligenceX

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.

0

IntelligenceX

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.

0

+2

SmashTheStack Wargaming Network

A wargaming network for penetration testers to practice their skills in a realistic environment.

0

SmashTheStack Wargaming Network

A wargaming network for penetration testers to practice their skills in a realistic environment.

0

+2

Nessus Professional

Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.

0

Nessus Professional

Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.

0

+2

BeSECURE Vulnerability Management

A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.

0

BeSECURE Vulnerability Management

A vulnerability assessment and management tool that uses patented technology to accurately identify vulnerabilities and prioritize them by risk.

0

Zero Day Initiative Published Advisories

List of publicly disclosed vulnerabilities with security filters and detailed advisories.

0

Zero Day Initiative Published Advisories

List of publicly disclosed vulnerabilities with security filters and detailed advisories.

0

Rudder

A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.

0

Configuration Management

Patch Management

Rudder

A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.

0

Configuration Management

+3

Paros

A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.

0

Proxy

Xss

Sql Injection

Paros

A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.

0

Proxy

+3

Infection Monkey

An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.

0

Network Reconnaissance