Vulnerability Detection
Explore 82 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
ZeroThreat is a cloud-based DAST platform that provides automated penetration testing and vulnerability detection for web applications and APIs with AI-driven remediation guidance.
ZeroThreat is a cloud-based DAST platform that provides automated penetration testing and vulnerability detection for web applications and APIs with AI-driven remediation guidance.
A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.
A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.
An IDE-integrated AI security solution that detects, remediates, and educates about code vulnerabilities in real-time as developers write code.
An IDE-integrated AI security solution that detects, remediates, and educates about code vulnerabilities in real-time as developers write code.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.
An automated DDoS vulnerability testing platform that continuously evaluates DDoS protection systems without causing operational downtime.
A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.
A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
An API security platform that provides automated security testing, runtime protection, and lifecycle management for APIs through integrated tools and controls.
An API security platform that provides automated security testing, runtime protection, and lifecycle management for APIs through integrated tools and controls.
An API security solution that provides continuous discovery, classification, and protection of APIs across environments while integrating with existing security infrastructure to prevent attacks and business logic abuse.
An API security solution that provides continuous discovery, classification, and protection of APIs across environments while integrating with existing security infrastructure to prevent attacks and business logic abuse.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Black Duck is an application security platform that provides software composition analysis and supply chain security capabilities to identify vulnerabilities, ensure license compliance, and manage SBOMs throughout the software development lifecycle.
Black Duck is an application security platform that provides software composition analysis and supply chain security capabilities to identify vulnerabilities, ensure license compliance, and manage SBOMs throughout the software development lifecycle.
A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.
A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.
A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.
A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
TrojAI is an AI security platform that detects vulnerabilities in AI models and defends against attacks on AI applications.
TrojAI is an AI security platform that detects vulnerabilities in AI models and defends against attacks on AI applications.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A simple snippet to increment ../ on the URL.
A small script to check a list of domains against open redirect vulnerability
A small script to check a list of domains against open redirect vulnerability
A multithreaded vulnerability scanner for web-based applications
A tool to fuzz query strings and identify vulnerabilities
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
A Burp extension for scanning JavaScript files for endpoint links
A Burp extension for scanning JavaScript files for endpoint links
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A tool for identifying sensitive secrets in public GitHub repositories
Pre-commit hook for validating outgoing changeset
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A tool for analyzing pentest screenshots using a convolutional neural network
A tool for analyzing pentest screenshots using a convolutional neural network
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
JavaScript library scanner and SBOM generator
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A sensitive data detection tool for scanning source code repositories
IronBee is an open source project building a universal web application security sensor.
IronBee is an open source project building a universal web application security sensor.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A comprehensive collection of security assessment lists for security testers.
A comprehensive collection of security assessment lists for security testers.
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A tool to scan for CORS misconfigurations in web applications
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A tool for identifying potential security vulnerabilities in web applications
A tool for identifying potential security vulnerabilities in web applications
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
Tool to inform about potential risks in project dependencies list.
Tool to inform about potential risks in project dependencies list.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A tool for dynamic analysis of mobile applications in a controlled environment.
A tool for dynamic analysis of mobile applications in a controlled environment.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
Detects and prevents SSRF attacks
A tool that reveals invisible links within JavaScript files
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
A platform providing an activity feed on exploited vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
ESLint plugin to prevent Trojan Source attacks.
ESLint plugin to prevent Trojan Source attacks.
Identifies misconfigured CloudFront domains vulnerable to hijacking
Identifies misconfigured CloudFront domains vulnerable to hijacking
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Vulnerable Android application for learning security concepts.
Vulnerable Android application for learning security concepts.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.