Vulnerability Detection
Explore 62 curated tools and resources
LATEST ADDITIONS
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
TrojAI is an AI security platform that detects vulnerabilities in AI models and defends against attacks on AI applications.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A simple snippet to increment ../ on the URL.
A small script to check a list of domains against open redirect vulnerability
A multithreaded vulnerability scanner for web-based applications
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
A Burp extension for scanning JavaScript files for endpoint links
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A tool for identifying sensitive secrets in public GitHub repositories
Pre-commit hook for validating outgoing changeset
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A tool for analyzing pentest screenshots using a convolutional neural network
JavaScript library scanner and SBOM generator
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A sensitive data detection tool for scanning source code repositories
IronBee is an open source project building a universal web application security sensor.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A comprehensive collection of security assessment lists for security testers.
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A tool to scan for CORS misconfigurations in web applications
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A tool for identifying potential security vulnerabilities in web applications
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
Tool to inform about potential risks in project dependencies list.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A tool for dynamic analysis of mobile applications in a controlled environment.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
A tool that reveals invisible links within JavaScript files
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
A platform providing an activity feed on exploited vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
ESLint plugin to prevent Trojan Source attacks.
Identifies misconfigured CloudFront domains vulnerable to hijacking
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Vulnerable Android application for learning security concepts.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security