Vulnerability Detection

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.

An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.

A tool for dynamic analysis of mobile applications in a controlled environment.

A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.

Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.

Detects and prevents SSRF attacks

A tool that reveals invisible links within JavaScript files

A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server

A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.

A platform providing an activity feed on exploited vulnerabilities.

A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.

ESLint plugin to prevent Trojan Source attacks.

CloudFrunt identifies misconfigured Amazon CloudFront domains that are vulnerable to hijacking due to improper CNAME configuration.

An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.

CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.

A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.

List of publicly disclosed vulnerabilities with security filters and detailed advisories.

Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.