Vulnerability Detection
Explore 70 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Black Duck is an application security platform that provides software composition analysis and supply chain security capabilities to identify vulnerabilities, ensure license compliance, and manage SBOMs throughout the software development lifecycle.
A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
TrojAI is an AI security platform that detects vulnerabilities in AI models and defends against attacks on AI applications.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A simple snippet to increment ../ on the URL.
A small script to check a list of domains against open redirect vulnerability
A multithreaded vulnerability scanner for web-based applications
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
A Burp extension for scanning JavaScript files for endpoint links
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A tool for identifying sensitive secrets in public GitHub repositories
Pre-commit hook for validating outgoing changeset
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A tool for analyzing pentest screenshots using a convolutional neural network
JavaScript library scanner and SBOM generator
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A sensitive data detection tool for scanning source code repositories
IronBee is an open source project building a universal web application security sensor.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A comprehensive collection of security assessment lists for security testers.
Web server scanner for identifying security vulnerabilities.
OWASP Project for making vulnerability management easier.
A tool to scan for CORS misconfigurations in web applications
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A tool for identifying potential security vulnerabilities in web applications
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
Tool to inform about potential risks in project dependencies list.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
A honeypot for the Log4Shell vulnerability (CVE-2021-44228) with various detection and logging features.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A tool for dynamic analysis of mobile applications in a controlled environment.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
A tool that reveals invisible links within JavaScript files
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
A platform providing an activity feed on exploited vulnerabilities.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
ESLint plugin to prevent Trojan Source attacks.
Identifies misconfigured CloudFront domains vulnerable to hijacking
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Vulnerable Android application for learning security concepts.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.