vulnerability-scanning

93 tools and resources

NEW

RoboShadow Logo

RoboShadow

0 (0)

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

Vulnerability Management
Commercial
windowsantivirusasset-inventoryattack-pathsauditingautomationdata-securityendpoint-securitypenetration-testingvulnerability-scanning
AWVS Logo

AWVS

0 (0)

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

Vulnerability Management
Free
appsecapp-securityweb-app-securityvulnerability-scanningvulnerability-assessmentweb-application-security
BruteXSS Logo

BruteXSS

0 (0)

A tool to find XSS vulnerabilities in web applications

Malware Analysis
Free
xssvulnerability-scanningweb-securityweb-application-securitysecurity-testing
Sn1per Logo

Sn1per

0 (0)

An open-source attack surface management platform for identifying and managing vulnerabilities

Vulnerability Management
Free
attack-surfacevulnerability-scanningasset-discoverysecurity-posture
cors-scanner Logo

cors-scanner

0 (0)

A multi-threaded scanner for identifying CORS flaws and misconfigurations

Network Security
Free
corsscannerweb-securityvulnerability-scanningmulti-threadedweb-app-security
dom-red Logo

dom-red

0 (0)

A small script to check a list of domains against open redirect vulnerability

Vulnerability Management
Free
open-redirectvulnerability-scanningdomain-checkcommand-line-toolsecurity-testingvulnerability-detection
SQLi-Hunter Logo

SQLi-Hunter

0 (0)

A tool for finding and exploiting SQL injection vulnerabilities in web applications

Malware Analysis
Free
appsecappsec-toolsql-injectionvulnerability-scanningweb-app-security
WPRecon Logo

WPRecon

0 (0)

WPRecon is a tool for recognizing vulnerabilities and blackbox information for WordPress.

Application Security
Free
wordpressvulnerability-scanning
XSpear Logo

XSpear

0 (0)

A powerful XSS scanning and parameter analysis tool

Offensive Security
Free
xssscanningsecurity-testingvulnerability-scanning
Eagle Logo

Eagle

0 (0)

A multithreaded vulnerability scanner for web-based applications

Vulnerability Management
Free
vulnerability-scanningweb-application-securityvulnerability-detectionweb-security
SSRFire Logo

SSRFire

0 (0)

Automated SSRF finder with options for XSS and open redirects

Network Security
Free
ssrfxssopen-redirectvulnerability-scanningweb-app-security
surf Logo

surf

0 (0)

A tool to escalate SSRF vulnerabilities on modern cloud environments

Network Security
Free
ssrfcloud-securityvulnerability-scanningsecurity-testingpentest
XSSwagger Logo

XSSwagger

0 (0)

A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks

Application Security
Free
xssvulnerability-scanningsecurity-auditdevsecopssecurity-testing
SubOver Logo

SubOver

0 (0)

A powerful tool for finding and exploiting subdomain takeover vulnerabilities

Honeypots
Free
subdomain-takeoversubdomain-scanningvulnerability-scanningsecurity-research
dotdotpwn Logo

dotdotpwn

0 (0)

A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.

Honeypots
Free
directory-traversalfuzzervulnerability-scanningexploitationweb-app-securitypenetration-testing
extended-ssrf-search Logo

extended-ssrf-search

0 (0)

A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.

Network Security
Free
ssrfweb-application-securityvulnerability-scanningpenetration-testingsecurity-research
jaeles Logo

jaeles

0 (0)

Automated web application testing tool

Application Security
Free
appsecweb-application-securityvulnerability-scanningsecurity-testing
headi Logo

headi

0 (0)

A tool for automated HTTP header injection

Application Security
Free
security-testingvulnerability-scanningweb-application-security
xssValidator Logo

xssValidator

0 (0)

A Burp intruder extender for automating and validating XSS vulnerabilities

Malware Analysis
Free
appsecxssautomationvulnerability-scanning
Oralyzer Logo

Oralyzer

0 (0)

Open Redirection Analyzer

Application Security
Free
appsecvulnerability-scanningweb-app-securitysecurity-researchdevsecops
NoSql Injection CLI tool Logo

NoSql Injection CLI tool

0 (0)

A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases

Malware Analysis
Free
mongodbvulnerability-scanningsecurity-testingcli-tooldatabase-security
extended-xss-search Logo

extended-xss-search

0 (0)

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

Malware Analysis
Free
xssxss-scannerweb-securityvulnerability-scanning
takeover Logo

takeover

0 (0)

A tool for testing subdomain takeover possibilities at a mass scale.

Honeypots
Free
subdomain-takeovermass-scanningcsv-outputsecurity-testingvulnerability-scanning
SSRF-Sheriff Logo

SSRF-Sheriff

0 (0)

A simple SSRF-testing sheriff written in Go

Offensive Security
Free
ssrfgoweb-securityvulnerability-scanning
Turbo Intruder Logo

Turbo Intruder

0 (0)

A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Offensive Security
Free
burp-suitevulnerability-scanninghttp-requestspenetration-testingsecurity-testing
Arjun Logo

Arjun

0 (0)

HTTP parameter discovery suite

Vulnerability Management
Free
httpvulnerability-scanningpenetration-testingsecurity-research
Injectus Logo

Injectus

0 (0)

A CRLF and open redirect fuzzer

Offensive Security
Free
fuzzeropen-redirectsecurity-testingvulnerability-scanning
Burp Anonymous Cloud Logo

Burp Anonymous Cloud

0 (0)

Burp extension for identifying cloud buckets and testing for vulnerabilities

Cloud and Container Security
Free
cloud-securityvulnerability-scanningshodan
DOMXSS Scanner Logo

DOMXSS Scanner

0 (0)

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

Application Security
Free
xssvulnerability-scanningsource-code-analysisweb-securitysecurity-testing
kube-hunter Logo

kube-hunter

0 (0)

kube-hunter hunts for security weaknesses in Kubernetes clusters.

Vulnerability Management
Free
kuberneteskubernetes-securitycontainer-securitycloud-securityvulnerability-scanning
xsshunter Logo

xsshunter

0 (0)

A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware Analysis
Free
xssweb-application-securityvulnerability-scanning
dom-based-xss-finder Logo

dom-based-xss-finder

0 (0)

DOM-based XSS vulnerability scanner

Vulnerability Management
Free
xssweb-application-securityvulnerability-scanningchrome-extension
AuditJS Logo

AuditJS

0 (0)

Audits JavaScript projects for known vulnerabilities and outdated package versions using OSS Index v3 REST API.

Vulnerability Management
Free
appsecnpmyarnvulnerability-scanningpackage-manager
npm-scan Logo

npm-scan

0 (0)

An extensible, heuristic-based vulnerability scanning tool for installed npm packages.

Vulnerability Management
Free
npmvulnerability-scanningsecurity-auditnodejs
hakrawler Logo

hakrawler

0 (0)

A simple, fast web crawler for discovering endpoints and assets in a web application

Offensive Security
Free
crawlerweb-crawlerweb-securityvulnerability-scanningpenetration-testingsecurity-research
InsightAppSec Logo

InsightAppSec

0 (0)

Dynamic application security testing tool for identifying and fixing web application vulnerabilities.

Application Security
Commercial
appsecapplication-securityweb-application-securityvulnerability-scanning
Git Scanner Framework Logo

Git Scanner Framework

0 (0)

A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.

Vulnerability Management
Free
bug-bountypentestingweb-scanningvulnerability-scanningweb-security

Acunetix Web Vulnerability Scanner Demonstration Site

0 (0)

A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.

Vulnerability Management
Free
vulnerability-scanningweb-app-securitysql-injectiondirectory-traversalweb-securitypenetration-testing
Bearer CLI Logo

Bearer CLI

0 (0)

Static application security testing (SAST) tool for scanning source code against security and privacy risks.

Application Security
Free
appsecsaststatic-analysissecurity-testingvulnerability-scanningcode-security
Rexsser Logo

Rexsser

0 (0)

A Burp plugin for identifying potential vulnerabilities in web applications

Malware Analysis
Free
appsecbug-bountycvesecurity-researchvulnerability-scanningxss
ThreatMapper Logo

ThreatMapper

0 (0)

A runtime threat management and attack path enumeration tool for cloud-native environments

Vulnerability Management
Free
threat-huntingthreat-detectionvulnerability-scanningsecurity-incident-response
Flan Logo

Flan

0 (0)

A vulnerability scanner that helps you identify and fix vulnerabilities in your code

Vulnerability Management
Free
vulnerability-scanningvulnerability-detectionsecurity-testingpenetration-testingvulnerability-assessment
FullHunt Logo

FullHunt

0 (0)

FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.

Vulnerability Management
Free
attack-surfaceasset-discoveryvulnerability-scanningsecurity-platform
is-my-node-vulnerable Logo

is-my-node-vulnerable

0 (0)

Check for known vulnerabilities in your Node.js installation.

Vulnerability Management
Free
nodejsvulnerability-scanningvulnerability-management
altdns Logo

altdns

0 (0)

A tool for generating permutations, alterations and mutations of subdomains and resolving them

Honeypots
Free
penetration-testingvulnerability-scanning
SUDO_KILLER Logo

SUDO_KILLER

0 (0)

A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.

IAM & Credential Management
Free
linuxprivilege-escalationvulnerability-scanningexploitation
bundler-audit Logo

bundler-audit

0 (0)

Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.

Vulnerability Management
Free
rubyvulnerability-scanningsecurity-audit
Gopherus Logo

Gopherus

0 (0)

A tool for exploiting SSRF and gaining RCE in various servers

Honeypots
Free
ssrfrceexploitvulnerability-scanningweb-app-security
Securibench Micro Logo

Securibench Micro

0 (0)

A series of small test cases designed to exercise different parts of a static security analyzer

Vulnerability Management
Free
appsecapparmorappsec-testingsecurity-testingvulnerability-scanningpenetration-testing
timing_attack Logo

timing_attack

0 (0)

A tool to profile web applications based on response time discrepancies.

Application Security
Free
web-app-securityvulnerability-scanningtiming-attackweb-application-securitypenetration-testingsecurity-testing
LAMPSecurity Training Logo

LAMPSecurity Training

0 (0)

A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.

Training and Resources
Free
appsecvulnerable-applicationsvulnerability-scanningpenetration-testingsecurity-traininglinuxapachephpmysqlsecurity-testing
Quick Android Review Kit Logo

Quick Android Review Kit

0 (0)

A tool for detecting and exploiting Android application vulnerabilities

Vulnerability Management
Free
appsecapp-securityvulnerability-scanningvulnerability-exploitationproof-of-concept
second-order Logo

second-order

0 (0)

Second-order subdomain takeover scanner

Digital Forensics
Free
subdomain-takeovervulnerability-scanningsecurity-auditsecurity-scanning
npq Logo

npq

0 (0)

A tool that safely installs packages with npm/yarn by auditing them as part of your install process.

Application Security
Free
npmyarnpackage-managementsecurity-auditvulnerability-scanningpackage-audit
Android Vulnerability Test Suite Logo

Android Vulnerability Test Suite

0 (0)

A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.

Vulnerability Management
Free
vulnerability-scanningattack-surfacedevice-securitypatch-management
WPScan Logo

WPScan

0 (0)

WordPress security scanner for identifying vulnerabilities in WordPress websites.

Vulnerability Management
Free
wordpressrubycurlvulnerability-scanning
Linux Exploit Suggester 2 Logo

Linux Exploit Suggester 2

0 (0)

Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.

Vulnerability Management
Free
exploitlinuxprivilege-escalationvulnerability-scanningcve
AndroBugs Framework Logo

AndroBugs Framework

0 (0)

Android vulnerability analysis system with efficient scanning and high accuracy.

Specialized Security
Free
appsecapp-securityvulnerability-analysisvulnerability-scanningsecurity-testing
sqliv Logo

sqliv

0 (0)

A massive SQL injection vulnerability scanner

Vulnerability Management
Free
sql-injectionvulnerability-scanningscannersecurity-testingpenetration-testing
Pagodo Logo

Pagodo

0 (0)

Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.

Vulnerability Management
Free
vulnerability-scanningpenetration-testingsecurity-research
Nessus Cheat Sheet Logo

Nessus Cheat Sheet

0 (0)

A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.

Training and Resources
Free
appsecvulnerability-scanningscannerpluginsecurity-testing
aem-hacker Logo

aem-hacker

0 (0)

AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.

Offensive Security
Free
offensive-securityvulnerability-scanningexploitationweb-crawler
is-website-vulnerable Logo

is-website-vulnerable

0 (0)

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Vulnerability Management
Free
appsecjavascriptvulnerability-scanningweb-securitynodejs
Terrascan Logo

Terrascan

0 (0)

Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.

Application Security
Free
appsecawsazurecloudcompliancedockergcpinfrastructure-as-codekubernetessecurityterraformvulnerability-scanning
N-Stalker Logo

N-Stalker

0 (0)

A web security tool that scans for vulnerabilities and known attacks.

Application Security
Free
appsecdevsecopsvulnerability-scanningweb-securityxsssql-injection
sqlmap Logo

sqlmap

0 (0)

Automates SQL injection detection and exploitation

Vulnerability Management
Free
sql-injectionpenetration-testingdatabase-securityvulnerability-scanning
Windows Exploit Suggester Logo

Windows Exploit Suggester

0 (0)

Compares target's patch levels against Microsoft vulnerability database and detects missing patches.

Vulnerability Management
Free
patch-managementvulnerability-scanningwindowsmicrosoftmetasploit
Acunetix Web Vulnerability Scanner Demo Site Logo

Acunetix Web Vulnerability Scanner Demo Site

0 (0)

A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.

Vulnerability Management
Free
appsecapp-securityvulnerability-scanningweb-app-securitysql-injectionxss
Dockerscan Logo

Dockerscan

0 (0)

A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments

Vulnerability Management
Free
dockerdocker-securitycontainer-securitynetwork-securityvulnerability-scanningsecurity-audit
XSSer Logo

XSSer

0 (0)

Automatic tool for pentesting XSS attacks against different applications

Application Security
Free
xsspentestingweb-app-securityvulnerability-scanningsecurity-research
Sherlock PowerShell Script Logo

Sherlock PowerShell Script

0 (0)

Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.

Vulnerability Management
Free
patch-managementvulnerability-scanningpowershellsecurity-audit
Metasploit Framework Logo

Metasploit Framework

0 (0)

A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.

Offensive Security
Free
penetration-testingmetasploitvulnerability-scanningsecurity-testingpenetration-testing-framework
Yasuo Logo

Yasuo

0 (0)

A ruby script that scans for vulnerable 3rd-party web applications

Vulnerability Management
Free
appsecappsec-toolvulnerability-scanningweb-application-securityred-teampenetration-testing
w3af Logo

w3af

0 (0)

Open source web application security scanner with 200+ vulnerability identification capabilities.

Vulnerability Management
Free
appsecapp-securityvulnerability-scanningweb-app-securityweb-application-securitypenetration-testingsecurity-scanning
MetaHub Logo

MetaHub

0 (0)

Automated contextual security findings enrichment and impact evaluation tool for vulnerability management.

Vulnerability Management
Free
awsaws-securityvulnerability-managementvulnerability-scanning
Sonatype Repository Logo

Sonatype Repository

0 (0)

A centralized platform for managing open source components and automating software supply chain security.

Miscellaneous
Free
appseccompliancedevsecopssoftware-supply-chainvulnerability-scanning
CVE Ape Logo

CVE Ape

0 (0)

A tool to find and search for registered CVEs, creating a local CVE database for offline use.

Vulnerability Management
Free
cvevulnerability-scanningiot-securitylinux-security
IntelligenceX Logo

IntelligenceX

0 (0)

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.

Threat Management
Free
vulnerability-assessmentvulnerability-scanningcompliancesecurity-auditvulnerability-detection
Amass Logo

Amass

0 (0)

Amass by OWASP performs comprehensive attack surface mapping and asset discovery.

Vulnerability Management
Free
asset-inventoryattack-surface-mappingasset-discoveryvulnerability-scanningweb-security

Alert(1) to Win

0 (0)

A free online tool that scans and fixes common security issues in WordPress websites.

Application Security
Free
wordpresssecurity-auditvulnerability-scanningweb-app-securitysecurity-testingcompliance
Commix Logo

Commix

0 (0)

Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.

Offensive Security
Free
penetration-testingvulnerability-scanningexploitationsecurity-testingpython
Clair Logo

Clair

0 (0)

An open source project for static analysis of vulnerabilities in application containers

Vulnerability Management
Free
container-securitydockerocivulnerability-scanningstatic-analysis
Spoofcheck Logo

Spoofcheck

0 (0)

Simple script to check a domain's email protections and identify vulnerabilities.

Vulnerability Management
Free
email-securityvulnerability-scanningsecurity-testingpenetration-testingsecurity-audit
drozer Logo

drozer

0 (0)

A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.

Specialized Security
Free
appsecapp-securitysecurity-testingvulnerability-scanningpentest
Dagda Logo

Dagda

0 (0)

A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers

Vulnerability Management
Free
dockersecurityvulnerability-scanningmalware-detectioncontainer-securitydevsecops
Wapiti Logo

Wapiti

0 (0)

Web-application vulnerability scanner with extensive coverage of security testing modules.

Vulnerability Management
Free
web-app-securityvulnerability-scanningsql-injectionxsscommand-executionxxe
Vuls Logo

Vuls

0 (0)

Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.

Vulnerability Management
Free
vulnerability-scanninglinuxgo
Gamma Ray Logo

Gamma Ray

0 (0)

Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.

Vulnerability Management
Free
nodejsvulnerability-scanningvulnerability-managementsecurity-testingdevsecops
Hakiri Toolbelt Logo

Hakiri Toolbelt

0 (0)

Automate version scraping and vulnerability scanning for Ruby on Rails stacks.

Vulnerability Management
Free
rubyruby-on-railsvulnerability-scanningcve

Mobile Sandbox

0 (0)

Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.

Vulnerability Management
Free
mobile-securityiosmalware-detectionvulnerability-scanningapp-security
Pompem Logo

Pompem

0 (0)

Automate the search for Exploits and Vulnerabilities in important databases.

Vulnerability Management
Free
penetration-testingvulnerability-scanningexploitpentest

Arachni

0 (0)

An open-source web application security scanner framework that identifies vulnerabilities in web applications.

Application Security
Free
appsecapp-securityweb-app-securityweb-application-securityvulnerability-scanningvulnerability-detection
LunaTrace Logo

LunaTrace

0 (0)

An Open Source supply chain security and auditing tool that tracks projects and dependencies, monitoring for vulnerabilities and issues.

Vulnerability Management
Free
auditingdependency-managementvulnerability-scanning