Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

LINKS

Blog

LEGAL

Terms of services Privacy policy

CyberSecTools

CyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

LINKS

Blog

LEGAL

Terms of services Privacy policy

Vulnerability Scanning

Explore 99 curated tools and resources

All

Free

Commercial

Task

Home
Tasks
Vulnerability Scanning

LATEST ADDITIONS

Impart
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
0
Commercial
Application Security
waf
api-security
+4
StackHawk
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
0
Commercial
Application Security
api-security
application-security
+4
Octoscan
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
0
Free
Application Security
github
ci-cd
+4
Aqua
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
0
Commercial
Application Security
cloud-security
container-security
+4
OpenVAS
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
0
Free
Vulnerability Management
vulnerability-management
vulnerability-scanning
+4
Veracode
Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.
0
Commercial
Application Security
appsec
app-security
+3
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
0
Commercial
Vulnerability Management
windows
antivirus
+8
AWVS
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
0
Free
Vulnerability Management
appsec
app-security
+4
BruteXSS
A tool to find XSS vulnerabilities in web applications
0
Free
Malware Analysis
xss
vulnerability-scanning
+3
Sn1per
An open-source attack surface management platform for identifying and managing vulnerabilities
0
Free
Vulnerability Management
attack-surface
vulnerability-scanning
+2
cors-scanner
A multi-threaded scanner for identifying CORS flaws and misconfigurations
0
Free
Network Security
cors
scanner
+4
dom-red
A small script to check a list of domains against open redirect vulnerability
0
Free
Vulnerability Management
open-redirect
vulnerability-scanning
+4
SQLi-Hunter
A tool for finding and exploiting SQL injection vulnerabilities in web applications
0
Free
Malware Analysis
appsec
appsec-tool
+3
WPRecon
WPRecon is a tool for recognizing vulnerabilities and blackbox information for WordPress.
0
Free
Application Security
wordpress
vulnerability-scanning
XSpear
A powerful XSS scanning and parameter analysis tool
0
Free
Offensive Security
xss
scanning
+2
Eagle
A multithreaded vulnerability scanner for web-based applications
0
Free
Vulnerability Management
vulnerability-scanning
web-application-security
+2
SSRFire
Automated SSRF finder with options for XSS and open redirects
0
Free
Network Security
ssrf
xss
+3
surf
A tool to escalate SSRF vulnerabilities on modern cloud environments
0
Free
Network Security
ssrf
cloud-security
+3
XSSwagger
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
0
Free
Application Security
xss
vulnerability-scanning
+3
SubOver
A powerful tool for finding and exploiting subdomain takeover vulnerabilities
0
Free
Honeypots
subdomain-takeover
subdomain-scanning
+2
dotdotpwn
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
0
Free
Honeypots
directory-traversal
fuzzer
+4
extended-ssrf-search
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
0
Free
Network Security
ssrf
web-application-security
+3
jaeles
Automated web application testing tool
0
Free
Application Security
appsec
web-application-security
+2
headi
A tool for automated HTTP header injection
0
Free
Application Security
security-testing
vulnerability-scanning
+1
xssValidator
A Burp intruder extender for automating and validating XSS vulnerabilities
0
Free
Malware Analysis
appsec
xss
+2
Oralyzer
Open Redirection Analyzer
0
Free
Application Security
appsec
vulnerability-scanning
+3
NoSql Injection CLI tool
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases
0
Free
Malware Analysis
mongodb
vulnerability-scanning
+3
extended-xss-search
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
0
Free
Malware Analysis
xss
xss-scanner
+2
takeover
A tool for testing subdomain takeover possibilities at a mass scale.
0
Free
Honeypots
subdomain-takeover
mass-scanning
+3
SSRF-Sheriff
A simple SSRF-testing sheriff written in Go
0
Free
Offensive Security
ssrf
go
+2
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
burp-suite
vulnerability-scanning
+3
Arjun
HTTP parameter discovery suite
0
Free
Vulnerability Management
http
vulnerability-scanning
+2
Injectus
A CRLF and open redirect fuzzer
0
Free
Offensive Security
fuzzer
open-redirect
+2
Burp Anonymous Cloud
Burp extension for identifying cloud buckets and testing for vulnerabilities
0
Free
Cloud Security
cloud-security
vulnerability-scanning
+1
DOMXSS Scanner
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
0
Free
Application Security
xss
vulnerability-scanning
+3
kube-hunter
kube-hunter hunts for security weaknesses in Kubernetes clusters.
0
Free
Vulnerability Management
kubernetes
kubernetes-security
+3
xsshunter
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
0
Free
Malware Analysis
xss
web-application-security
+1
dom-based-xss-finder
DOM-based XSS vulnerability scanner
0
Free
Vulnerability Management
xss
web-application-security
+2
AuditJS
Audits JavaScript projects for known vulnerabilities and outdated package versions using OSS Index v3 REST API.
0
Free
Vulnerability Management
appsec
npm
+3
npm-scan
An extensible, heuristic-based vulnerability scanning tool for installed npm packages.
0
Free
Vulnerability Management
npm
vulnerability-scanning
+2
hakrawler
A simple, fast web crawler for discovering endpoints and assets in a web application
0
Free
Offensive Security
crawler
web-crawler
+4
InsightAppSec
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
0
Commercial
Application Security
appsec
application-security
+2
Git Scanner Framework
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
0
Free
Vulnerability Management
bug-bounty
pentesting
+3
Acunetix Web Vulnerability Scanner Demonstration Site
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
0
Free
Vulnerability Management
vulnerability-scanning
web-app-security
+4
Bearer CLI
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
0
Free
Application Security
appsec
sast
+4
Rexsser
A Burp plugin for identifying potential vulnerabilities in web applications
0
Free
Malware Analysis
appsec
bug-bounty
+4
ThreatMapper
A runtime threat management and attack path enumeration tool for cloud-native environments
0
Free
Vulnerability Management
threat-hunting
threat-detection
+2
Flan
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
0
Free
Vulnerability Management
vulnerability-scanning
vulnerability-detection
+3
FullHunt
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
0
Free
Vulnerability Management
attack-surface
asset-discovery
+2
is-my-node-vulnerable
Check for known vulnerabilities in your Node.js installation.
0
Free
Vulnerability Management
nodejs
vulnerability-scanning
+1
altdns
A tool for generating permutations, alterations and mutations of subdomains and resolving them
0
Free
Honeypots
penetration-testing
vulnerability-scanning
SUDO_KILLER
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
0
Free
IAM
linux
privilege-escalation
+2
bundler-audit
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
0
Free
Vulnerability Management
ruby
vulnerability-scanning
+1
Gopherus
A tool for exploiting SSRF and gaining RCE in various servers
0
Free
Honeypots
ssrf
rce
+3
Securibench Micro
A series of small test cases designed to exercise different parts of a static security analyzer
0
Free
Vulnerability Management
appsec
apparmor
+4
timing_attack
A tool to profile web applications based on response time discrepancies.
0
Free
Application Security
web-app-security
vulnerability-scanning
+4
LAMPSecurity Training
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
0
Free
Resources
appsec
vulnerable-applications
+8
Quick Android Review Kit
A tool for detecting and exploiting Android application vulnerabilities
0
Free
Vulnerability Management
appsec
app-security
+3
second-order
Second-order subdomain takeover scanner
0
Free
Digital Forensics
subdomain-takeover
vulnerability-scanning
+2
npq
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
0
Free
Application Security
npm
yarn
+4
Android Vulnerability Test Suite
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
0
Free
Vulnerability Management
vulnerability-scanning
attack-surface
+2
WPScan
WordPress security scanner for identifying vulnerabilities in WordPress websites.
0
Free
Vulnerability Management
wordpress
ruby
+2
Linux Exploit Suggester 2
Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.
0
Free
Vulnerability Management
exploit
linux
+3
AndroBugs Framework
Android vulnerability analysis system with efficient scanning and high accuracy.
0
Free
Specialized Security
appsec
app-security
+3
sqliv
A massive SQL injection vulnerability scanner
0
Free
Vulnerability Management
sql-injection
vulnerability-scanning
+3
Pagodo
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
0
Free
Vulnerability Management
vulnerability-scanning
penetration-testing
+1
Nessus Cheat Sheet
A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.
0
Free
Resources
appsec
vulnerability-scanning
+3
aem-hacker
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
0
Free
Offensive Security
offensive-security
vulnerability-scanning
+2
is-website-vulnerable
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
0
Free
Vulnerability Management
appsec
javascript
+3
Terrascan
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
0
Free
Application Security
appsec
aws
+10
N-Stalker
A web security tool that scans for vulnerabilities and known attacks.
0
Free
Application Security
appsec
devsecops
+4
sqlmap
Automates SQL injection detection and exploitation
0
Free
Vulnerability Management
sql-injection
penetration-testing
+2
Windows Exploit Suggester
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
0
Free
Vulnerability Management
patch-management
vulnerability-scanning
+3
Acunetix Web Vulnerability Scanner Demo Site
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
0
Free
Vulnerability Management
appsec
app-security
+4
Dockerscan
A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments
0
Free
Vulnerability Management
docker
docker-security
+4
XSSer
Automatic tool for pentesting XSS attacks against different applications
0
Free
Application Security
xss
pentesting
+3
Sherlock PowerShell Script
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
0
Free
Vulnerability Management
patch-management
vulnerability-scanning
+2
Metasploit Framework
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
0
Free
Offensive Security
penetration-testing
metasploit
+3
Yasuo
A ruby script that scans for vulnerable 3rd-party web applications
0
Free
Vulnerability Management
appsec
appsec-tool
+4
w3af
Open source web application security scanner with 200+ vulnerability identification capabilities.
0
Free
Vulnerability Management
appsec
app-security
+5
MetaHub
Automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
0
Free
Vulnerability Management
aws
aws-security
+2
Sonatype Repository
A centralized platform for managing open source components and automating software supply chain security.
0
Free
Miscellaneous
appsec
compliance
+3
CVE Ape
A tool to find and search for registered CVEs, creating a local CVE database for offline use.
0
Free
Vulnerability Management
cve
vulnerability-scanning
+2
IntelligenceX
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
0
Free
Threat Management
vulnerability-assessment
vulnerability-scanning
+3
Amass
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
0
Free
Vulnerability Management
asset-inventory
attack-surface-mapping
+3
Alert(1) to Win
A free online tool that scans and fixes common security issues in WordPress websites.
0
Free
Application Security
wordpress
security-audit
+4
Commix
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
0
Free
Offensive Security
penetration-testing
vulnerability-scanning
+3
Clair
An open source project for static analysis of vulnerabilities in application containers
0
Free
Vulnerability Management
container-security
docker
+3
Spoofcheck
Simple script to check a domain's email protections and identify vulnerabilities.
0
Free
Vulnerability Management
email-security
vulnerability-scanning
+3
drozer
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
0
Free
Specialized Security
appsec
app-security
+3
Dagda
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
0
Free
Vulnerability Management
docker
security
+4
Wapiti
Web-application vulnerability scanner with extensive coverage of security testing modules.
0
Free
Vulnerability Management
web-app-security
vulnerability-scanning
+4
Vuls
Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.
0
Free
Vulnerability Management
vulnerability-scanning
linux
+1
Gamma Ray
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
0
Free
Vulnerability Management
nodejs
vulnerability-scanning
+3
Hakiri Toolbelt
Automate version scraping and vulnerability scanning for Ruby on Rails stacks.
0
Free
Vulnerability Management
ruby
ruby-on-rails
+2
Mobile Sandbox
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
0
Free
Vulnerability Management
mobile-security
ios
+3
Pompem
Automate the search for Exploits and Vulnerabilities in important databases.
0
Free
Vulnerability Management
penetration-testing
vulnerability-scanning
+2
Arachni
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
0
Free
Application Security
appsec
app-security
+4
LunaTrace
An Open Source supply chain security and auditing tool that tracks projects and dependencies, monitoring for vulnerabilities and issues.
0
Free
Vulnerability Management
auditing
dependency-management
+1

PINNED

Fabric Platform by BlackStork

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

Free

Security Operations

Mandos Brief Newsletter

Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.

Free

Blogs and News

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial

Cloud Security

Adversa AI

Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.

Commercial

AI Security

Vulnerability Scanning

LATEST ADDITIONS

Impart

StackHawk

Octoscan

Aqua

OpenVAS

Veracode

RoboShadow

AWVS

BruteXSS

Sn1per

cors-scanner

dom-red

SQLi-Hunter

WPRecon

XSpear

Eagle

SSRFire

surf

XSSwagger

SubOver

dotdotpwn

extended-ssrf-search

jaeles

headi

xssValidator

Oralyzer

NoSql Injection CLI tool

extended-xss-search

takeover

SSRF-Sheriff

Turbo Intruder

Arjun

Injectus

Burp Anonymous Cloud

DOMXSS Scanner

kube-hunter

xsshunter

dom-based-xss-finder

AuditJS

npm-scan

hakrawler

InsightAppSec

Git Scanner Framework

Acunetix Web Vulnerability Scanner Demonstration Site

Bearer CLI

Rexsser

ThreatMapper

Flan

FullHunt

is-my-node-vulnerable

altdns

SUDO_KILLER

bundler-audit

Gopherus

Securibench Micro

timing_attack

LAMPSecurity Training

Quick Android Review Kit

second-order

npq

Android Vulnerability Test Suite

WPScan

Linux Exploit Suggester 2

AndroBugs Framework

sqliv

Pagodo

Nessus Cheat Sheet

aem-hacker

is-website-vulnerable

Terrascan

N-Stalker

sqlmap

Windows Exploit Suggester

Acunetix Web Vulnerability Scanner Demo Site

Dockerscan

XSSer

Sherlock PowerShell Script

Metasploit Framework