442 tools indexed

⚡

Vulnerability Scanning

22 tools indexed

Vulnerability scanning and security auditing tools that detect CVEs, misconfigurations, outdated software, and security weaknesses across networks, web applications, containers, and code. Essential for both offensive assessments and defensive security posture management.

Nuclei

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfigprojectdiscovery

28.1k3.4k24d ago

sqlmap

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomatedclassic

37.2k6.2k27d ago

WPScan

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcvecms

9.6k1.3k27d ago

OpenVAS

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliancecredentialed

XSStrike

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzingcontext-analysis

14.9k2.1k1y ago

Commix

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app

testssl.sh

Command-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws on any port.

tlssslcipher-checkheartbleed

9.0k1.1k26d ago

Trivy

Comprehensive vulnerability scanner for containers, filesystems, git repos, and Kubernetes with SBOM generation.

container-securitysbomvulnerability-scanneriac-scanning

34.7k32627d ago

Grype

Vulnerability scanner for container images and filesystems that matches installed packages against known CVEs.

container-securitycve-scanningsbomimage-scanning

12.1k79227d ago

Semgrep

Lightweight static analysis engine for finding bugs and enforcing code standards across 30+ languages with custom rules.

saststatic-analysiscode-scanningcustom-rules

14.9k92324d ago

DalFox

Parameter analysis and XSS scanner with automatic payload generation, DOM-based detection, and pipeline support.

xssparameter-analysisdom-xssreflected-xss

Retire.js

Scanner for detecting use of JavaScript libraries with known vulnerabilities in web applications.

javascriptdependency-scanningcveweb-security

OSV-Scanner

Google's dependency vulnerability scanner using the OSV.dev database across multiple language ecosystems.

dependency-scanningscasupply-chaincve

Lynis

Security auditing and hardening tool for Linux/macOS with compliance testing for HIPAA, ISO27001, and PCI DSS.

hardeningauditcompliancecis-benchmark

15.6k1.6k3mo ago

afrog

Fast vulnerability scanner with custom PoC support for CVEs, default credentials, and command injection.

vuln-scannerpoccvefast

Vuls

Agentless vulnerability scanner for Linux and FreeBSD with CVE detection.

vulnerabilityscanneragentlesscve

12.1k1.2k24d ago

Infection Monkey

Automated adversary emulation platform for validating network security controls.

breach-simulationadversarytesting

boofuzz

Network protocol fuzzing framework and successor to the Sulley fuzzer.

fuzzingprotocolnetwork

garak

NVIDIA's LLM vulnerability scanner. Tests language models for prompt injection, jailbreaks, data leakage, and harmful outputs.

llm-securityai-red-teamprompt-injectionjailbreak

Osmedeus

Automated reconnaissance and vulnerability scanning workflow engine. Chains recon, scanning, and exploitation into configurable pipelines.

automationrecon-pipelineworkflow-enginevulnerability-scanning

DeepAudit

Multi-agent AI code auditing system with automated sandbox PoC verification. Has discovered 49 CVEs across 17 open-source projects.

ai-auditcode-reviewcve-discoverymulti-agent

Titus

High-performance secrets scanner by Praetorian with CLI, Go library, Burp extension, and Chrome extension. 487 detection rules.

secrets-detectionhigh-performanceburp-extensionapi-keys

Related Categories

Web Scanning

41 tools

Exploitation

22 tools

Network Recon

40 tools

Cloud Recon

19 tools