Vulnerability Scanning
12 tools indexed
Vulnerability scanning and security auditing tools that detect CVEs, misconfigurations, outdated software, and security weaknesses across networks, web applications, containers, and code. Essential for both offensive assessments and defensive security posture management.
Nuclei
Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.
sqlmap
Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.
WPScan
WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.
OpenVAS
Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.
XSStrike
Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.
Commix
Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.
testssl.sh
Command-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws on any port.
Trivy
Comprehensive vulnerability scanner for containers, filesystems, git repos, and Kubernetes with SBOM generation.
Grype
Vulnerability scanner for container images and filesystems that matches installed packages against known CVEs.
Semgrep
Lightweight static analysis engine for finding bugs and enforcing code standards across 30+ languages with custom rules.
DalFox
Parameter analysis and XSS scanner with automatic payload generation, DOM-based detection, and pipeline support.
Retire.js
Scanner for detecting use of JavaScript libraries with known vulnerabilities in web applications.