.svg){kind=icon}
AcSecurity is a Python module designed to scan applications for common security vulnerabilities. It checks for hardcoded secrets, dependency vulnerabilities, and code quality issues.
Security tool against dependency typosquatting attacks.
Twyn is a security tool that compares the name of your dependencies against a set of the most popular ones, in order to determine if there is any similarity between them, preventing you from using a potentially illegitimate one. In short, Twyn protects you against typosquatting attacks.
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets .
sastsweep is a tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size, enabling targeted vulnerability research. It automatically detects potential vulnerabilities using semgrep and provides a streamlined HTML report, allowing researchers to quickly drill down to the affected portion of the codebase.
A tool for finding security issues in GitHub Actions setups.
Penelope Shell Handler.
Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation or external dependencies, and it is intended to remain this way.
Zero shot vulnerability discovery using LLMs. A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.
Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.
The firmware security analyzer.
EMBA is designed as the central firmware analysis and SBOM tool for penetration testers, product security teams, developers and responsible product managers. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation, building the SBOM and finally generating a web report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. EMBA is a command line tool with the possibility to generate an easy-to-use web report for further analysis.
API Security Vulnerability Scanner designed to help you secure your APIs.
Your First Line of Defense in API Security. Scan your APIs for vulnerabilities with VulnAPI.
Help developers and security professionals quickly and efficiently scan their APIs for security vulnerabilities and weaknesses.
Octoscan is a static vulnerability scanner for GitHub action workflows.
Free and open-source vulnerability scanner.
Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs.
A fast and customisable vulnerability scanner powered by simple YAML-based templates.
Check for free whether your Laravel website is safe or vulnerable before others do!
This is a free tool to all who wants to optimize and check the security on their Laravel website
While there are many security scanners out there, we thought that one was missing. That’s why we made this vulnerability scanner that focus specific on Laravel websites. We focused on known Laravel vulnerabilities, and made the scanner focus on them.
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfigurations and phishing domains - all powered by a blend of open-source and custom tools.
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, OWASP ZAP, Nuclei, SkipFish, and Wapiti.
A vulnerability scanner for container images and filesystems.
Agentless Vulnerability Scanner for Linux/FreeBSD, Container, WordPress, Programming language libraries, Network devices
Advanced vulnerability scanning with Nmap NSE.
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.
Open Vulnerability Assessment Scanner.
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
Quickly discover the attack surface, and identify vulnerabilities using highly customizable and powerful scan engines. Enjoy peace of mind with reNgine's continuous monitoring, deeper reconnaissance, and open-source powered Vulnerability Scanner.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.