Top 43 vulnerability-scanner open source projects

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Automated All-in-One OS Command Injection Exploitation Tool.

Hexrays Toolbox - Find code patterns within the Hexrays AST

Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)

Default signature for Jaeles Scanner

A high performance offensive security tool for reconnaissance and vulnerability scanning

File upload vulnerability scanner and exploitation tool.

THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

用cel-go重现了长亭xray的poc检测功能的轮子

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Use Trivy as a plug-in vulnerability scanner in the Harbor registry

A powerful dynamic crawler for web vulnerability scanners

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

🆕 The Multi-Tool Web Vulnerability Scanner.

CORS Misconfiguration Scanner

Mass scan IPs for vulnerable services

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Sifter aims to be a fully loaded Op Centre for Pentesters

Automatic SQL injection and database takeover tool

cwe_checker finds vulnerable patterns in binary executables

A fast tool to scan CRLF vulnerability written in Go

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Fast and customizable vulnerability scanner based on simple YAML based DSL.

CMS auto detect and exploit.

AWVS12 最新版本12.0.190902105_x64

A python tool to check subdomain takeover vulnerability

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.

Host Header Injection Scanner

Enables scanning of docker builds in Jenkins for OS package vulnerabilities.

OWASP Zed Attack Proxy project landing page.

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.