vulnerability-detection

There are 102 repositories under vulnerability-detection topic.

• aquasecurity / trivy

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  containersdevsecopsdockergogolanghacktoberfestiacinfrastructure-as-codekubernetesmisconfigurationsecuritysecurity-toolsvulnerabilityvulnerability-detectionvulnerability-scanners
  Language:Go 28913

• projectdiscovery / nuclei

  Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

  attack-surfacecve-scannerdasthacktoberfestnuclei-enginesecuritysecurity-scannersubdomain-takeovervulnerability-assessmentvulnerability-detectionvulnerability-scanner
  Language:Go 24777

• CISOfy / lynis

  Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  shelllinuxpci-dsscompliancesecurity-auditsecurity-hardeningsecurity-scannersecurity-vulnerabilityhipaaunixvulnerability-detectionvulnerability-scannersvulnerability-assessmentdevopsdevops-toolssystem-hardeninghardeningauditinggdprsecurity-tools
  Language:Shell 14645

• wazuh / wazuh

  Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

  securitycompliancelog-analysisvulnerability-detectioncybersecurityfile-integrity-monitoringinfosecmalware-detectioncloud-securitycontainer-securitysecurity-automationsecurity-toolssiemxdrconfiguration-assessementincident-responsepci-dsssecurity-auditsecurity-hardeningwazuh
  Language:C 13479

• future-architect / vuls

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  vulsvulnerability-scannersgolanggolinuxfreebsdvulnerability-detectionsecuritysecurity-toolscybersecuritysecurity-vulnerabilitysecurity-scannersecurity-hardeningsecurity-automationsecurity-auditvulnerability-assessmentvulnerability-managementvulnerability-scannervulnerabilitiesadministrator
  Language:Go 11739
• kubescape

  kubescape / kubescape

  Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

  best-practicedevopskubernetesmitre-attacknsasecurityvulnerability-detection
  Language:Go 10982

• projectdiscovery / nuclei-templates

  Community curated list of templates for the nuclei engine to find security vulnerabilities.

  bugbountyexploit-developmentexploitsfingerprinthacktoberfestnucleinuclei-checksnuclei-templatessecurityvulnerability-detection
  Language:JavaScript 10901

• dependency-check / DependencyCheck

  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  security-auditbuild-toolmaven-pluginjenkins-plugingradle-pluginvulnerability-detectionsecurityant-tasksoftware-composition-analysis
  Language:Java 7188

• GhostTroops / scan4all

  Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  attackautogolanghackertoolsnucleibugbountybugbounty-toolshacktoolspentest-tool0daybrute-forcenmapsshvulnerabilities-scanreconsecurity-scannersecurity-toolsvulnerability-detectionvulnerability-scanners
  Language:Go 5869
• ThreatMapper

  deepfence / ThreatMapper

  Open Source Cloud Native Application Protection Platform (CNAPP)

  cloud-nativevulnerability-managementthreat-analysisdevsecopssecopsregistry-scanningsecurity-toolscwppobservabilitycloudsecurityvulnerability-scannersvulnerability-detectionscanning-toolcnappcompliancecontainerscspmdevopskuberneteshacktoberfest
  Language:TypeScript 5146

• greenbone / openvas-scanner

  This repository contains the scanner component for Greenbone Community Edition.

  openvasvulnerabilityvulnerability-scannersvulnerability-detectionvulnerability-assessmentscannervulnerability-managementgreenbonegreenbone-vulnerability-managementgvmopenvas-scannergreenbone-community-editionfooctechops
  Language:Rust 4049

• Arachni / arachni

  Web Application Security Scanner Framework

  arachnidomrubyauditdetectionsecurity-auditanalysismodularjavascriptscannersweb-applicationvulnerability-detectioncrawlerscannerhackhackingpenetration-testingxsssql-injection
  Language:Ruby 3945

• scipag / vulscan

  Advanced vulnerability scanning with Nmap NSE

  vulnerabilityvulnerability-scannersvulnerability-detectionvulnerability-identificationvulnerability-assessmentsecuritysecurity-auditsecurity-scannerpenetration-testingnmapnmap-scriptsexploitvulnerability-scanningvulnerability-databasesvulnerability-database-entrynmap-scan-scriptnsensescriptlualua-script
  Language:Lua 3657

• ysrc / xunfeng

  巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

  securitypentestinginfosecexploitssecurity-auditvulnerability-detectionscannervulnerability-assessmentvulnerability-scanners
  Language:Python 3589
• dependency-track

  DependencyTrack / dependency-track

  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  owaspappsecsecuritybomvulnerabilitiescomponent-analysisnvdsoftware-securitysoftware-composition-analysisscabill-of-materialspackage-urlpurlvulnerability-detectionossindexsbomdevsecopssecurity-automationcyclonedxhacktoberfest
  Language:Java 3230

• Checkmarx / kics

  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

  appseccloudnativedevsecopsgolanghacktoberfestiacinfrastructure-as-codeopen-policy-agentsecuritysecurity-toolsvulnerability-detectionvulnerability-scanners
  Language:Open Policy Agent 2470

• cve-search / cve-search

  cve-search - a tool to perform local searches for known vulnerabilities

  common-vulnerabilitiescpecvecve-databasescve-entriescve-scanningcve-searchvulnerabilitiesvulnerability-assessmentvulnerability-detection
  Language:Python 2416

• protectai / vulnhuntr

  Zero shot vulnerability discovery using LLMs

  aillmsecurityvulnerability-detectionstatic-analysis
  Language:Python 2290

• anouarbensaad / vulnx

  vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

  crawlerinformation-gatheringcms-detectorcloudflare-detectionbotpentestwp-scannerauto-exploitervulnerabilityhackingwebsite-vulnerability-scannersecurity-toolsvulnerability-assessmentvulnerability-exploitvulnerability-detectionshell-injectiondetects-vulnerabilitiesexploitsdorkssubdomains-gathering
  Language:Python 1928

• skavngr / rapidscan

  :new: The Multi-Tool Web Vulnerability Scanner.

  scannervulnerability-scannersscanner-webweb-vulnerabilities-scannersecurity-toolssecurity-scannerpenetration-testing-frameworkpenetration-testingvulnerability-assessmentvulnerability-scannervulnerability-managementoscpvulnerability-detectionkali-scriptskali-linuxvulnerabilitiessecurity-scanningoffensive-securityenumerationreconnaissance
  Language:Python 1921
• safety

  pyupio / safety

  Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

  pythonsecuritysecurity-vulnerabilitytravisvulnerability-scannersvulnerability-detectioncicddependency-managementdevsecopsopen-source-securitypackage-management
  Language:Python 1896

• 0xInfection / TIDoS-Framework

  The Offensive Manual Web Application Penetration Testing Framework.

  web-penetration-testingreconnaissancevulnerability-analysisscanning-enumerationweb-fuzzerosintvulnerability-detectionfootprintingintelligence-gatheringexploitationweb-application-securitytidos-frameworkenumeration
  Language:Python 1838
• top25-parameter

  lutfumertceylan / top25-parameter

  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

  vulnerability-detectionvulnerability-researchbugbountypentestingpentest-toolbugbountytipssecurityinfosecxss-detection
  1749

• murphysecurity / murphysec

  An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

  codescandependencyscascannersecuritysoftware-composition-analysissoftware-supply-chainvulnerability-detection
  Language:Go 1735

• metlo-labs / metlo

  Metlo is an open-source API security platform.

  securityapi-gatewayapi-securityapplication-securitycybersecuritymonitoringvulnerabilitiesvulnerability-detectionmetloinfosecapi-pentestawsbugbountybugbounty-toolsinfosectoolspentest
  Language:TypeScript 1725

• wagiro / BurpBounty

  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

  bugbountyburp-extensionsburpsuitebug-bountyvulnerability-scannervulnerability-detection
  Language:Java 1718
• XAttacker

  Moham3dRiahi / XAttacker

  X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

  vulnerability-scannervulnerability-detectionvulnerability-exploitvulnerability-assessmentsecurity-scannerscannersecurity-toolswebsite-vulnerability-scannerhackinghacking-toolpentestwp-scannerwordpressprestashopjoomlalokomediadrupalauto-exploiterexploitexploitation
  Language:Perl 1649

• wireghoul / graudit

  grep rough audit - source code auditing tool

  securityshellvulnerability-detectionsource-codesecurity-auditsecurity-tools
  Language:Shell 1646

• aquasecurity / trivy-operator

  Kubernetes-native security toolkit

  cloud-nativegolangkubernetesoperatorsecuritymisconfigurationoctoberfestvulnerability-detectionvulnerability-scannerssecurity-tools
  Language:Go 1623

• 0xricksanchez / paper_collection

  Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

  directed-fuzzingembeddedexploitationfuzzingfuzzing-binariesguided-fuzzinghybrid-fuzzingiotkernellinuxlinux-kernelmitigationspaperrcaroot-causesanitizervulnerability-detection
  Language:Python 1293

• Lucifer1993 / SatanSword

  红队综合渗透框架

  vulnerability-scannerssecurity-toolsfingerprintingpocpentest-toolvulnerability-detection
  Language:Python 1179
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  vulnerabilitiesvulnerability-detectionprivacy-protectionpentestersnetwork-analysisintrusion-detectioninfosecincident-managementmitre-attackdetection-engineeringkali-linuxoffensive-securityinformation-securitysiemcompliancecyber-securityscanning-toolincident-responseforensics-toolssurveillance
  Language:Go 1007

• bitquark / shortscan

  An IIS short filename enumeration tool

  bugbountysecuritysecurity-auditsecurity-scannersecurity-toolsiisiis-serverpentestingpentesting-toolsvulnerability-detectionvulnerability-scannersiis-securityredteamredteam-toolssecurity-automationbugbounty-tool
  Language:Go 1000

• toolswatch / vFeed

  The Correlated CVE Vulnerability And Threat Intelligence Database API

  cveovalthreat-intelligence-databasepythonvfeedcwecapecscapvulnerability-databasesvulnerability-detectionvulnerability-database-entryvulnerability-identificationthreatintelligence-gatheringexploitsvulnerabilityvulnerability-scannerscommon-vulnerability-exposurethreat-intelligencethreatintel
  Language:Python 948

• wazuh / wazuh-docker

  Wazuh - Docker containers

  wazuhdockerossecsecurityloganalyzercompliancemonitoringintrusion-detectionpolicy-monitoringelasticsearchsecurity-hardeninglog-analysisidspci-dssfile-integrity-managementsecurity-awarenessvulnerability-detectionincident-responsehacktoberfesthacktoberfest-accepted
  Language:Shell 906

• seccubus / seccubus

  Easy automated vulnerability scanning, reporting and analysis

  seccubusrepeated-scansniktossllabssecurityfiltersanalysisvulnerability-detectionvulnerability-managementmedusanessusnmaptestssl
  Language:JavaScript 702