Showing 291 open source projects for "security scanner"

View related business solutions
  • Host LLMs in Production With On-Demand GPUs Icon
    Host LLMs in Production With On-Demand GPUs

    NVIDIA L4 GPUs. 5-second cold starts. Scale to zero when idle.

    Deploy your model, get an endpoint, pay only for compute time. No GPU provisioning or infrastructure management required.
    Try Free
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • 1
    Agentic Security

    Agentic Security

    Agentic LLM Vulnerability Scanner / AI red teaming kit

    The open-source Agentic LLM Vulnerability Scanner.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 2
    User Scanner

    User Scanner

    Scan usernames and emails across many platforms from the CLI

    user-scanner is a command-line OSINT tool designed to analyze the presence and availability of usernames and email addresses across many online platforms. It helps users quickly determine whether a specific username or email is already associated with accounts on social networks, developer platforms, creator communities, gaming services, and other sites. user-scanner is useful for security researchers, investigators, and analysts performing open source intelligence, as well as individuals or businesses looking for a unique username across multiple services. ...
    Downloads: 24 This Week
    Last Update:
    See Project
  • 3
    OpenVAS Scanner

    OpenVAS Scanner

    This repository contains the scanner component for Greenbone Community

    OpenVAS Scanner is the scanner component of Greenbone Community Edition and serves as a full-featured vulnerability scanning engine. It executes a continuously updated feed of Vulnerability Tests to identify security weaknesses across systems and services. The scanner is also used within Greenbone Enterprise appliances, which reflects its role in broader vulnerability management workflows.
    Downloads: 36 This Week
    Last Update:
    See Project
  • 4
    InQL Scanner

    InQL Scanner

    A Burp Extension for GraphQL Security Testing

    A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. Since version 1.0.0 of the tool, InQL was extended to operate within Burp Suite. In this mode, the tool will retain all the stand-alone script capabilities and add a handy user interface for manipulating queries. Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target...
    Downloads: 1 This Week
    Last Update:
    See Project
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 5
    Skill Scanner

    Skill Scanner

    Security Scanner for Agent Skills

    This repository is a public security-focused scanning tool intended to analyze and assess AI agent skills for potential issues, quality concerns, and vulnerabilities. It acts as a scanner that inspects Agent Skills packages to flag structural problems, inconsistencies, or security flaws before they are deployed or integrated into agent workflows. Because agent skills can contain executable instructions and logic, scanning them for risky patterns is essential to prevent inadvertent exploitation when used by intelligent systems. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 6
    react2shell-scanner

    react2shell-scanner

    High Fidelity Detection Mechanism for RSC/Next.js RCE

    react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 7
    Nikto

    Nikto

    Web server vulnerability scanner for security assessments

    Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows.
    Downloads: 115 This Week
    Last Update:
    See Project
  • 8
    WPScan

    WPScan

    WPScan WordPress security scanner

    WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators.
    Downloads: 15 This Week
    Last Update:
    See Project
  • 9
    syft

    syft

    CLI tool and library for generating a Software Bill of Materials

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution...
    Downloads: 49 This Week
    Last Update:
    See Project
  • Secure File Transfer for Windows with Cerberus by Redwood Icon
    Secure File Transfer for Windows with Cerberus by Redwood

    Protect and share files over FTP/S, SFTP, HTTPS and SCP with the #1 rated Windows file transfer server.

    Cerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
    Try for Free
  • 10
    WhatWeb

    WhatWeb

    Next generation web scanner

    WhatWeb is a Ruby-based web scanner for fingerprinting websites. It identifies CMS, server technologies, JavaScript frameworks, and other characteristics by analyzing HTML, headers, JavaScript, cookies, and responses. Commonly used in reconnaissance and security assessments.
    Downloads: 9 This Week
    Last Update:
    See Project
  • 11
    Hypatia

    Hypatia

    A realtime malware scanner

    Hypatia is a free and open-source malware scanner for Android that aims to provide on-device, real-time scanning with minimal battery and resource impact using signature-based detection inspired by ClamAV style databases. Designed as an Android app, it scans user filesystems and installed applications either on demand or in real time when files are written or renamed, operating completely offline aside from occasional signature database downloads.
    Downloads: 22 This Week
    Last Update:
    See Project
  • 12
    SIPVicious

    SIPVicious

    Security tools that can be used to audit SIP based VoIP systems

    SIPVicious OSS has been around since 2007 and is actively updated to help security teams, QA and developers test SIP-based VoIP systems and applications. Open-source security suite for auditing SIP based VoIP systems. Also known as friendly-scanner, it is freely available to help pentesters, security teams and developers quickly test their SIP systems. Download the latest source code from git or the latest release, send pull requests and open issues. ...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 13
    grype

    grype

    A vulnerability scanner for container images and filesystems

    A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages. Find vulnerabilities for language-specific packages. You can also choose another destination directory and release version for the installation....
    Downloads: 19 This Week
    Last Update:
    See Project
  • 14
    tfsec

    tfsec

    Security scanner for your Terraform code

    tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. ...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 15
    SkillSpector

    SkillSpector

    Security scanner for AI agent skills

    SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 16
    ClamAV

    ClamAV

    Antivirus engine for detecting trojans, viruses and malware

    ClamAV is an open-source antivirus engine developed by Cisco Talos that provides cross-platform malware detection for servers, desktops, and mail systems. Originally designed for Unix environments and email security, it has evolved into a flexible antimalware toolkit capable of identifying millions of viruses, worms, trojans, and other threats. The software includes a command-line scanner, an automatically updating signature database, and a scalable multi-threaded daemon that enables high-performance scanning in production environments. ClamAV is widely used in mail gateways, file servers, and security pipelines because it can inspect compressed archives, common document formats, and executable files. ...
    Downloads: 109 This Week
    Last Update:
    See Project
  • 17
    Flan Scan

    Flan Scan

    A pretty sweet vulnerability scanner

    Flan Scan is a lightweight open-source network vulnerability scanner designed to make it easy to detect exposed services, open ports, and associated vulnerabilities across IP ranges or network segments as part of security audit and compliance workflows. It is essentially a thin wrapper around the widely-used Nmap scanner, augmenting it with scripts and tooling that transform raw Nmap output into vulnerability-focused reports that map detected services to known CVEs, making results more actionable for administrators and auditors. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    OSINT Framework

    OSINT Framework

    OSINT Framework

    OSINT-Framework is a web-based intelligence resource map designed to help investigators and researchers quickly locate free open-source intelligence tools and data sources. Rather than functioning as an automated scanner, it organizes hundreds of OSINT resources into a structured, navigable interface grouped by investigation type, such as usernames, email addresses, domains, and social media. The project was originally created from an information security perspective but has since expanded to support journalists, analysts, and digital investigators across many disciplines. ...
    Downloads: 106 This Week
    Last Update:
    See Project
  • 19
    Tsunami

    Tsunami

    Network security scanner for detecting severity vulnerabilities

    Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to react quickly in order to protect potentially vulnerable assets. As attackers increasingly invest in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Vuls

    Vuls

    Agentless vulnerability scanner for Linux/FreeBSD

    Vuls is open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc. Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog. Vuls v0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors. Remote scan mode is required to only setup one machine that is connected to other scan target servers via SSH. If you don't want the central Vuls server to connect to each server by SSH, you...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 21
    Kubescape

    Kubescape

    Kubescape is an open-source Kubernetes security platform for your IDE

    An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise. Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kubernetes security and includes vulnerability and misconfiguration scanning.
    Downloads: 11 This Week
    Last Update:
    See Project
  • 22
    nuclei

    nuclei

    Fast and customizable vulnerability scanner based on simple YAML

    Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 300 security...
    Downloads: 84 This Week
    Last Update:
    See Project
  • 23
    Wfuzz

    Wfuzz

    Web application fuzzer

    Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web...
    Downloads: 21 This Week
    Last Update:
    See Project
  • 24
    Retire.js

    Retire.js

    Scanner detecting the use of JavaScript libraries

    There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules....
    Downloads: 1 This Week
    Last Update:
    See Project
  • 25
    Brakeman

    Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails app

    Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next