Showing 33 open source projects for "vulnerability test"

View related business solutions
  • Host LLMs in Production With On-Demand GPUs Icon
    Host LLMs in Production With On-Demand GPUs

    NVIDIA L4 GPUs. 5-second cold starts. Scale to zero when idle.

    Deploy your model, get an endpoint, pay only for compute time. No GPU provisioning or infrastructure management required.
    Try Free
  • Secure File Transfer for Windows with Cerberus by Redwood Icon
    Secure File Transfer for Windows with Cerberus by Redwood

    Protect and share files over FTP/S, SFTP, HTTPS and SCP with the #1 rated Windows file transfer server.

    Cerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
    Try for Free
  • 1
    OpenVAS Scanner

    OpenVAS Scanner

    This repository contains the scanner component for Greenbone Community

    OpenVAS Scanner is the scanner component of Greenbone Community Edition and serves as a full-featured vulnerability scanning engine. It executes a continuously updated feed of Vulnerability Tests to identify security weaknesses across systems and services. The scanner is also used within Greenbone Enterprise appliances, which reflects its role in broader vulnerability management workflows. It can be built and installed from source, integrated with other GVM modules, or deployed through...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 2
    xpoc

    xpoc

    A fast emergency response tool designed for supply chain vulnerability

    xpoc is a lightweight command-line scanner created for fast emergency response in supply chain vulnerability scanning. It is designed to help security teams test single targets, multiple targets, and target lists through direct input, files, or pipes. The tool can retrieve proof-of-concept plugins from the cloud, list available plugins, synchronize new plugins, and update itself from the command line. It uses the xray YAML POC format and supports plugin writing and loading for TCP and UDP checks. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 3
    Claude BugHunter

    Claude BugHunter

    A Claude Code skill bundle for bug hunting

    Claude-BugHunter is a Claude Code skill bundle focused on bug hunting, security testing, and external red-team research workflows. It packages a large collection of specialized skills, slash commands, and disclosed-report patterns so Claude Code can reason through common vulnerability classes more systematically. The project is meant to help authorized testers structure reconnaissance, triage, hypothesis building, exploitation reasoning, and reporting. It includes curated patterns from public vulnerability reports, making it useful as a learning and workflow reference. Because it supports security testing, it should only be used on systems where the user has permission to test. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 4
    theHarvester

    theHarvester

    E-mails, subdomains and names

    theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.
    Downloads: 31 This Week
    Last Update:
    See Project
  • Stop vibe-debugging. Icon
    Stop vibe-debugging.

    Plug Claude into your app's actual errors.

    AppSignal's MCP server hands Claude, Cursor, or Zed your real errors, traces, and the deploy that shipped them. AI writes the fix; you review the diff.
    Free 30 days.
  • 5
    AICGSecEval

    AICGSecEval

    A.S.E (AICGSecEval) is a repository-level AI-generated code security

    ...The project was developed to address concerns that AI-assisted programming tools may produce insecure code containing vulnerabilities such as injection flaws or unsafe logic. The framework constructs evaluation tasks based on real-world software repositories and known vulnerability cases derived from CVE records. By simulating realistic development scenarios, the benchmark assesses how well AI code generation systems handle security-sensitive programming tasks. AICGSecEval combines static and dynamic evaluation techniques to analyze generated code for vulnerabilities and functional correctness. The framework includes datasets, test cases, and evaluation metrics that measure how AI programming tools perform across multiple programming languages and vulnerability categories.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 6
    Defending Code Reference Harness

    Defending Code Reference Harness

    Skills for threat modeling, scanning, triage, patching, etc.

    Defending Code Reference Harness is a reference implementation for autonomous vulnerability discovery and remediation with Claude. It is designed for security teams that want a structured way to test, triage, and patch software issues with agent support. The project includes skills for threat modeling, scanning, triage, patching, and customizable autonomous analysis workflows. Its default pipeline focuses on finding memory bugs in C and C++ code using ASAN as the crash detector. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 7
    Giskard

    Giskard

    Collaborative & Open-Source Quality Assurance for all AI models

    ...At Giskard, we believe that Machine Learning needs its own testing framework. Created by ML engineers for ML engineers, Giskard enables you to scan your model to find dozens of vulnerabilities. The Giskard scan automatically detects vulnerability issues such as performance bias, data leakage, unrobustness, spurious correlation, overconfidence, underconfidence, unethical issue, etc. Giskard automatically generates relevant tests based on the vulnerabilities detected by the scan. You can easily customize the tests depending on your use case by defining domain-specific data slicers and transformers as fixtures of your test suites.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 8
    GitLab

    GitLab

    Please open new issues in our issue tracker on GitLab

    GitLab is a single-application DevOps platform that brings source control, CI/CD, package registries, security scanning, and deployment pipelines under one roof to accelerate software delivery. Built around Git repositories and merge-request workflows, it tightly integrates continuous integration, automated testing, code review, and release orchestration so teams can move from idea to production within a unified UI and policy model. GitLab’s features extend into the operational...
    Downloads: 22 This Week
    Last Update:
    See Project
  • 9
    XRAY

    XRAY

    XRay for recon, mapping and OSINT gathering from public networks

    XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • Cut Data Warehouse Costs by 54% Icon
    Cut Data Warehouse Costs by 54%

    Easily migrate from Snowflake, Redshift, or Databricks with free tools.

    BigQuery delivers 54% lower TCO with exabyte scale and flexible pricing. Free migration tools handle the SQL translation automatically.
    Try Free
  • 10
    lynis

    lynis

    Security auditing tool for Linux, macOS, and UNIX-based system

    ...Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. PCI, HIPAA, SOx), penetration testing, vulnerability detection, and system hardening. Test that Docker image, or improve the hardening of your deployed web application. Run daily health scans to discover new weaknesses. Show colleagues or clients what can be done to improve security. Discover security weaknesses on systems of your clients, that may eventually result in system compromise. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 11
    MrFish

    MrFish

    A anti-phishing Python script with headers and proxies!

    MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling systems. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    Kernelhub

    Kernelhub

    Kernel privilege escalation vulnerability collection

    The original intention of making the project is for, learning, analyzing, and research the latest kernel vulnerabilities are not needed to see the system and related content. This project is a collection of proprietary, except for test failure or unspecified Exp, Demo GIF map. If there is an omission of the omission of CVE vulnerabilities, please join your issues and bring your use of code. Project code is prohibited from testing in a real environment! The reliability of the code is...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    Shennina

    Shennina

    Automating Host Exploitation with AI

    Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. Shennina scans a set of input targets for available network services, uses its AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 14
    Kubesploit

    Kubesploit

    Kubesploit is a cross-platform post-exploitation HTTP/2 Command

    Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 15
    ESP8266 Deauther Version 2

    ESP8266 Deauther Version 2

    Affordable WiFi hacking platform for testing and learning

    ...It is command-line based, which allows it to offer not just more features, but make them more customizable. This software allows you to easily perform a variety of actions to test 802.11 wireless networks by using an inexpensive ESP8266 WiFi SoC (System On A Chip). The main feature, the deauthentication attack, is used to disconnect devices from their WiFi network. No one seems to care about this huge vulnerability in the official 802.11 WiFi standard, so I took action and enabled everyone who has less than 10 USD to spare to recreate this project. ...
    Downloads: 29 This Week
    Last Update:
    See Project
  • 16
    BlackWidow

    BlackWidow

    Python web scanner for OSINT gathering and OWASP vulnerability fuzzing

    BlackWidow is a Python-based web application scanning tool designed to crawl target websites and collect open-source intelligence (OSINT) while identifying potential security vulnerabilities. It functions as a web spider that systematically explores a site to gather valuable information such as URLs, dynamic parameters, subdomains, email addresses, and phone numbers associated with the target domain. By automatically extracting this data, BlackWidow helps security professionals and...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    Firing Range

    Firing Range

    Firing Range is a test bed for web application security scanners

    Firing Range is an intentionally vulnerable web application designed to evaluate the real-world effectiveness of web security scanners and training exercises. Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18

    APIthet

    An Application to security test RESTful web APIs.

    APIthet is an application to security test RESTful web APIs. Assessing APIs help in detecting security vulnerabilities at an early stage of the SDLC. Compare this with assessing an Android application that uses APIs on a backend server. This kind of assessment happens at a much later phase of the SDLC. Even worse, it does not necessarily touch all the APIs. That's not all. You specify one of the JSON parameters as random. This helps set a unique value for a specific JSON parameter in...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19

    BidBase

    BidBase is a Bridge Game Bidding Database system.

    BidBase is a DLL which can be added to any bridge related program and will make a bid based on a bridge hand, prior bids, vulnerability, and scoring type (MPs, IMPs) Any bidding system or convention can be entered by means of 60 fields for describing hand criteria for making an entry's bid. Accompanying programs include a bidding practice program, database editor, hand/bidding simulator, hand valuation program, and HTML/text file creator/viewer for creating and reading documentation...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Sagacity

    Sagacity

    Security Assessment Data Management and Analysis Tool

    We have migrated development of Sagacity to GitHub at https://github.com/cyberperspectives/sagacity Sagacity is a vulnerability assessment and STIG compliance data management tool designed to make security testing more efficient, effective and complete. Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21

    Owasp Zap Live CD

    Owasp Zap Live CD

    A live CD, live DVD, or live disc is a complete bootable computer installation including operating system which runs in a computer's memory.This live CD contains the Owasp Zap vulnerability test solution, the OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    sqliv

    sqliv

    Massive SQL injection vulnerability scanner for automated web testing

    SQLiv is a command-line security tool designed to identify SQL injection vulnerabilities in web applications through automated scanning techniques. Written primarily in Python, the project focuses on discovering potentially vulnerable web pages by analyzing URLs that contain database query parameters. It can perform large-scale scanning by using search engine queries known as SQL injection dorks to collect candidate websites and then test them for vulnerabilities. In addition to bulk...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 23
    vbscan
    OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them. Why VBScan ? If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24

    Openvas Raspberry

    Turnkey image for the Raspberry Pi running Openvas 7

    OpenVAS is an open source remote security vulnerability scanner, designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 25

    L337 Scanner

    Vulnerability Scanner

    L337 Scanner is powerful vulnerability scanner.It has both community edition and professional edition. Community edition is free for all. Community edition has only sqli scanner. which means through community edition you can scan a target site for sql injection vulnerability or search google for sqli vulnerable site. Requirements : 1. Java 8 or higher (oracle recommanded) Rules : 1.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • Next
Auth0 Logo