Search Results for "vulnerability"
Sort By:
66 projects for "vulnerability" with 2 filters applied:
-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
1
Vuls
Agentless vulnerability scanner for Linux/FreeBSD
Vuls is open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc. Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog. Vuls v0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors. Remote scan mode is required to only setup one machine that is connected to other scan target servers via SSH. -
2
Flan Scan
A pretty sweet vulnerability scanner
Flan Scan is a lightweight open-source network vulnerability scanner designed to make it easy to detect exposed services, open ports, and associated vulnerabilities across IP ranges or network segments as part of security audit and compliance workflows. It is essentially a thin wrapper around the widely-used Nmap scanner, augmenting it with scripts and tooling that transform raw Nmap output into vulnerability-focused reports that map detected services to known CVEs, making results more actionable for administrators and auditors. ... -
3
Raccoon
High-performance reconnaissance and vulnerability scanning tool
Raccoon is a high-performance offensive security tool designed to assist with reconnaissance and vulnerability scanning during penetration testing and security assessments. It automates several common reconnaissance tasks, allowing security professionals to quickly gather information about a target system or web application. The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. ... -
4
secator
Automated framework for running pentesting tools and workflows
...It acts as a centralized automation platform that helps security professionals run tasks, workflows, and scans more efficiently from a single command-line interface. It supports dozens of established security tools and organizes them into structured workflows, enabling users to perform complex reconnaissance and vulnerability discovery processes with minimal manual effort. By standardizing input parameters and output formats across different tools, Secator simplifies how results are collected and processed during security testing. Secator is built to improve productivity for penetration testers, bug bounty hunters, and security researchers who frequently chain multiple tools together during assessments. -
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
5
Metabigor
Command-line OSINT and reconnaissance tool without API keys
...Metabigor integrates multiple public data sources such as certificate transparency logs, BGP routing data, reverse WHOIS services, and IP intelligence databases to help map digital infrastructure. It can also enrich IP information with service, port, and vulnerability data using Shodan InternetDB while remaining accessible without authentication keys. In addition, it provides utilities that coordinate network scanning workflows by acting as a wrapper for tools like rustscan, masscan, and nmap. -
6
RedAmon
AI-powered framework for automated penetration testing and red teaming
RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting... -
7
ASN
Command line ASN lookup, network recon, and traceroute tool
asn is a multifunctional network investigation and OSINT command line tool designed for analyzing Autonomous System (ASN) and IP-related data. It provides a comprehensive set of capabilities for inspecting network infrastructure, routing information, and security signals associated with IP addresses, hostnames, prefixes, and organizations. It aggregates data from multiple external services to present detailed information such as BGP statistics, RPKI validation status, IP reputation,... -
8
Inventory
Asset inventory dataset for public bug bounty program targets
Trickest Inventory is an open source dataset and workflow collection designed to provide an extensive asset inventory for public bug bounty programs. The repository tracks and organizes security-relevant assets for more than 800 companies participating in public vulnerability disclosure and bug bounty initiatives. It collects information such as DNS records and web server data, helping security researchers better understand the attack surface of these programs. It aims to streamline reconnaissance for bug bounty hunters by providing ready-to-use asset information so researchers can quickly begin testing new targets. ... -
9
XRAY
XRay for recon, mapping and OSINT gathering from public networks
...It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
lynis
Security auditing tool for Linux, macOS, and UNIX-based system
...Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g. PCI, HIPAA, SOx), penetration testing, vulnerability detection, and system hardening. Test that Docker image, or improve the hardening of your deployed web application. Run daily health scans to discover new weaknesses. Show colleagues or clients what can be done to improve security. Discover security weaknesses on systems of your clients, that may eventually result in system compromise. ... -
11
SkillSpector
Security scanner for AI agent skills
SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git... -
12
deepsec
Deepsec is a security harness for finding vulnerabilities
deepsec is an agent-powered security harness for finding vulnerabilities in large codebases. It is designed to run on the user’s own infrastructure, using coding agents to perform deep, project-aware security review rather than only basic pattern matching. The tool initializes a project-specific security context, scans code in batches, processes findings, and can optionally revalidate results to reduce false positives. For large repositories, it supports parallel work across worker machines... -
13
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. Command line integration is available with Ant and Maven. Can be used with systems such as Jenkins and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. -
14
discover
Automation framework for reconnaissance and penetration testing tasks
Discover is a collection of custom Bash scripts designed to automate many common tasks involved in penetration testing workflows. The project brings together a variety of security testing functions into a single framework that simplifies reconnaissance, scanning, and enumeration processes. It provides a menu-driven interface that allows security professionals to quickly launch different tools and scripts without manually executing each command. The framework helps streamline activities such... -
15
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
16
paramspider
Mine parameterized URLs from web archives for security testing
...It helps security researchers, penetration testers, and bug bounty hunters collect potential attack surfaces by automatically gathering archived URLs related to a specific domain. Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. ... -
17
Shennina
Automating Host Exploitation with AI
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. Shennina scans a set of input targets for available network services, uses its AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets. ... -
18
Hakrawler
Fast Go web crawler for discovering URLs and web app endpoints
...It accepts URLs through standard input, making it easy to integrate into command-line pipelines with other security tools. This workflow enables researchers to combine it with subdomain enumeration, HTTP probing, and vulnerability scanning utilities to automate reconnaissance processes. hakrawler can follow links within a website and optionally include subdomains. -
19
Kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is... -
20
PHP mini vulnerability suite
Multiple server/webapp vulnerability scanner
github: https://github.com/samedog/phpmvs -
21
AttackSurfaceMapper
Automated tool for mapping & expanding organization’s attack surface
AttackSurfaceMapper (ASM) is a reconnaissance and attack surface discovery tool designed to automate the process of mapping potential targets within an organization's infrastructure. It combines open source intelligence (OSINT) with selective active reconnaissance techniques to expand and analyze a target’s external attack surface. Users can supply domains, subdomains, or IP addresses as input, and applies multiple discovery methods to identify additional related assets such as new... -
22
Sploitware
Vulnerability analytics
Sploitware is a curated repository that maps the world of exploit development, offensive security, and binary exploitation into organized learning material. It brings together links to tutorials, tools, writeups, and CTF resources so that security learners don’t have to hunt across the internet for a coherent path. The focus is on practical exploitation skills: understanding memory corruption, reverse engineering, shellcode, privilege escalation, and platform specifics. By being a single,... -
23
Firing Range
Firing Range is a test bed for web application security scanners
Firing Range is an intentionally vulnerable web application designed to evaluate the real-world effectiveness of web security scanners and training exercises. Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. Each scenario is crafted to reflect how bugs appear in production—behind frameworks, in odd encodings, or across redirects—so scanners must demonstrate accurate crawling and context understanding. ... -
24
AlienVault OSSIM
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich... -
25
Lynis
System/security auditing tool for hardening and securing Linux/Unix
...Beside security related information it will also scan for general system information, installed packages and possible configuration errors. This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd). Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits, by automation of control testing. Extended support for companies is available
