Showing 69 open source projects for "sql vulnerability scanner"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • Custom VMs From 1 to 96 vCPUs With 99.95% Uptime Icon
    Custom VMs From 1 to 96 vCPUs With 99.95% Uptime

    General-purpose, compute-optimized, or GPU/TPU-accelerated. Built to your exact specs.

    Live migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
    Try Free
  • 1
    WPScan

    WPScan

    WPScan WordPress security scanner

    WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators.
    Downloads: 18 This Week
    Last Update:
    See Project
  • 2
    Nikto

    Nikto

    Web server vulnerability scanner for security assessments

    Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows.
    Downloads: 95 This Week
    Last Update:
    See Project
  • 3
    syft

    syft

    CLI tool and library for generating a Software Bill of Materials

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. ...
    Downloads: 45 This Week
    Last Update:
    See Project
  • 4
    grype

    grype

    A vulnerability scanner for container images and filesystems

    A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages.
    Downloads: 11 This Week
    Last Update:
    See Project
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 5
    Flan Scan

    Flan Scan

    A pretty sweet vulnerability scanner

    Flan Scan is a lightweight open-source network vulnerability scanner designed to make it easy to detect exposed services, open ports, and associated vulnerabilities across IP ranges or network segments as part of security audit and compliance workflows. It is essentially a thin wrapper around the widely-used Nmap scanner, augmenting it with scripts and tooling that transform raw Nmap output into vulnerability-focused reports that map detected services to known CVEs, making results more actionable for administrators and auditors. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 6
    Vuls

    Vuls

    Agentless vulnerability scanner for Linux/FreeBSD

    Vuls is open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc. Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog. Vuls v0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors. Remote scan mode is required to only setup one machine that is connected to other scan target servers via SSH.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 7
    Brakeman

    Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails app

    Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 8
    nuclei

    nuclei

    Fast and customizable vulnerability scanner based on simple YAML

    Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 300 security...
    Downloads: 56 This Week
    Last Update:
    See Project
  • 9
    tfsec

    tfsec

    Security scanner for your Terraform code

    tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take...
    Downloads: 2 This Week
    Last Update:
    See Project
  • Fully Managed MySQL, PostgreSQL, and SQL Server Icon
    Fully Managed MySQL, PostgreSQL, and SQL Server

    Automatic backups, patching, replication, and failover. Focus on your app, not your database.

    Cloud SQL handles your database ops end to end, so you can focus on your app.
    Try Free
  • 10
    garak

    garak

    The LLM vulnerability scanner

    garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 11
    Defending Code Reference Harness

    Defending Code Reference Harness

    Skills for threat modeling, scanning, triage, patching, etc.

    Defending Code Reference Harness is a reference implementation for autonomous vulnerability discovery and remediation with Claude. It is designed for security teams that want a structured way to test, triage, and patch software issues with agent support. The project includes skills for threat modeling, scanning, triage, patching, and customizable autonomous analysis workflows. Its default pipeline focuses on finding memory bugs in C and C++ code using ASAN as the crash detector. The overall...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 12
    Kubescape

    Kubescape

    Kubescape is an open-source Kubernetes security platform for your IDE

    An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise. Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kubernetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster. ...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 13
    SkillSpector

    SkillSpector

    Security scanner for AI agent skills

    SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 14
    reconFTW

    reconFTW

    Automated framework for domain reconnaissance and vulnerability scans.

    reconFTW is an open source automated reconnaissance framework created for security researchers, penetration testers, and bug bounty hunters. The tool streamlines the reconnaissance phase of security assessments by orchestrating numerous specialized tools to gather intelligence about a target domain. It performs multiple discovery and analysis tasks such as subdomain enumeration, OSINT collection, and vulnerability scanning in an automated workflow. The framework integrates many external...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 15
    Wfuzz

    Wfuzz

    Web application fuzzer

    Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web...
    Downloads: 21 This Week
    Last Update:
    See Project
  • 16
    Tsunami

    Tsunami

    Network security scanner for detecting severity vulnerabilities

    Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to react quickly in order to protect potentially vulnerable assets. As attackers increasingly invest in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    Wapiti

    Wapiti

    Wapiti is a web-application vulnerability scanner

    Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language.
    Downloads: 17 This Week
    Last Update:
    See Project
  • 18
    XRAY

    XRAY

    XRay for recon, mapping and OSINT gathering from public networks

    ...Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 19
    PC of Death
    PC of Death is a Windows vulnerability scanner. It's meant for Windows 10 & 11.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 20
    Coraza

    Coraza

    OWASP Coraza WAF is a golang modsecurity compatible firewall library

    ...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 21
    SafeUtils

    SafeUtils

    110+ developer tools as native MacOS, Linux & Windows desktop apps.

    Tools: https://safeutils.com/barcode-generator https://safeutils.com/color-picker https://safeutils.com/qr-code-generator https://safeutils.com/qr-code-scanner https://safeutils.com/word-counter https://safeutils.com/base-64-decoder https://safeutils.com/diff-checker https://safeutils.com/hex-to-ascii https://safeutils.com/json-formatter https://safeutils.com/lorem-ipsum-generator https://safeutils.com/random-generator https://safeutils.com/time-converter https://safeutils.com/...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    paramspider

    paramspider

    Mine parameterized URLs from web archives for security testing

    ...It helps security researchers, penetration testers, and bug bounty hunters collect potential attack surfaces by automatically gathering archived URLs related to a specific domain. Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 23
    Vision nmap's CPE to CVE conversor

    Vision nmap's CPE to CVE conversor

    Nmap's XML result parse and NVD's CPE correlation to search CVE.

    Nmap's XML result parse and NVD's CPE correlation to search CVE. https://github.com/CoolerVoid/Vision2
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24

    PHP mini vulnerability suite

    Multiple server/webapp vulnerability scanner

    github: https://github.com/samedog/phpmvs
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    BlackWidow

    BlackWidow

    Python web scanner for OSINT gathering and OWASP vulnerability fuzzing

    ...In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities.
    Downloads: 2 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • Next
Auth0 Logo