Search Results for "vulnerability web scanner"
Sort By:
Showing 93 open source projects for "vulnerability web scanner"
View related business solutions-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
1
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
2
Digna Web Scanner
A tool to check web apps for vulnerabilty
This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. ... -
3
WPScan
WPScan WordPress security scanner
WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators. -
4
syft
CLI tool and library for generating a Software Bill of Materials
CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. ... -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
5
grype
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages. -
6
Flan Scan
A pretty sweet vulnerability scanner
Flan Scan is a lightweight open-source network vulnerability scanner designed to make it easy to detect exposed services, open ports, and associated vulnerabilities across IP ranges or network segments as part of security audit and compliance workflows. It is essentially a thin wrapper around the widely-used Nmap scanner, augmenting it with scripts and tooling that transform raw Nmap output into vulnerability-focused reports that map detected services to known CVEs, making results more actionable for administrators and auditors. ... -
7
nuclei
Fast and customizable vulnerability scanner based on simple YAML
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 300 security... -
8
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails app
Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. -
9
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web... -
Application Monitoring That Won't Slow Your App DownFull APM with errors, performance, logs, and uptime monitoring. 99.999% uptime SLA on the platform itself.
-
10
Kubescape
Kubescape is an open-source Kubernetes security platform for your IDE
An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise. Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kubernetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster. ... -
11
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. ... -
12
Raccoon
High-performance reconnaissance and vulnerability scanning tool
Raccoon is a high-performance offensive security tool designed to assist with reconnaissance and vulnerability scanning during penetration testing and security assessments. It automates several common reconnaissance tasks, allowing security professionals to quickly gather information about a target system or web application. The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. ... -
13
Tsunami
Network security scanner for detecting severity vulnerabilities
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to react quickly in order to protect potentially vulnerable assets. As attackers increasingly invest in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. ... -
14
WhatWeb
Next generation web scanner
WhatWeb is a Ruby-based web scanner for fingerprinting websites. It identifies CMS, server technologies, JavaScript frameworks, and other characteristics by analyzing HTML, headers, JavaScript, cookies, and responses. Commonly used in reconnaissance and security assessments. -
15
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
16
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules.... -
17
Payloads All The Things
A list of useful payloads and bypass for Web Application Security
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares. -
18
OSINT Framework
OSINT Framework
OSINT-Framework is a web-based intelligence resource map designed to help investigators and researchers quickly locate free open-source intelligence tools and data sources. Rather than functioning as an automated scanner, it organizes hundreds of OSINT resources into a structured, navigable interface grouped by investigation type, such as usernames, email addresses, domains, and social media. -
19
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. -
20
ASN
Command line ASN lookup, network recon, and traceroute tool
asn is a multifunctional network investigation and OSINT command line tool designed for analyzing Autonomous System (ASN) and IP-related data. It provides a comprehensive set of capabilities for inspecting network infrastructure, routing information, and security signals associated with IP addresses, hostnames, prefixes, and organizations. It aggregates data from multiple external services to present detailed information such as BGP statistics, RPKI validation status, IP reputation,... -
21
discover
Automation framework for reconnaissance and penetration testing tasks
Discover is a collection of custom Bash scripts designed to automate many common tasks involved in penetration testing workflows. The project brings together a variety of security testing functions into a single framework that simplifies reconnaissance, scanning, and enumeration processes. It provides a menu-driven interface that allows security professionals to quickly launch different tools and scripts without manually executing each command. The framework helps streamline activities such... -
22
Inventory
Asset inventory dataset for public bug bounty program targets
Trickest Inventory is an open source dataset and workflow collection designed to provide an extensive asset inventory for public bug bounty programs. The repository tracks and organizes security-relevant assets for more than 800 companies participating in public vulnerability disclosure and bug bounty initiatives. It collects information such as DNS records and web server data, helping security researchers better understand the attack surface of these programs. It aims to streamline reconnaissance for bug bounty hunters by providing ready-to-use asset information so researchers can quickly begin testing new targets. ... -
23
BBOT
The recursive internet scanner for hackers
BBOT is an advanced open-source reconnaissance automation framework designed to streamline large-scale OSINT and attack surface discovery workflows. It operates as a modular and recursive scanning tool that can enumerate subdomains, perform port scans, gather metadata, and collect web intelligence through a unified command-line interface. The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying... -
24
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
25
PhoneInfoga
Information gathering framework for phone numbers
PhoneInfoga is an open-source intelligence framework focused on gathering and analyzing information related to international phone numbers. The tool aggregates data from multiple scanners and external services to provide contextual intelligence such as country, carrier, line type, and potential VoIP provider details. It is designed primarily for investigators, analysts, and security researchers who need structured phone-number reconnaissance rather than real-time tracking. PhoneInfoga...
