Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with vulnerability-scanner

A curated list of projects in awesome lists tagged with vulnerability-scanner .

https://github.com/projectdiscovery/nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner dast hacktoberfest nuclei-engine security security-scanner subdomain-takeover vulnerability-assessment vulnerability-detection vulnerability-scanner

Last synced: 12 May 2025

https://github.com/chaitin/xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

passive-vulnerability-scanner poc security sqlinjection vulnerability vulnerability-scanner xss

Last synced: 27 Mar 2025

https://github.com/google/osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

scanner security-audit security-tools vulnerability-scanner

Last synced: 13 May 2025

https://github.com/zan8in/afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

afrog bug-bounty penetration-testing pentest poc red-teaming vulnerability-scanner vulnerability-scanning-tools

Last synced: 13 May 2025

https://github.com/almandin/fuxploider

File upload vulnerability scanner and exploitation tool.

detection exploitation pentesting python3 takeover vulnerability-scanner

Last synced: 15 May 2025

https://github.com/tr0uble-maker/poc-bomber

利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

cve exp getshell poc poc-bomber rce redteam vulnerability-scanner

Last synced: 15 May 2025

https://github.com/tr0uble-mAker/POC-bomber

利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

cve exp getshell poc poc-bomber rce redteam vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/megamansec/ssh-snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 15 May 2025

https://github.com/xyntax/poc-t

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

exploitation pentesting vulnerability-scanner

Last synced: 15 May 2025

https://github.com/Xyntax/POC-T

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

exploitation pentesting vulnerability-scanner

Last synced: 30 Mar 2025

https://github.com/wagiro/burpbounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 02 Apr 2025

https://github.com/wagiro/BurpBounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

bug-bounty bugbounty burp-extensions burpsuite vulnerability-detection vulnerability-scanner

Last synced: 30 Mar 2025

https://github.com/dwisiswant0/crlfuzz

A fast tool to scan CRLF vulnerability written in Go

crlf-injection go golang vulnerability-scanner vulnerability-scanning

Last synced: 14 May 2025

https://github.com/MegaManSec/SSH-Snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 11 Apr 2025

https://github.com/rub-nds/terrapin-scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

attack cryptography ssh vulnerability vulnerability-scanner

Last synced: 16 May 2025

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 07 Apr 2025

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 12 Apr 2025

https://github.com/mergebase/log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

cve-2021-44228 cve-2021-45046 cve-2021-45105 cybersecurity detector log4j log4shell pentest sca scanner vulnerability-scanner

Last synced: 20 Nov 2024

https://github.com/CERT-Polska/Artemis

A modular vulnerability scanner with automatic report generation capabilities.

artemis pentesting security security-scanner security-tools vulnerability-detection vulnerability-scanner web-scanner

Last synced: 18 Jan 2025

https://github.com/chushuai/wscan

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

cel-go chromedp crawler headless martian passive-vulnerability-scanner poc sql-injection subdomains testwaf vulnerability-scanner waf webscan wscan xss

Last synced: 21 Nov 2024

https://github.com/zt2/sqli-hunter

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

detection exploitation pentesting ruby sql-injection sqlmap vulnerability-scanner

Last synced: 02 Apr 2025

https://github.com/yhy0/chying

承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能

bbscan burpsuite dirsearch golang jwt swagger vulnerability-scanner wails web-vulnerability-scanners

Last synced: 06 Apr 2025

https://github.com/yhy0/ChYing

承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能

bbscan burpsuite dirsearch golang jwt swagger vulnerability-scanner wails web-vulnerability-scanners

Last synced: 02 Jan 2025

https://github.com/M4DM0e/BadMod

CMS auto detect and exploit.

cms-detection exploitation hacking vulnerability-scanner

Last synced: 26 Mar 2025

https://github.com/trailofbits/it-depends

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

dependency-analysis dependency-graph hacktoberfest hacktoberfest2021 sbom sbom-generator vulnerability-scanner

Last synced: 15 May 2025

https://github.com/enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

php security security-scanner vulnerability-scanner vulnerability-scanning

Last synced: 15 May 2025

https://github.com/jjf012/gopoc

用cel-go重现了长亭xray的poc检测功能的轮子

poc proof-of-concept security-testing vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/madhavmehndiratta/dorkScanner

A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.

bing-dorking dork-scanner ethical-hacking google-dorking google-dorks hacking-tools kali-linux search-engines security vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/aquasecurity/harbor-scanner-trivy

Use Trivy as a plug-in vulnerability scanner in the Harbor registry

harbor harbor-pluggable-scanners harbor-registry scanner-adapter trivy vulnerability-scanner

Last synced: 20 Nov 2024

https://github.com/ethicalhackingplayground/erebus

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

erebus-engine parameter-testing vulnerability-assessment vulnerability-detection vulnerability-scanner

Last synced: 15 Apr 2025

https://github.com/4ra1n/poc-runner

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 可执行文件体积仅 2 MB

poc security vulnerability vulnerability-detection vulnerability-scanner web-security web-vulnerability-scanner

Last synced: 18 Apr 2025

https://github.com/tigthor/neural-network-hacking

Hacking the Singularity. Deep learning hacking. Weaponizing AI in Offensive security

ai automation bug-hunting bugbounty hacking machine-learning neural-network neural-networks vulnerability-scanner

Last synced: 15 Apr 2025

https://github.com/OWASP/www-project-zap

OWASP Zed Attack Proxy project landing page.

appsec appsec-testing owasp vulnerability-assessment vulnerability-scanner zap

Last synced: 15 Apr 2025

https://github.com/libellux/libellux-up-and-running

Install open-source software from source to focus on Zero Trust Network principles, enhancing security for existing applications, and deploying tools for threat detection and prevention.

access-control antivirus hacktoberfest hids intrusion-detection intrusion-prevention logging monitoring security two-factor-authentication virtual-private-network vulnerability-assessment vulnerability-scanner zero-trust-network

Last synced: 18 Feb 2025

https://github.com/contrast-security-oss/safelog4j

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

iast java log4j log4shell rasp security security-testing vulnerability vulnerability-scanner

Last synced: 26 Jan 2025

https://github.com/taythebot/archer

Distributed network and vulnerability scanner

bug-bounty hacking httpx infosec masscan nuclei scanner security-tools vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/enlightn/laravel-security-checker

Scan your Laravel app dependencies for known security vulnerabilities.

laravel security vulnerability-scanner

Last synced: 12 Feb 2025

https://github.com/Contrast-Security-OSS/safelog4j

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

iast java log4j log4shell rasp security security-testing vulnerability vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/anchore/harbor-scanner-adapter

Harbor Scanner Adapter for Anchore Engine and Enterprise

docker harbor vulnerabilities vulnerability-scanner

Last synced: 23 Apr 2025

https://github.com/aquasecurity/harbor-scanner-aqua

Aqua Enterprise scanner as a plug-in vulnerability scanner in the Harbor registry

aqua-csp-scanner aqua-scanner harbor harbor-registry vulnerability-scanner

Last synced: 20 Nov 2024

https://github.com/darvid/nessusbeat

A Beat that monitors a local Nessus reports directory and outputs scan results to Elasticsearch or Logstash.

beat beats elasticbeats elasticsearch logstash nessus vulnerability-assessment vulnerability-scanner vulnerability-scanning

Last synced: 07 May 2025

https://github.com/krishpranav/vuln-scanner-flask

A flask web app made for scanning vulnerabilites on a website, network exploitation, reconnaissance

flask network network-exploitation python python3 reconnaissance reconnaissance-framework vulnerability vulnerability-scanner vulnerability-scanners

Last synced: 15 Apr 2025

https://github.com/alcideio/pipeline

Alcide Kubernetes Advisor ... Cluster Hygiene & Security Scanner - Pipeline Integration

aks argo argocd azure circleci eks github-action gitlab-ci gke google-cloud-build jenkins kubernetes security security-audit travis travis-ci vulnerability-scanner

Last synced: 16 Apr 2025

https://github.com/AvalZ/RevOK

An HTTP Response fuzzer to find Vulnerabilities in Security Scanners

exploitation-framework vulnerability-scanner web-security-research

Last synced: 18 Jan 2025

https://github.com/sergio11/eclipserecon

EclipseRecon is a stealthy web reconnaissance tool for uncovering hidden vulnerabilities, subdomains, and site structures. 🕵️‍♂️🔍 It empowers security professionals to identify critical attack surfaces with precision, ensuring proactive defense. 🚨💻

blue-team bug-bounty cybersecurity ethical-hacking information-gathering owasp penetration-testing reconnaissance red-team scan-tools security security-analysis security-reporting security-tools subdomain-scanner vulnerability vulnerability-scanner web-application-security web-crawler web-security

Last synced: 02 Apr 2025

https://github.com/securestackco/actions-code

A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).

deployment deployment-automation deployment-pipeline devsecops github-actions security security-automation security-tools software-composition-analysis vulnerability-detection vulnerability-scanner

Last synced: 04 Dec 2024

https://github.com/miikka/clj-nvd

Scan your deps.edn dependencies for known vulnerabilities

clojure dependencies vulnerability-scanner

Last synced: 16 Jan 2025

https://github.com/securestackco/actions-log4j

A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

devsecops github-actions java java-vulnerability java8 jre log4j log4j-rce log4j2 log4js log4shell scanning security security-automation security-tools software-composition-analysis static-analysis vulnerabilities vulnerability-assessment vulnerability-scanner

Last synced: 04 Dec 2024

https://github.com/ffx64/wprecon

WRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.

golang scanner security-tools vulnerability-scanner wordpress wprecon

Last synced: 06 Dec 2024

https://github.com/vrikodar/jitterbug

JitterBug passively searches for Basic Info, open ports, potential CVE's on the given Target IP in third party databases without Direct interaction with the target

cve-scanning cve-search dialog information-gathering ip-info jitterbug osint-tool passive-check passive-info passive-vulnerability-scanner portscanner vulnerability-scanner vulnerability-scanning

Last synced: 13 Apr 2025

https://github.com/paulveillard/cybersecurity-dynamic-analysis

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines and technical resources and most important dynamic application security testing (DAST)

dast dynamic-analysis dynamic-analysis-engines sast static-analysis vulnerabilities vulnerability-assessment vulnerability-identification vulnerability-management vulnerability-scanner vulnerability-scanners

Last synced: 28 Mar 2025

https://github.com/hansmach1ne/pvulnz

Helper tool for PHP static code analysis

php-functions php-source vulnerability-detection vulnerability-scanner

Last synced: 21 Nov 2024

https://github.com/swirrl/nvd-clojure-gh-action

Automated Github Action to automate scanning of Clojure projects for known vulnerabilities in the National Vulnerability Database

clojure github-action nvd security security-audit vulnerability vulnerability-scanner

Last synced: 28 Feb 2025

https://github.com/pfichtner/log4shell-hunter

Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.

cve-2021-44228 cve-2021-45046 cve-2021-45105 java log4j log4j-rce log4shell scanner vulnerability-scanner

Last synced: 23 Nov 2024

https://github.com/pradeepjairamani/cms_striker

Automated Penetration Testing Framework for Content Management Systems

cms python python2 python3 vulnerability-scanner

Last synced: 19 Dec 2024