#Security-scanner

Showing 60 of 127 repositories tagged #security-scanner, ranked by stars

projectdiscovery
projectdiscovery
nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Score
100
★ 29.6k ⑂ 3.5k +47/day
Go
CISOfy
CISOfy
lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Score
100
★ 15.9k ⑂ 1.6k +28/day
Shell
zaproxy
zaproxy
zaproxy

The ZAP by Checkmarx Core project

Score
100
★ 15.4k ⑂ 2.6k +3/day
Java
future-architect
future-architect
vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Score
92
★ 12.2k ⑂ 1.2k +1/day
Go
wpscanteam
wpscanteam
wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Score
99
★ 9.7k ⑂ 1.3k +1/day
Ruby
PyCQA
PyCQA
bandit

Bandit is a tool designed to find common security issues in Python code.

Score
100
★ 8.2k ⑂ 792 +9/day
Python
jakejarvis
jakejarvis
awesome-shodan-queries

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Score
88
★ 7.6k ⑂ 1.0k +14/day
lintsinghua
lintsinghua
DeepAudit

DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。​让安全不再昂贵,让审计不再复杂。

Score
75
★ 6.6k ⑂ 814 +31/day
Python
GhostTroops
GhostTroops
scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Score
69
★ 6.1k ⑂ 716
Go
k8gege
k8gege
Ladon

Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

Score
85
★ 5.3k ⑂ 881
C#
scipag
scipag
vulscan

Advanced vulnerability scanning with Nmap NSE

Score
94
★ 3.8k ⑂ 696 +2/day
Lua
evyatarmeged
evyatarmeged
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Score
98
★ 3.8k ⑂ 473 +28/day
Python
webhintio
webhintio
hint

💡 A hinting engine for the web

Score
80
★ 3.7k ⑂ 818
TypeScript
zegl
zegl
kube-score

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

Score
85
★ 3.1k ⑂ 197
Go
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
95
★ 2.7k ⑂ 141 +2/day
Go
ajinabraham
ajinabraham
nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

Score
87
★ 2.6k ⑂ 346 +2/day
CSS
kpcyrd
kpcyrd
sn0int

Semi-automatic OSINT framework and package manager

Score
0
★ 2.5k ⑂ 222 +2/day
Rust
codingo
codingo
Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Score
72
★ 2.2k ⑂ 454 +2/day
Python
skavngr
skavngr
rapidscan

:new: The Multi-Tool Web Vulnerability Scanner.

Score
71
★ 2.1k ⑂ 433 +26/day
Python
adysec
adysec
nuclei_poc

Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC

Score
97
★ 2.1k ⑂ 474 +1/day
doyensec
doyensec
inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Score
91
★ 1.8k ⑂ 188 +4/day
Kotlin
Moham3dRiahi
Moham3dRiahi
XAttacker

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Score
70
★ 1.7k ⑂ 473 +1/day
Perl
Adminisme
Adminisme
ServerScan

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

Score
54
★ 1.6k ⑂ 211 +2/day
Go
BishopFox
BishopFox
GitGot

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Score
64
★ 1.6k ⑂ 217
Python
ztgrace
ztgrace
changeme

A default credential scanner.

Score
65
★ 1.5k ⑂ 254 +2/day
Python
fkie-cad
fkie-cad
cwe_checker

cwe_checker finds vulnerable patterns in binary executables

Score
60
★ 1.3k ⑂ 141
Rust
denji
denji
golang-tls

Simple Golang HTTPS/TLS Examples

Score
46
★ 1.3k ⑂ 159
bitquark
bitquark
shortscan

An IIS short filename enumeration tool

Score
59
★ 1.2k ⑂ 115 +2/day
Go
semgrep
semgrep
semgrep-rules

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Score
92
★ 1.2k ⑂ 558
HCL
Hackmanit
Hackmanit
Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Score
86
★ 1.2k ⑂ 161 +2/day
Go
CERT-Polska
CERT-Polska
Artemis

A modular vulnerability scanner with automatic report generation capabilities.

Score
90
★ 1.2k ⑂ 140
Python
protofire
protofire
solhint

Solhint is an open-source project to provide a linting utility for Solidity code.

Score
100
★ 1.1k ⑂ 198 +1/day
JavaScript
bloodzer0
bloodzer0
ossa

Open-Source Security Architecture | 开源安全架构

Score
58
★ 942 ⑂ 217
zaproxy
zaproxy
zap-extensions

ZAP Add-ons

Score
93
★ 934 ⑂ 796
HTML
CaringCaribou
CaringCaribou
caringcaribou

A friendly car security exploration tool for the CAN bus

Score
50
★ 926 ⑂ 227 +1/day
Python
Legit-Labs
Legit-Labs
legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

Score
31
★ 875 ⑂ 78
Go
octarinesec
octarinesec
kube-scan

kube-scan: Octarine k8s cluster risk assessment tool

Score
23
★ 803 ⑂ 107
Go
vigolium
vigolium
vigolium

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

Score
77
★ 766 ⑂ 120 +8/day
Go
toby-bridges
toby-bridges
api-relay-audit

Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.

Score
25
★ 748 ⑂ 72 +10/day
Python
olacabs
olacabs
jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Score
56
★ 741 ⑂ 164
Java
appvia
appvia
krane

Kubernetes RBAC static analysis & visualisation tool

Score
77
★ 740 ⑂ 34
Ruby
Patrowl
Patrowl
PatrowlManager

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Score
100
★ 637 ⑂ 112
HTML
Ostorlab
Ostorlab
oxo

OXO is a security scanning orchestrator for the modern age.

Score
84
★ 573 ⑂ 60
Python
insidersec
insidersec
insider

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Score
0
★ 552 ⑂ 80
Go
0x4D31
0x4D31
burpa

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Score
50
★ 535 ⑂ 116
Python
ByCh4n
ByCh4n
BCHackTool

🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.

Score
76
★ 531 ⑂ 88 +1/day
Shell
godaddy
godaddy
tartufo

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Score
81
★ 514 ⑂ 71
Python
boostsecurityio
boostsecurityio
poutine

poutine, a supply chain vulnerability scanner for build pipelines

Score
62
★ 489 ⑂ 40 +2/day
Go
johnnyxmas
johnnyxmas
ScanCannon

A script for credentials-based attack surface enumeration and general reconnaissance of massive networks

Score
83
★ 478 ⑂ 76 +2/day
Shell
enkomio
enkomio
Taipan

Web application vulnerability scanner

Score
47
★ 463 ⑂ 91
codexstar69
codexstar69
bug-hunter

Adversarial AI bug hunter with auto-fix skill for Claude Code, Cursor, Codex CLI, GitHub Copilot CLI, Kiro CLI, Opencode, Pi Coding Agent, and more. Multi-agent pipeline finds security vulnerabilities, logic errors, and runtime bugs — then fixes them autonomously on a safe branch.

Score
86
★ 454 ⑂ 52 +3/day
JavaScript
hahwul
hahwul
authz0

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

Score
79
★ 429 ⑂ 55
Go
SUPERAndroidAnalyzer
SUPERAndroidAnalyzer
super

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Score
44
★ 428 ⑂ 58
Rust
Charlie-belmer
Charlie-belmer
nosqli

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Score
41
★ 409 ⑂ 44
Go
dootss
dootss
shodan-dorks

An auto-updating list of shodan dorks with info on the amount of results they return!

Score
78
★ 400 ⑂ 57 +1/day
rfc-st
rfc-st
humble

A humble and fast security-oriented HTTP headers analyzer.

Score
0
★ 371 ⑂ 31 +1/day
Python
mercedes-benz
mercedes-benz
sechub

SecHub provides a central API to test software with different security tools.

Score
69
★ 353 ⑂ 80
Java
geeksonsecurity
geeksonsecurity
vuln-web-apps

A curated list of vulnerable web applications.

Score
40
★ 348 ⑂ 72
palkeo
palkeo
pakala

Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine

Score
36
★ 343 ⑂ 26
Python
enlightn
enlightn
security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Score
35
★ 339 ⑂ 26
PHP
Related Topics
#security#security-tools#security-audit#vulnerability-scanners#vulnerability-scanner#security-automation#vulnerability-detection#penetration-testing#vulnerability-assessment#scanner#hacking#golang

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly