#Security-scanner
Showing 60 of 127 repositories tagged #security-scanner, ranked by stars
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
The ZAP by Checkmarx Core project
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
Bandit is a tool designed to find common security issues in Python code.
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。让安全不再昂贵,让审计不再复杂。
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
Advanced vulnerability scanning with Nmap NSE
A high performance offensive security tool for reconnaissance and vulnerability scanning
💡 A hinting engine for the web
Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
nodejsscan is a static security code scanner for Node.js applications.
Semi-automatic OSINT framework and package manager
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
:new: The Multi-Tool Web Vulnerability Scanner.
Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
A default credential scanner.
cwe_checker finds vulnerable patterns in binary executables
Simple Golang HTTPS/TLS Examples
An IIS short filename enumeration tool
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
A modular vulnerability scanner with automatic report generation capabilities.
Solhint is an open-source project to provide a linting utility for Solidity code.
Open-Source Security Architecture | 开源安全架构
ZAP Add-ons
A friendly car security exploration tool for the CAN bus
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
kube-scan: Octarine k8s cluster risk assessment tool
Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision
Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Kubernetes RBAC static analysis & visualisation tool
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
OXO is a security scanning orchestrator for the modern age.
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
poutine, a supply chain vulnerability scanner for build pipelines
A script for credentials-based attack surface enumeration and general reconnaissance of massive networks
Web application vulnerability scanner
Adversarial AI bug hunter with auto-fix skill for Claude Code, Cursor, Codex CLI, GitHub Copilot CLI, Kiro CLI, Opencode, Pi Coding Agent, and more. Multi-agent pipeline finds security vulnerabilities, logic errors, and runtime bugs — then fixes them autonomously on a safe branch.
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Secure, Unified, Powerful and Extensible Rust Android Analyzer
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
An auto-updating list of shodan dorks with info on the amount of results they return!
A humble and fast security-oriented HTTP headers analyzer.
SecHub provides a central API to test software with different security tools.
A curated list of vulnerable web applications.
Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.