#Vulnerability-assessment
Showing 60 of 88 repositories tagged #vulnerability-assessment, ranked by stars
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. π₯ Also check: https://hackertraining.org
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
the LLM vulnerability scanner
Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks, file stealing, host zombification, and supports custom attack scripts.
This repository contains the scanner component for Greenbone Community Edition.
Advanced vulnerability scanning with Nmap NSE
A high performance offensive security tool for reconnaissance and vulnerability scanning
ε·‘ι£ζ―δΈζ¬Ύιη¨δΊδΌδΈε η½ηζΌζ΄εΏ«ιεΊζ₯οΌε·‘θͺζ«ζη³»η»γ
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
vulnx π·οΈ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
:new: The Multi-Tool Web Vulnerability Scanner.
X Attacker Tool β£ Website Vulnerability Scanner & Auto Exploiter
Collection of the most common vulnerabilities found in iOS applications
AI-powered penetration testing assistant for automating recon, note-taking, and vulnerability analysis.
Official DedSec Project GitHub Repository
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Detect, analyze and uniquely identify crashes in Windows applications
Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
A script for credentials-based attack surface enumeration and general reconnaissance of massive networks
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data, storage, and permissions effortlessly. Boost security skills with essential tools and user-friendly guides. Elevate Android security seamlessly!
NERVE Continuous Vulnerability Scanner
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration.
Turn any LLM into an autonomous pentester. You define the scope, the agent does the work, you review the findings.
Greenbone Security Assistant - The web frontend for the Greenbone Community Edition
AI/ML/LLM Penetration Testing Toolkit by Mr-Infect β the #1 GitHub resource for AI security, red teaming, and adversarial ML techniques. This repository is dedicated to offensive and defensive security for cutting-edge AI, Machine Learning (ML), and Large Language Models (LLMs) like ChatGPT, Claude, and LLaMA.
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
Vulnerable Banking Suite
DevGuard Backend - Secure your Software Supply Chain - Attestation-based compliance as Code, manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy - OWASP Incubating Project
π Vulnerability remediation scoring system
Advanced web server fingerprinting for Nmap
A curated list of awesome LLM Red Teaming training, resources, and tools.
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Vulnerable NodeJS Web Application
A modular tool to search for known vulnerabilities, exploits and more across various data sources
Sifter - All purpose penetration testing op-center
137+ TryHackMe walkthroughs covering web exploitation, privilege escalation, CVE analysis, container escapes, and AI/LLM security. Beginner to intermediate.
Secrets Find0r is a multithreaded SMB share crawler that hunts for exposed credentials and secrets across Windows networks. It enumerates shares, recursively scans files with regex/keyword rules, highlights matched tokens on screen, and exports clean ASCII tables. Supports DOCX/PDF/legacy Office and depth limits.
Install open-source software from source to focus on Zero Trust Network principles, enhancing security for existing applications, and deploying tools for threat detection and prevention.
A Windows CIS benchmark policy compliance auditor
fsp - Firestore Database Vulnerability Scanner Using APKs
Kali Linux penetration testing skill for AI agents (Claude Code, OpenClaw, Hermes Agent). 200+ CLI tools, 15 scenario playbooks. Autonomously plans attack paths, selects tools, and integrates results across phases to adapt the penetration strategy β with human approval gates for high-risk actions.
Microsoft Azure Exploitation Framework
X Attacker Tool β£ Website Vulnerability Scanner & Auto Exploiter
24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing, storage audit, IDOR detection, and comprehensive reporting. Works with Claude Code, Cursor, Windsurf, and 30+ AI agents.
Advanced mobile security research platform for authorized testing and educational purposes
A USB-based script for Ethical hacking with multiple attacks
PowerShell-based Windows Server Security Audit Engine by Cyb3rint3l Labs. Measures alignment with the NIS2 directive and maps findings to MITRE ATT&CK tactics & CIS Controls v8 practices. Generates interactive HTML dashboards & structured JSON datasets.
This project equips Claude Code with advanced binary analysis capabilities for tasks such as incident response, malware investigation, and vulnerability assessment
TimeVault is a specialized automated tool designed to detect potential information disclosure vulnerabilities in web applications by leveraging archived URLs from the Wayback Machine.
The VAPT Toolkit provides a streamlined way to install, configure, and maintain a complete penetration testing environment with 50+ security tools and custom automation frameworks organized across multiple categories.
Sploit -- All-in-one, AI-powered cybersecurity toolkit for web, network, and phishing tests. Modular, cross-platform, Docker-ready, with GUI & CLI. Open source by AUX-441 Team.
Scan your web apps for vulnerabilities, misconfigurations, and other security issues with the Pentest-Tools.com command-line program.