#Vulnerability-management
Showing 58 of 58 repositories tagged #vulnerability-management, ranked by stars
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. π₯ Also check: https://hackertraining.org
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Open Source Vulnerability Management Platform
Open device management
Open Source Cloud Native Application Protection Platform (CNAPP)
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
This repository contains the scanner component for Greenbone Community Edition.
Tools and Techniques for Blue Team / Incident Response
Open source vulnerability DB and triage service.
Vulnerability Intelligence Platform
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
:new: The Multi-Tool Web Vulnerability Scanner.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
π§΅ CLI tool for directly patching container images!
GUAC aggregates software security metadata into a high fidelity graph database.
75k+ WordPress Nuclei templates, updated daily from Wordfence intelβfilter by severity/tags/CVE and scan in one line. ππ
Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs β CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more.
Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling endβtoβend engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AIβassisted summaries, it delivers faster, more structured, and highβquality security assessments.
Open source templates you can use to bootstrap your security programs
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Easy automated vulnerability scanning, reporting and analysis
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Pentesting automation platform that combines hacking tools to complete assessments
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Public Roadmap | huntr.dev
Greenbone Security Assistant - The web frontend for the Greenbone Community Edition
Hourly updated database of exploit and exploitation reports
Greenbone Vulnerability Management Docker Image with OpenVAS
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX β covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
DevGuard Backend - Secure your Software Supply Chain - Attestation-based compliance as Code, manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Security Framework Documentation made easy - OWASP Incubating Project
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
π‘οΈ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Google Gemini insights, all on an interactive dashboard
List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
A collection of my quick and dirty scripts for vulnerability POC and detections
Unified Vulnerability Intelligence Platform
Program to perform vulnerability analysis and automatically generate a report
Agent-assisted maintainership and development framework for Apache projects β Triage and Drafting (agent-authored fixes with human review); Mentoring, Pairing (developer-side dev-cycle), and Auto-merge on the roadmap.
Hack23 Public Information Security Management System:Security Through Transparency and Open Documentation Demonstrating Security Excellence Through Public ISMS Disclosure
A collection of awesome software, libraries, learning tutorials, documents and books, technical resources and cool stuff about Blue Team in Cybersecurity.
Faraday's Command Line Interface
Deepfence Runtime API & code samples
Curated resources for the EU Cyber Resilience Act (Regulation 2024/2847): regulation, harmonised standards, EUCC, SBOM, vulnerability management, conformity assessment
Barcha is your SwissβArmy knife for SQL Injection reconnaissance π. Written in Go, it automates: Shodan enumeration of SSL hosts π΅οΈββοΈ Liveness & redirect checks (ignores bad certs) π Automated Ghauri tests for each host π‘οΈ SQLite logging of every scan π
OWASP Foundation Web Respository
Vulnerability Dashboard
MCP server with 55 security intelligence tools β CVE/KEV, MITRE ATLAS+D3FEND, Sigma detection rules, email security posture (SPF/DMARC), domain & web intel, threat intel.
AI-powered SOC for OT/ICS networks β 6 autonomous agents, MITRE ATT&CK mapping, Suricata/Zeek ingestion, human-in-the-loop response, 330+ tests. Open-source alternative to Claroty/Dragos for SMBs.
This project aims to standardize the representation and management of EOL and EOS product information across the industry.
macOS vulnerability management for individuals
An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF
Manage engagements, run scans, and generate reports from a central hub