#Vulnerability-scanner

Showing 60 of 115 repositories tagged #vulnerability-scanner, ranked by stars

projectdiscovery
projectdiscovery
nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Score
100
★ 29.6k ⑂ 3.5k +47/day
Go
future-architect
future-architect
vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Score
91
★ 12.2k ⑂ 1.2k +1/day
Go
chaitin
chaitin
xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Score
94
★ 11.6k ⑂ 1.9k +4/day
Vue
google
google
osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Score
82
★ 10.6k ⑂ 733 +47/day
Go
lintsinghua
lintsinghua
DeepAudit

DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。​让安全不再昂贵,让审计不再复杂。

Score
100
★ 6.6k ⑂ 814 +31/day
Python
commixproject
commixproject
commix

Automated All-in-One OS Command Injection Exploitation Tool

Score
86
★ 5.8k ⑂ 934 +10/day
Python
OWASP
OWASP
Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Score
71
★ 5.3k ⑂ 1.1k +8/day
Python
zan8in
zan8in
afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Score
73
★ 4.3k ⑂ 474 +3/day
Go
shuvonsec
shuvonsec
claude-bug-bounty

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Score
100
★ 3.9k ⑂ 692 +42/day
Python
evyatarmeged
evyatarmeged
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Score
98
★ 3.8k ⑂ 473 +28/day
Python
e-m-b-a
e-m-b-a
emba

EMBA - The firmware security analyzer

Score
99
★ 3.5k ⑂ 312 +4/day
Shell
almandin
almandin
fuxploider

File upload vulnerability scanner and exploitation tool.

Score
14
★ 3.3k ⑂ 512
Python
Qianlitp
Qianlitp
crawlergo

A powerful browser crawler for web vulnerability scanners

Score
18
★ 3.0k ⑂ 493
Go
MegaManSec
MegaManSec
SSH-Snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

Score
97
★ 2.3k ⑂ 221
Shell
skavngr
skavngr
rapidscan

:new: The Multi-Tool Web Vulnerability Scanner.

Score
82
★ 2.1k ⑂ 433 +26/day
Python
Moham3dRiahi
Moham3dRiahi
XAttacker

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Score
80
★ 1.7k ⑂ 473 +1/day
Perl
KeenSecurityLab
KeenSecurityLab
BinAbsInspector

BinAbsInspector: Vulnerability Scanner for Binaries

Score
78
★ 1.7k ⑂ 245
Java
attify
attify
firmware-analysis-toolkit

Toolkit to emulate firmware and analyse it for security vulnerabilities

Score
77
★ 1.6k ⑂ 284
Python
dwisiswant0
dwisiswant0
crlfuzz

A fast tool to scan CRLF vulnerability written in Go

Score
64
★ 1.6k ⑂ 145 +1/day
Go
fkie-cad
fkie-cad
cwe_checker

cwe_checker finds vulnerable patterns in binary executables

Score
72
★ 1.3k ⑂ 141
Rust
0xSteph
0xSteph
pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

Score
95
★ 1.3k ⑂ 246 +26/day
Python
CERT-Polska
CERT-Polska
Artemis

A modular vulnerability scanner with automatic report generation capabilities.

Score
93
★ 1.2k ⑂ 140
Python
RUB-NDS
RUB-NDS
Terrapin-Scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

Score
9
★ 993 ⑂ 70
Go
Pantheon-Security
Pantheon-Security
medusa

AI-first security scanner. NEW in v2026.7: Claude Code compromise detection — vet .claude/ hooks, permissions & skills before you clone — plus an always-on AI attack-signature scanner and native Rust & PHP rules. Also: medusa scan --git to vet any repo, medusa secrets scan for leaked API keys. 40,000+ patterns, zero setup.

Score
57
★ 912 ⑂ 152 +19/day
Python
artifact-keeper
artifact-keeper
artifact-keeper

Open-source universal artifact registry. Drop-in Artifactory/Nexus alternative with 40+ package formats, security scanning, WASM plugins, and edge replication.

Score
100
★ 831 ⑂ 93 +22/day
Rust
R0X4R
R0X4R
Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Score
45
★ 810 ⑂ 181
Shell
vigolium
vigolium
vigolium

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

Score
55
★ 766 ⑂ 120 +8/day
Go
FuzzingLabs
FuzzingLabs
mcp-security-hub

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

Score
91
★ 717 ⑂ 93 +15/day
Python
yhy0
yhy0
ChYing

承影,愿你在光影之间,找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like application.

Score
36
★ 710 ⑂ 65 +1/day
Go
asaotomo
asaotomo
FofaMap

FofaMap v2.0 是一款基于 Python3 开发的全网首个 AI 驱动红队资产测绘智能体。在延续原有 FOFA 数据采集、存活检测、统计聚合、图标 Hash 及批量查询等核心功能的基础上,2.0 版本原生支持 MCP 协议,可无缝接入 Cursor、Claude 等 AI 平台。其核心内置了 AI 自我反思机制,能根据查询结果自动调优语法,并智能联动 Nuclei 推荐精准扫描策略,实现从“被动采集”到“主动智能决策”的红队作业进化。

Score
43
★ 679 ⑂ 88 +1/day
Python
mergebase
mergebase
log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Score
64
★ 640 ⑂ 96
Java
eraser-dev
eraser-dev
eraser

🧹 Cleaning up images from Kubernetes nodes

Score
100
★ 611 ⑂ 71 +1/day
Go
tianchong-zerotemp
tianchong-zerotemp
dianxing

DianXing - AI-Driven End-to-End Code Security Auditing

Score
92
★ 610 ⑂ 57 +165/day
loxy0devlp
loxy0devlp
RedTiger-Tools

RedTiger-Tools is a multifunction automation tool dedicated to pentesting and OSINT. The project is open source and designed to be fully configurable according to user needs. It also includes a plugin system that allows users to extend or create new features, in order to centralize multiple tools into a single unified platform.

Score
29
★ 543 ⑂ 25 +7/day
Python
ByCh4n
ByCh4n
BCHackTool

🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.

Score
85
★ 531 ⑂ 88 +1/day
Shell
Vyntral
Vyntral
god-eye

AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs

Score
27
★ 511 ⑂ 69
Go
dongfangyuxiao
dongfangyuxiao
BurpExtend

基于Burp插件开发打造渗透测试自动化

Score
55
★ 420 ⑂ 78
HTML
FrancescoStabile
FrancescoStabile
numasec

The AI Agent for Cyber Security.

Score
86
★ 419 ⑂ 49 +4/day
TypeScript
SHAdd0WTAka
SHAdd0WTAka
Zen-Ai-Pentest

🛡⚔️AI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting🛡⚔️

Score
90
★ 413 ⑂ 73 +2/day
Python
tangxiaofeng7
tangxiaofeng7
cscan

Enterprise-grade Distributed Asset & Vulnerability Scanner. Features: Port Scanning, Subdomain Brute-force, Fingerprinting, and PoC Detection. Built on Go-Zero & Vue3. 高性能分布式网络资产扫描平台 (子域名扫描/端口扫描/指纹识别/弱口令爆破/JS识别/POC扫描)----------------------------点击下面URL获取高级POC

Score
89
★ 387 ⑂ 62 +5/day
Go
JiuZero
JiuZero
z0scan

A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin import, and is dedicated to exploring web black-box vulnerabilities.

Score
0
★ 365 ⑂ 28 +1/day
Python
enlightn
enlightn
security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Score
46
★ 339 ⑂ 26
PHP
silentchainai
silentchainai
SILENTCHAIN

AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

Score
87
★ 324 ⑂ 85 +2/day
Java
0sec-labs
0sec-labs
foxguard

A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more 𓃥

Score
83
★ 274 ⑂ 15
Rust
403errors
403errors
repomind

An open-source, AI-powered application using Agentic CAG to chat with any public GitHub repository or developer profile, offering deep code analysis, visual architecture maps and security audits

Score
100
★ 264 ⑂ 40
TypeScript
Amal-David
Amal-David
keyleak-detector

Runtime leak detector for modern web apps — finds exposed API keys, validates BaaS misconfigurations (Supabase/Firebase RLS), and catches secrets in JS bundles. Chrome extension + CLI.

Score
84
★ 260 ⑂ 31
Python
Secrover
Secrover
Secrover

Open-Source Security Reports, Made Simple - 100% free. No paywalls, just actionable insights.

Score
79
★ 253 ⑂ 4
Python
shuvonsec
shuvonsec
public-skills-builder

Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln classes, no private reports needed

Score
74
★ 201 ⑂ 44 +3/day
Python
OWASP
OWASP
ASST

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

Score
39
★ 189 ⑂ 40
JavaScript
AgriciDaniel
AgriciDaniel
claude-cybersecurity

AI-powered cybersecurity code review skill for Claude Code. 8 specialist agents, OWASP 2025, CWE Top 25, MITRE ATT&CK, 11 languages, zero configuration.

Score
75
★ 181 ⑂ 37 +7/day
Shell
Agent-Field
Agent-Field
sec-af

AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

Score
50
★ 170 ⑂ 37
Python
Hainrixz
Hainrixz
cyber-neo

Open-source cybersecurity analysis agent for Claude Code. Scans projects for vulnerabilities across all OWASP 2025 Top 10 and CWE Top 25 categories. 11 security domains, 60+ secret patterns, parallel subagent analysis, professional report generation. Built by tododeia.com

Score
71
★ 167 ⑂ 21 +2/day
Python
hackersatyamrastogi
hackersatyamrastogi
react2shell-ultimate

React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.

Score
66
★ 150 ⑂ 31
Python
gensecaihq
gensecaihq
Shai-Hulud-2.0-Detector

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Score
76
★ 141 ⑂ 34
TypeScript
tigthor
tigthor
neural-network-hacking

Hacking the Singularity. Deep learning hacking. Weaponizing AI in Offensive security

Score
28
★ 129 ⑂ 31
Python
sinewaveai
sinewaveai
agent-security-scanner-mcp

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

Score
70
★ 112 ⑂ 10 +1/day
JavaScript
Night-Master
Night-Master
sdlc_golang

sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。

Score
0
★ 97 ⑂ 12
Go
AnonKryptiQuz
AnonKryptiQuz
NextSploit

NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js

Score
20
★ 91 ⑂ 19
Python
skerkour
skerkour
phaser

Automated attack surface mapper and vulnerability scanner (Work In Progress 🚧)

Score
0
★ 86 ⑂ 23
Rust
vinceAmstoutz
vinceAmstoutz
symfony-security-auditor

AI-powered multi-agent security auditor for Symfony applications — provider-agnostic via symfony/ai.

Score
61
★ 75 ⑂ 0 +4/day
PHP
Related Topics
#security#security-tools#penetration-testing#cybersecurity#pentesting#security-scanner#security-audit#sast#bug-bounty#devsecops#owasp#ai-security

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly