houndsploit VS nuclei-templates

Check https://github.com/projectdiscovery/nuclei mostly for CVEs.

Otherwise your on the right path checkout the open source Greenbones OpenVAS (this was Nessus before they closed source and became corporate) or Project Discovery Nuclei

Nmap can run scripts that trigger NIPS, as does Nuclei. https://nmap.org/ & https://github.com/projectdiscovery/nuclei you can look at a list of vuln scanners here. https://owasp.org/www-community/Vulnerability_Scanning_Tools. Nessus would be a common one to look at for Enterprise. Rapid 7, Qualys.

I created a nuclei template and scanned the bug bounty programs with nuclei and found that many companies were vulnerable to this.

Nuclei might be a good option: https://github.com/projectdiscovery/nuclei

Recently one of the security researchers has built a Nuclei Template to Detect Spring4Shell, This template can be easily run to scan for Spring4Shell on your Networking, routing, or security devices inside your network. Template Link: https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-22965.yaml

For a curated collection of CVE PoCs that is continuously updated by the bug bounty community, check out the projectdiscovery nuclei repo: https://github.com/projectdiscovery/nuclei-templates/tree/ma...

https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)

To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.