Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 vulnerability-management Open-Source Projects
-
h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
nvdtools
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
-
CVE_Prioritizer
Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.
-
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
-
cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)
-
Smersh
Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
-
MixewayHub
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
-
awesome-vulnerability-assessment
An ever-growing list of resources for data-driven vulnerability assessment and prioritization
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
OpenVAS - https://github.com/greenbone/openvas-scanner
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?
https://github.com/google/osv.dev/blob/master/README.md#usin... :
> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.
Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.
Add'l useful formats:
> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories
Project mention: Where do you get your information regarding new vulnerabilities and security risks? | /r/sysadmin | 2023-05-09intothewild - https://github.com/gmatuz/inthewilddb/blob/master/rss.xml
Project mention: Seeking Advice on Developing a Vulnerability Management Program | /r/cybersecurity | 2023-04-28At first glance the tool selection looks a bit counterintuitive - will your focus be EASM, vulnerability assessment (you are not managing anything unless you include risk acceptance/mitigation and remediation) or automated (atomic) red teaming? For easy exploitability checks have a look at Prelude Operator; Nuclei as a modern scanner, OpenVAS to represent the traditional approach. For theory backing check here: https://github.com/lhmtriet/awesome-vulnerability-assessment
vulnerability-management related posts
- ThreatMapper: Open-source cloud native security observability platform
- Mageni
- Monthly Security Checklist
- OSS Security - Deepfence Threat Mapper
- Detecting Threats on 100k Servers, 1000s of Cloud Accounts, 2500 K8s Clusters
- Announcing Pyscan: A dependency vulnerability scanner for python projects.
- Catalog of zero-day vulnerabilities
-
A note from our sponsor - InfluxDB
www.influxdata.com | 23 Apr 2024
Index
What are some of the best open-source vulnerability-management projects? This list will help you:
Project | Stars | |
---|---|---|
1 | h4cker | 16,518 |
2 | vuls | 10,659 |
3 | ThreatMapper | 4,631 |
4 | faraday | 4,600 |
5 | django-DefectDojo | 3,384 |
6 | openvas-scanner | 2,870 |
7 | rapidscan | 1,649 |
8 | osv.dev | 1,403 |
9 | Hunting-Queries-Detection-Rules | 993 |
10 | PatrowlManager | 609 |
11 | nvdtools | 434 |
12 | CVE_Prioritizer | 406 |
13 | reconmap | 403 |
14 | mageni | 310 |
15 | cervantes | 247 |
16 | GVM-Docker | 245 |
17 | casr | 237 |
18 | Smersh | 212 |
19 | inthewilddb | 187 |
20 | gvm-tools | 153 |
21 | MixewayHub | 104 |
22 | SSVC | 103 |
23 | awesome-vulnerability-assessment | 78 |
Sponsored