Top 23 vulnerability-management Open-Source Projects

• h4cker

  4 16,518 9.3 Jupyter Notebook

  This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

  

• vuls

  3 10,659 8.8 Go

  Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• ThreatMapper

  32 4,631 9.9 TypeScript

  Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

  

Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• django-DefectDojo

  6 3,384 9.9 HTML

  DevSecOps, ASPM, Vulnerability Management. All on one platform.

  

• openvas-scanner

  9 2,870 9.3 C

  This repository contains the scanner component for Greenbone Community Edition.

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

OpenVAS - https://github.com/greenbone/openvas-scanner

• rapidscan

  1 1,649 4.1 Python

  :new: The Multi-Tool Web Vulnerability Scanner.

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• osv.dev

  19 1,403 9.7 Python

  Open source vulnerability DB and triage service.

  

Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15

Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

https://github.com/google/osv.dev/blob/master/README.md#usin... :

> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

Add'l useful formats:

> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

• Hunting-Queries-Detection-Rules

  7 993 9.3 Python

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Project mention: Advanced Hunting queries every admin should use | /r/DefenderATP | 2023-05-29

• PatrowlManager

  1 609 0.0 HTML

  PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

  

• nvdtools

  1 434 4.3 Go

  A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)

  

• CVE_Prioritizer

  6 406 7.0 Python

  Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.

Project mention: POST request to get CVE CVSS score | /r/AskNetsec | 2023-05-31

• reconmap

  4 403 5.4 JavaScript

  Vulnerability assessment and penetration testing automation and reporting platform for teams.

  

• mageni

  4 310 6.4

  Open-source vulnerability scanner

  

Project mention: Mageni | /r/selfhosted | 2023-09-08

• cervantes

  1 247 7.1 C#

  Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)

  

• GVM-Docker

  3 245 2.6 XSLT

  Greenbone Vulnerability Management Docker Image with OpenVAS

  

• casr

  2 237 8.7 Rust

  Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

  

• Smersh

  3 212 1.4 TypeScript

  Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

  

• inthewilddb

  7 187 3.3 Python

  Hourly updated database of exploit and exploitation reports

Project mention: Where do you get your information regarding new vulnerabilities and security risks? | /r/sysadmin | 2023-05-09

intothewild - https://github.com/gmatuz/inthewilddb/blob/master/rss.xml

• gvm-tools

  2 153 8.9 Python

  Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

  

• MixewayHub

  1 104 3.7 Shell

  Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

  

• SSVC

  1 103 9.2 Python

  Stakeholder-Specific Vulnerability Categorization

  

• awesome-vulnerability-assessment

  1 78 2.3

  An ever-growing list of resources for data-driven vulnerability assessment and prioritization

Project mention: Seeking Advice on Developing a Vulnerability Management Program | /r/cybersecurity | 2023-04-28

At first glance the tool selection looks a bit counterintuitive - will your focus be EASM, vulnerability assessment (you are not managing anything unless you include risk acceptance/mitigation and remediation) or automated (atomic) red teaming? For easy exploitability checks have a look at Prelude Operator; Nuclei as a modern scanner, OpenVAS to represent the traditional approach. For theory backing check here: https://github.com/lhmtriet/awesome-vulnerability-assessment

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

vulnerability-management related posts

• ThreatMapper: Open-source cloud native security observability platform
  1 project | news.ycombinator.com | 10 Sep 2023
• Mageni
  1 project | /r/selfhosted | 8 Sep 2023
• Monthly Security Checklist
  4 projects | /r/msp | 25 Jun 2023
• OSS Security - Deepfence Threat Mapper
  1 project | /r/selfhosters | 17 Jun 2023
• Detecting Threats on 100k Servers, 1000s of Cloud Accounts, 2500 K8s Clusters
  1 project | news.ycombinator.com | 5 Jun 2023
• Announcing Pyscan: A dependency vulnerability scanner for python projects.
  3 projects | /r/u_aswin__ | 15 May 2023
• Catalog of zero-day vulnerabilities
  1 project | /r/sysadmin | 21 Mar 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 23 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com