vulnerability-management

Open-source projects categorized as vulnerability-management
Edit details
Language: + Python + Go + TypeScript + HTML + Jupyter Notebook + C + JavaScript + C# + XSLT + Rust + Shell
Topics: Vulnerability vulnerability-scanners Security vulnerability-assessment security-tools
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

Top 23 vulnerability-management Open-Source Projects

  • h4cker

    This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • ThreatMapper

    Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

    • Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • django-DefectDojo

    DevSecOps, ASPM, Vulnerability Management. All on one platform.

  • openvas-scanner

    This repository contains the scanner component for Greenbone Community Edition.

    • Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

    OpenVAS - https://github.com/greenbone/openvas-scanner

  • Fleet

    Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center) (by fleetdm)

    • Project mention: Osquery: An sqlite3 virtual table exposing operating system data to SQL | news.ycombinator.com | 2024-02-25

    Yo! We're working on the fix. You can track progress here: https://github.com/fleetdm/fleet/issues/17165

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  • osv.dev

    Open source vulnerability DB and triage service.

    • Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15

    Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

    https://github.com/google/osv.dev/blob/master/README.md#usin... :

    > We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

    Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

    Add'l useful formats:

    > Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

  • Hunting-Queries-Detection-Rules

    KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

    • Project mention: Advanced Hunting queries every admin should use | /r/DefenderATP | 2023-05-29

  • PatrowlManager

    PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

  • nvdtools

    A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)

  • CVE_Prioritizer

    Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.

    • Project mention: POST request to get CVE CVSS score | /r/AskNetsec | 2023-05-31

  • reconmap

    Vulnerability assessment and penetration testing automation and reporting platform for teams.

  • mageni

    Open-source vulnerability scanner

    • Project mention: Mageni | /r/selfhosted | 2023-09-08

  • cervantes

    Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)

  • GVM-Docker

    Greenbone Vulnerability Management Docker Image with OpenVAS

  • casr

    Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

  • Smersh

    Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.

  • inthewilddb

    Hourly updated database of exploit and exploitation reports

  • gvm-tools

    Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

  • SSVC

    Stakeholder-Specific Vulnerability Categorization

  • MixewayHub

    Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

vulnerability-management related posts

  • ThreatMapper: Open-source cloud native security observability platform

    1 project | news.ycombinator.com | 10 Sep 2023

  • Mageni

    1 project | /r/selfhosted | 8 Sep 2023

  • Monthly Security Checklist

    4 projects | /r/msp | 25 Jun 2023

  • OSS Security - Deepfence Threat Mapper

    1 project | /r/selfhosters | 17 Jun 2023

  • Detecting Threats on 100k Servers, 1000s of Cloud Accounts, 2500 K8s Clusters

    1 project | news.ycombinator.com | 5 Jun 2023

  • Announcing Pyscan: A dependency vulnerability scanner for python projects.

    3 projects | /r/u_aswin__ | 15 May 2023

  • Catalog of zero-day vulnerabilities

    1 project | /r/sysadmin | 21 Mar 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 10 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source vulnerability-management projects? This list will help you:

Project Stars
1 h4cker 16,658
2 vuls 10,693
3 ThreatMapper 4,637
4 faraday 4,634
5 django-DefectDojo 3,409
6 openvas-scanner 2,891
7 Fleet 2,161
8 rapidscan 1,659
9 osv.dev 1,407
10 Hunting-Queries-Detection-Rules 1,011
11 PatrowlManager 609
12 nvdtools 436
13 CVE_Prioritizer 420
14 reconmap 403
15 mageni 309
16 cervantes 250
17 GVM-Docker 246
18 casr 240
19 Smersh 212
20 inthewilddb 190
21 gvm-tools 154
22 SSVC 106
23 MixewayHub 105

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com