SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 vulnerability-management Open-Source Projects
-
h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
-
Fleet
Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center) (by fleetdm)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
nvdtools
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
-
CVE_Prioritizer
Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.
-
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
-
cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location. (by CervantesSec)
-
Smersh
Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
-
MixewayHub
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
OpenVAS - https://github.com/greenbone/openvas-scanner
Project mention: Osquery: An sqlite3 virtual table exposing operating system data to SQL | news.ycombinator.com | 2024-02-25Yo! We're working on the fix. You can track progress here: https://github.com/fleetdm/fleet/issues/17165
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?
https://github.com/google/osv.dev/blob/master/README.md#usin... :
> We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.
Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.
Add'l useful formats:
> Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories
vulnerability-management related posts
-
ThreatMapper: Open-source cloud native security observability platform
-
Mageni
-
Monthly Security Checklist
-
OSS Security - Deepfence Threat Mapper
-
Detecting Threats on 100k Servers, 1000s of Cloud Accounts, 2500 K8s Clusters
-
Announcing Pyscan: A dependency vulnerability scanner for python projects.
-
Catalog of zero-day vulnerabilities
-
A note from our sponsor - SaaSHub
www.saashub.com | 10 May 2024
Index
What are some of the best open-source vulnerability-management projects? This list will help you:
Project | Stars | |
---|---|---|
1 | h4cker | 16,658 |
2 | vuls | 10,693 |
3 | ThreatMapper | 4,637 |
4 | faraday | 4,634 |
5 | django-DefectDojo | 3,409 |
6 | openvas-scanner | 2,891 |
7 | Fleet | 2,161 |
8 | rapidscan | 1,659 |
9 | osv.dev | 1,407 |
10 | Hunting-Queries-Detection-Rules | 1,011 |
11 | PatrowlManager | 609 |
12 | nvdtools | 436 |
13 | CVE_Prioritizer | 420 |
14 | reconmap | 403 |
15 | mageni | 309 |
16 | cervantes | 250 |
17 | GVM-Docker | 246 |
18 | casr | 240 |
19 | Smersh | 212 |
20 | inthewilddb | 190 |
21 | gvm-tools | 154 |
22 | SSVC | 106 |
23 | MixewayHub | 105 |
Sponsored