vulnerability-scanners

Top 23 vulnerability-scanner Open-Source Projects

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Suas imagens de container não estão seguras! | dev.to | 2024-03-20
  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Project mention: Who does check linux distros of malware - open source | /r/linux | 2023-12-10

    Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  • Scanners-Box

    A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  • tfsec

    Security scanner for your Terraform code

    Project mention: Top Terraform Tools to Know in 2024 | dev.to | 2024-03-26

    ‍Tfsec acts as a Terraform scanning tool. It is a security-focused linter for Terraform that scans code for security flaws, offering an additional layer of security assurance and helping to maintain a strong security posture.

  • scan4all

    Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  • ThreatMapper

    Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

    Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • nginx-ultimate-bad-bot-blocker

    Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

    Project mention: Nginx Bad Bot and User-Agent Blocker | news.ycombinator.com | 2024-03-07
  • vulscan

    Advanced vulnerability scanning with Nmap NSE

    Project mention: Scanning ports and finding network vulnerabilities using nmap | dev.to | 2023-12-01

    Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.

  • SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  • openvas-scanner

    This repository contains the scanner component for Greenbone Community Edition.

    Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

    OpenVAS - https://github.com/greenbone/openvas-scanner

  • EMBA

    EMBA - The firmware security analyzer

    Project mention: New EMBA firmware analyzer release - EMBA v1.2.3 - R.I.P. Binwalk | /r/netsec | 2023-05-11
  • kics

    Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

  • rapidscan

    :new: The Multi-Tool Web Vulnerability Scanner.

  • safety

    Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

    Project mention: A Tale of Two Kitchens - Hypermodernizing Your Python Code Base | dev.to | 2023-11-12

    Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.

  • osv.dev

    Open source vulnerability DB and triage service.

    Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15

    Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

    https://github.com/google/osv.dev/blob/master/README.md#usin... :

    > We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

    Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

    Add'l useful formats:

    > Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

  • ATSCAN

    Advanced dork Search & Mass Exploit Scanner

  • trivy-operator

    Kubernetes-native security toolkit

  • go-dork

    The fastest dork scanner written in Go.

  • PentestTools

    Awesome Pentest Tools Collection

  • AutoPWN-Suite

    AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

  • clair-scanner

    Docker containers vulnerability scan

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-26.

vulnerability-scanners related posts

Index

What are some of the best open-source vulnerability-scanner projects? This list will help you:

Project Stars
1 trivy 20,988
2 lynis 12,386
3 vuls 10,617
4 Scanners-Box 7,926
5 tfsec 6,500
6 scan4all 5,170
7 ThreatMapper 4,614
8 faraday 4,558
9 nginx-ultimate-bad-bot-blocker 3,620
10 vulscan 3,272
11 SecretScanner 2,924
12 openvas-scanner 2,804
13 EMBA 2,356
14 kics 1,865
15 rapidscan 1,629
16 safety 1,611
17 osv.dev 1,374
18 ATSCAN 1,311
19 trivy-operator 994
20 go-dork 958
21 PentestTools 903
22 AutoPWN-Suite 875
23 clair-scanner 837
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com