Vulnerability Detection

Big List of Naughty StringsPython

A curated list of strings likely to cause issues when used as user-input data, for automated and manual QA testing.

trivyGo

A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in containers, Kubernetes, code, and clouds.

NucleiGo

A fast, customizable vulnerability scanner with a YAML-based DSL, powered by a global security community.

wazuhC++

An open-source unified XDR and SIEM platform for threat prevention, detection, and response across endpoints and cloud workloads.

lynisShell

A security auditing and hardening tool for UNIX-based systems, performing in-depth scans and compliance testing.

XSStrikePython

An advanced XSS detection suite that uses context analysis and intelligent payload generation to find vulnerabilities.

codeqlCodeQL

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

Golang Security CheckerGo

A static analysis tool that scans Go source code for security vulnerabilities by analyzing the AST and SSA representations.

Gixy - Nginx configuration static analyzerPython

A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.

brakemanRuby

A static analysis security vulnerability scanner for Ruby on Rails applications.

slitherPython

A static analysis framework for Solidity and Vyper smart contracts that detects vulnerabilities, enhances code comprehension, and enables custom analyses.

trailofbits-skillsPython

A Claude Code plugin marketplace providing AI-assisted skills for security research, vulnerability detection, and audit workflows.

zizmorRust

A static analysis tool that finds security vulnerabilities and misconfigurations in GitHub Actions workflows.

mythrilPython

A symbolic-execution-based security analysis tool for detecting vulnerabilities in Ethereum and EVM-compatible smart contracts.

retire.jsJavaScript

A scanner that detects JavaScript libraries with known vulnerabilities and can generate a Software Bill of Materials (SBOM).

vulscanLua

An Nmap NSE script that transforms nmap into a vulnerability scanner using offline vulnerability databases.

krackattacks-scriptsC

Scripts to test if Wi-Fi clients or access points are vulnerable to the KRACK attack against WPA2.

bundle-auditRuby

A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.

BearerGo

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

BearerGo

A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

KICSOpen Policy Agent

KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.

Find Security BugsJava

A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.

SecurityJavaScript

ESLint plugin that identifies potential security vulnerabilities in Node.js code, requiring human triage for false positives.

is-website-vulnerableJavaScript

Scans websites for publicly known security vulnerabilities in frontend JavaScript libraries using the Snyk database.

TIDoS FrameworkPython

A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.

TIDoS-FrameworkPython

A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.

BinCatOCaml

A static binary code analysis toolkit for reverse engineers, featuring value/taint analysis, type reconstruction, and memory vulnerability detection.

sobelowElixir

Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.

GrauditShell

A grep-based source code auditing tool that finds potential security flaws using signature databases for multiple programming languages.

cwe_checkerRust

A static analysis tool that detects Common Weakness Enumerations (CWEs) in binary executables across multiple CPU architectures.

ArtemisPython

A modular vulnerability scanner that checks website security and automatically generates easy-to-read reports for organizations.

FeatherDusterPython

An automated, modular cryptanalysis tool for identifying and exploiting weak cryptosystems.

electronegativityJavaScript

A static analysis tool to identify security misconfigurations and anti-patterns in Electron applications.

DevSkimC#

A security linting framework with IDE plugins and CLI tools that identifies vulnerabilities as developers write code.

DevSkimC#

A security linting framework with IDE plugins and CLI tools that detects vulnerabilities as developers write code.

Security Code ScanC#

A static code analyzer that detects security vulnerabilities in C# and VB.NET applications.