Vulnerability Detection
Showing 29 of 29 projects
A curated list of strings likely to cause issues when used as user-input data, for automated and manual QA testing.
A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in containers, Kubernetes, code, and clouds.
A fast, customizable vulnerability scanner with a YAML-based DSL, powered by a global security community.
A security auditing and hardening tool for UNIX-based systems, performing in-depth scans and compliance testing.
An open-source unified XDR and SIEM platform for threat prevention, detection, and response across endpoints and cloud workloads.
An advanced XSS detection suite that uses context analysis and intelligent payload generation to find vulnerabilities.
Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.
A static analysis tool that scans Go source code for security vulnerabilities by analyzing the AST and SSA representations.
A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.
A static analysis security vulnerability scanner for Ruby on Rails applications.
A static analysis framework for Solidity and Vyper smart contracts that detects vulnerabilities, enhances code comprehension, and enables custom analyses.
A Claude Code plugin marketplace providing AI-assisted skills for security research, vulnerability detection, and audit workflows.
A static analysis tool that finds security vulnerabilities and misconfigurations in GitHub Actions workflows.
A symbolic-execution-based security analysis tool for detecting vulnerabilities in Ethereum and EVM-compatible smart contracts.
A scanner that detects JavaScript libraries with known vulnerabilities and can generate a Software Bill of Materials (SBOM).
An Nmap NSE script that transforms nmap into a vulnerability scanner using offline vulnerability databases.
Scripts to test if Wi-Fi clients or access points are vulnerable to the KRACK attack against WPA2.
A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.
Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.
A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.
ESLint plugin that identifies potential security vulnerabilities in Node.js code, requiring human triage for false positives.
Scans websites for publicly known security vulnerabilities in frontend JavaScript libraries using the Snyk database.
A static binary code analysis toolkit for reverse engineers, featuring value/taint analysis, type reconstruction, and memory vulnerability detection.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.
A grep-based source code auditing tool that finds potential security flaws using signature databases for multiple programming languages.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.