This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A high performance offensive security tool for reconnaissance and vulnerability scanning

Advanced vulnerability scanning with Nmap NSE

Centralize Vulnerability Assessment and Management for DevSecOps Team

cve-search - a tool to perform local searches for known vulnerabilities

Collection of the most common vulnerabilities found in iOS applications

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

This repository contains the scanner component for Greenbone Vulnerability Management (GVM). If you are looking for the whole OpenVAS framework please take a look at https://community.greenbone.net/t/frequently-asked-questions-faq/5558.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

🆕 The Multi-Tool Web Vulnerability Scanner.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

NERVE Continuous Vulnerability Scanner

A Binary Ninja plugin for vulnerability research.

API that leverages Clair to scan Docker Registries and Kubernetes Clusters for vulnerabilities

Greenbone Security Assistant - The web frontend for the Greenbone Vulnerability Management (GVM) framework

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python