Open-Source Cybersecurity Tools: Vulnerability Management

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 78 documented tools. It focuses on capabilities used for risk-based vulnerability prioritization and remediation planning. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

• Coverage depth against your highest-priority threats and compliance obligations.
• Operational overhead for deployment, tuning, and long-term maintenance.
• Signal quality versus analyst workload and false-positive pressure.
• Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
• Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

# | A | B | C | D | E | F | G | H | I | K | L | M | N | O | P | R | S | T | U | V | W | Z

Letter

This letter section contains 1 tools.

Nessus

• Website: https://www.tenable.com/products/nessus/nessus-professional
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Cyber Security Tools

What it does: Nessus is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Vulnerability scanner.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Penetration Testing.

Back to Name Jump

Letter A

This letter section contains 5 tools.

A2SV

• Website: https://github.com/hahwul/a2sv
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: A2SV is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Auto Scanning to SSL Vulnerability by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Auditing.

Back to Name Jump

Agentic Radar

• Website: https://github.com/splx-ai/agentic-radar
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Agentic Radar is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Open-source CLI security scanner for agentic AI workflows.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Static Analyzers.

Back to Name Jump

Artemis

• Website: https://github.com/CERT-Polska/Artemis/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security

What it does: Artemis is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: A modular vulnerability scanner with automatic report generation capabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Scanning / Pentesting.

Back to Name Jump

Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622

• Website: http://www.phrack.org/papers/attacking_javascript_engines.html
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622 is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

AutoSploit

• Website: https://github.com/NullArray/AutoSploit
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: AutoSploit is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Multi-paradigm Frameworks.

Back to Name Jump

Letter B

This letter section contains 4 tools.

Bash Bunny

• Website: https://www.hak5.org/gear/bash-bunny
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Bash Bunny is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Physical Access Tools.

Back to Name Jump

Brakeman

• Website: https://github.com/presidentbeef/brakeman
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Brakeman is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Static analysis security vulnerability scanner for Ruby on Rails applications.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Static Analyzers.

Back to Name Jump

BRETT BUERHAUS

• Website: https://buer.haus/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: BRETT BUERHAUS is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Vulnerability disclosures and rambles on application security.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Blogs.

Back to Name Jump

Bugtraq (BID)

• Website: http://www.securityfocus.com/bid/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Bugtraq (BID) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter C

This letter section contains 9 tools.

China National Vulnerability Database (CNNVD)

• Website: http://www.cnnvd.org.cn/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: China National Vulnerability Database (CNNVD) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

CISA Known Vulnerabilities Database (KEV)

• Website: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing, Awesome SOC

What it does: CISA Known Vulnerabilities Database (KEV) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Vulnerabilities in various systems already known to America's cyber defense agency, the Cybersecurity and Infrastructure Security Agency, to be actively exploited.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability

• Website: https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Azure.

Back to Name Jump

Common Vulnerabilities and Exposures (CVE)

• Website: https://cve.mitre.org/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Common Vulnerabilities and Exposures (CVE) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

CSP Scanner

• Website: https://cspscanner.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Hacking

What it does: CSP Scanner is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Analyze a site's Content-Security-Policy (CSP) to find bypasses and missing directives.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Web > Tools.

Back to Name Jump

CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime.

• Website: https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

CVE-2019-1306: ARE YOU MY INDEX?

• Website: https://www.thezdi.com/blog/2019/10/23/cve-2019-1306-are-you-my-index
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: CVE-2019-1306: ARE YOU MY INDEX? is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

cve-ape

• Website: https://github.com/baalmor/cve-ape
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security

What it does: cve-ape is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: A non-intrusive CVE scanner for embedding in test and CI environments that can scan package lists and individual packages for existing CVEs via locally stored CVE database. Can also be used as an offline CVE scanner for e.g. OT/ICS.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > DevOps.

Back to Name Jump

CXSecurity

• Website: https://cxsecurity.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: CXSecurity is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter D

This letter section contains 2 tools.

DefectDojo

• Website: https://www.defectdojo.org/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Cybersecurity Blue Team

What it does: DefectDojo is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Application vulnerability management tool built for DevOps and continuous security integration.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps.

Back to Name Jump

dirsearch

• Website: https://github.com/maurosoria/dirsearch
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: dirsearch is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Web path scanner.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation > Web path discovery and bruteforcing tools.

Back to Name Jump

Letter E

This letter section contains 5 tools.

Exploit Exercises

• Website: https://exploit-exercises.lains.space/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome CTF

What it does: Exploit Exercises is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Variety of VMs to learn variety of computer security issues.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Exploit Exercises - Nebula

• Website: https://exploit-exercises.com/nebula/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Hacking

What it does: Exploit Exercises - Nebula is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Wargame > System.

Back to Name Jump

Exploit.Education

• Website: http://exploit.education
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome CTF

What it does: Exploit.Education is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Variety of VMs to learn variety of computer security issues.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)

• Website: https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Prototype Pollution.

Back to Name Jump

EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis

• Website: https://www.cs.ucsb.edu/~chris/research/doc/ndss11_exposure.pdf
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Threat Detection

What it does: EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Threat Detection and Hunting > Resources > Research Papers.

Back to Name Jump

Letter F

This letter section contains 4 tools.

fimap

• Website: https://github.com/kurobeats/fimap
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: fimap is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation > Web file inclusion tools.

Back to Name Jump

Full-Disclosure

• Website: http://seclists.org/fulldisclosure/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Full-Disclosure is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007

• Website: http://www.fuzzing.org/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007 is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Books.

Back to Name Jump

Fuzzing: Brute Force Vulnerability Discovery, 1st Edition

• Website: https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Fuzzing

What it does: Fuzzing: Brute Force Vulnerability Discovery, 1st Edition is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: (2007).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Books.

Back to Name Jump

Letter G

This letter section contains 2 tools.

git-scanner

• Website: https://github.com/HightechSec/git-scanner
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing, Awesome Hacking

What it does: git-scanner is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation > Web-accessible source code ripping tools.

Back to Name Jump

GitHub Advisories

• Website: https://github.com/advisories/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: GitHub Advisories is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Public vulnerability advisories published by or affecting codebases hosted by GitHub, including open source projects.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter H

This letter section contains 5 tools.

H26Forge

• Website: https://github.com/h26forge/h26forge
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: H26Forge is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Exploit Development Tools.

Back to Name Jump

HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC

• Website: https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: HOW TO EXPLOIT LIFERAY CVE-2020-7961 : QUICK JOURNEY TO POC is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Deserialization.

Back to Name Jump

How to exploit the DotNetNuke Cookie Deserialization

• Website: https://pentest-tools.com/blog/exploit-dotnetnuke-cookie-deserialization/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: How to exploit the DotNetNuke Cookie Deserialization is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Deserialization.

Back to Name Jump

How we exploited a remote code execution vulnerability in math.js

• Website: https://capacitorset.github.io/mathjs/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: How we exploited a remote code execution vulnerability in math.js is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > Remote Code Execution.

Back to Name Jump

HPI-VDB

• Website: https://hpi-vdb.de/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: HPI-VDB is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter I

This letter section contains 3 tools.

Industrial Exploitation Framework (ISF)

• Website: https://github.com/dark-lbp/isf
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Industrial Exploitation Framework (ISF) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Industrial Control and SCADA Systems.

Back to Name Jump

Inj3ct0r

• Website: https://www.0day.today/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Inj3ct0r is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Exploit marketplace and vulnerability information aggregator. (.).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Internet of Things Scanner

• Website: http://iotscanner.bullguard.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Internet of Things Scanner is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Check if your internet-connected devices at home are public on Shodan by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Miscellaneous.

Back to Name Jump

Letter K

This letter section contains 1 tools.

Kadimus

• Website: https://github.com/P0cL4bs/Kadimus
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Kadimus is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: LFI scan and exploit tool.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation > Web file inclusion tools.

Back to Name Jump

Letter L

This letter section contains 2 tools.

LFISuite

• Website: https://github.com/D35m0nd142/LFISuite
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: LFISuite is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Automatic LFI scanner and exploiter.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation > Web file inclusion tools.

Back to Name Jump

Linux Exploit Suggester

• Website: https://github.com/PenturaLabs/Linux_Exploit_Suggester
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Linux Exploit Suggester is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > GNU/Linux Utilities.

Back to Name Jump

Letter M

This letter section contains 2 tools.

Microsoft Security Advisories and Bulletins

• Website: https://docs.microsoft.com/en-us/security-updates/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Microsoft Security Advisories and Bulletins is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Mozilla Foundation Security Advisories

• Website: https://www.mozilla.org/security/advisories/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Mozilla Foundation Security Advisories is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter N

This letter section contains 1 tools.

National Vulnerability Database (NVD)

• Website: https://nvd.nist.gov/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: National Vulnerability Database (NVD) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter O

This letter section contains 3 tools.

OpalOPC

• Website: https://opalopc.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: OpalOPC is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Commercial OPC UA vulnerability assessment tool, sold by Molemmat.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Industrial Control and SCADA Systems.

Back to Name Jump

Open Redirect Vulnerability

• Website: https://s0cket7.com/open-redirect-vulnerability/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Open Redirect Vulnerability is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Introduction > Open Redirect.

Back to Name Jump

OWASP Testing Checklist v4

• Website: https://www.owasp.org/index.php/Testing_Checklist
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security

What it does: OWASP Testing Checklist v4 is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: List of some controls to test during a web vulnerability assessment. Markdown version may be found .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Scanning / Pentesting.

Back to Name Jump

Letter P

This letter section contains 5 tools.

Penetration Testing Framework (PTF)

• Website: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Penetration Testing Framework (PTF) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Online Resources > Online Penetration Testing Resources.

Back to Name Jump

PingCastle

• Website: https://www.pingcastle.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Cybersecurity Blue Team

What it does: PingCastle is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Active Directory vulnerability detection and reporting tool.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > Windows-based defenses > Active Directory.

Back to Name Jump

Pre-authentication XXE vulnerability in the Services Drupal module

• Website: https://www.synacktiv.com/ressources/synacktiv_drupal_xxe_services.pdf
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Pre-authentication XXE vulnerability in the Services Drupal module is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tricks > XXE.

Back to Name Jump

PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT

• Website: https://www.zerodayinitiative.com/blog/2018/2/12/pushing-webkits-buttons-with-a-mobile-pwn2own-exploit
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Browser Exploitation > Backend (core of Browser implementation, and often refers to C or C++ part).

Back to Name Jump

Pwntools

• Website: https://github.com/Gallopsled/pwntools
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing, Awesome CTF

What it does: Pwntools is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Rapid exploit development framework built for use in CTFs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Exploit Development Tools.

Back to Name Jump

Letter R

This letter section contains 3 tools.

Raccoon

• Website: https://github.com/evyatarmeged/Raccoon
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing, Awesome CTF, Awesome Web Security

What it does: Raccoon is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: High performance offensive security tool for reconnaissance and vulnerability scanning by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Reconnaissance > OSINT - Open-Source Intelligence.

Back to Name Jump

react2shell-scanner

• Website: https://github.com/nxgn-kd01/react2shell-scanner
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security

What it does: react2shell-scanner is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Scans React 19.x and Next.js projects for critical remote code execution flaws.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Scanning / Pentesting.

Back to Name Jump

retire.js

• Website: https://github.com/RetireJS/retire.js
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: retire.js is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Scanner detecting the use of JavaScript libraries with known vulnerabilities by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Detecting.

Back to Name Jump

Letter S

This letter section contains 4 tools.

SecuriTeam

• Website: http://www.securiteam.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: SecuriTeam is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Independent source of software vulnerability information.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

shai-hulud-scanner

• Website: https://github.com/nxgn-kd01/shai-hulud-scanner
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security

What it does: shai-hulud-scanner is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Detect indicators of compromise from the Shai Hulud 2.0 npm supply chain attack that compromised 796+ packages. Performs comprehensive security checks for malicious files, hashes, and patterns.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Web > Scanning / Pentesting.

Back to Name Jump

Singularity of Origin

• Website: https://github.com/nccgroup/singularity
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Singularity of Origin is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > DNS Rebinding.

Back to Name Jump

Snyk Vulnerability DB

• Website: https://snyk.io/vuln/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Snyk Vulnerability DB is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Detailed information and remediation guidance for vulnerabilities known by Snyk.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter T

This letter section contains 4 tools.

TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection, 2010

• Website: https://ieeexplore.ieee.org/abstract/document/5504701
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Fuzzing

What it does: TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection, 2010 is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

tfsec

• Website: https://aquasecurity.github.io/tfsec/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Cybersecurity Blue Team

What it does: tfsec is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Static analysis security scanner for your Terraform code designed to run locally and in CI pipelines.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps.

Back to Name Jump

Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)

• Website: http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Written by and .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Evasions > Authentication.

Back to Name Jump

Trivy

• Website: https://github.com/aquasecurity/trivy
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Security, Awesome Cybersecurity Blue Team

What it does: Trivy is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for use in continuous integration pipelines.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps.

Back to Name Jump

Letter U

This letter section contains 1 tools.

US-CERT Vulnerability Notes Database

• Website: https://www.kb.cert.org/vuls/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: US-CERT Vulnerability Notes Database is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter V

This letter section contains 5 tools.

VulDB

• Website: https://vuldb.com
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: VulDB is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Vulmon

• Website: https://vulmon.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Vulmon is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Vulnerability as a service: SambaCry

• Website: https://hub.docker.com/r/vulnerables/cve-2017-7494/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Vulnerability as a service: SambaCry is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: docker pull vulnerables/cve-2017-7494.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Intentionally Vulnerable Systems > Intentionally Vulnerable Systems as Docker Containers.

Back to Name Jump

Vulnerability Lab

• Website: https://www.vulnerability-lab.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Vulnerability Lab is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Open forum for security advisories organized by category of exploit target.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Vulners

• Website: https://vulners.com/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Vulners is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Security database of software vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump

Letter W

This letter section contains 6 tools.

WAScan

• Website: https://github.com/m4ll0k/WAScan
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: WAScan is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Is an open source web application security scanner that uses "black-box" method, created by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Scanning.

Back to Name Jump

wePWNise

• Website: https://labs.mwrinfosecurity.com/tools/wepwnise/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: wePWNise is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Windows Utilities.

Back to Name Jump

Windows Exploit Suggester

• Website: https://github.com/GDSSecurity/Windows-Exploit-Suggester
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Windows Exploit Suggester is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Detects potential missing patches on the target.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Windows Utilities.

Back to Name Jump

Wordpress Exploit Framework

• Website: https://github.com/rastating/wordpress-exploit-framework
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Wordpress Exploit Framework is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Exploit Development Tools.

Back to Name Jump

wpscan

• Website: https://github.com/wpscanteam/wpscan
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Web Security

What it does: wpscan is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: WPScan is a black box WordPress vulnerability scanner by .

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Scanning.

Back to Name Jump

WPSploit

• Website: https://github.com/espreto/wpsploit
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: WPSploit is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Exploit WordPress-powered websites with Metasploit.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Web Exploitation.

Back to Name Jump

Letter Z

This letter section contains 1 tools.

Zero Day Initiative

• Website: http://zerodayinitiative.com/advisories/published/
• Model: Open Source
• Category: Vulnerability Management
• Source Lists: Awesome Penetration Testing

What it does: Zero Day Initiative is used in vulnerability management programs to support risk-based vulnerability prioritization and remediation planning. Source summaries describe it as: Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Vulnerability Databases.

Back to Name Jump