Security Scanning

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Zero-configuration mesh VPN for business.

Open-source API security platform for discovery, posture, and CI/CD testing.

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Cloud-native security platform for protecting build and runtime environments.

Developer-first security platform

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

Privacy-focused CAPTCHA and bot defense platform.

Open-source AI hackers to find and fix your app’s vulnerabilities.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Autonomous pentesting AI with MCP server and Python agents.

Open Source Vulnerability Management Platform

Open-source security platform for AI agents with skill audits and threat monitoring.

Open-source AI agent firewall for MCP security and egress control.

Security scanner as fast as a linter with TUI triage.

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Open source vulnerability DB and triage service.

🧵 CLI tool for directly patching container images!

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Self-hostable secrets management platform and open-source Doppler alternative.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Open-source security tools for AI agents.

WireGuard virtual networking platform.

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Agent-based Docker security audit platform with CIS benchmark compliance and remediation.

An open-source framework for detecting, redacting, masking, and anonymizing sensitive data (PII) across text, images, and structured data. Supports NLP, pattern matching, and customizable pipelines.

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Open-source agent firewall to prevent data leaks and dangerous tool use.

🚀 Caido releases, wiki and roadmap

Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.

CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.

Open source security toolbox for engineers and researchers.

A monitoring hub that watches popular open-source repositories and uses AI to detect when commits ar

Chrome extension risk scanner — scan Chrome Web Store links or CRX/ZIP builds and generate evidence-based security/privacy reports. Open-core.

Find secrets with Gitleaks 🔑

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Detect and patch vulnerabilities in AI-generated Python code.

Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, and security result management.

Open-source LLM-based vulnerability discovery product for defenders.

Open source cloud native application protection platform.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Open source vulnerability management platform.

Security scoring engine for CI/CD pipelines.

Open-source platform for cloud-native security and observability.

Open-source security platform for AI coding agents.

Open-source CLI for secret injection and management.

Open-source cloud security posture management tool for AWS infrastructure.

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集，可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith

Security scanner for LLM agent workflows.

Cloud-native security lake platform for threat hunting.

Static security scanner for Node.js applications.

Metlo is an open-source API security platform.

Policy-as-code tool for analytics and auditing across cloud and SaaS environments.

Static code analysis platform.

Professional open source intelligence platform.

Open-source platform for testing AI agent security.