See our open source security testing tools

OWASP Zed Attack Proxy (ZAP)

OWASP® Zed Attack Proxy (ZAP). The world's most widely used web app scanner. Free and open source.

Dependency Check

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for over 8000 issues.

Clair

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.

SSLyze

SSLyze is a fast and powerful SSL/TLS scanning library to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues.

NMAP

Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.

Bandit

Bandit is a tool designed to find common security issues in Python code.

w3af

w3af is a Web Application Attack and Audit Framework, that helps you secure your web applications by finding and exploiting all web application vulnerabilities.

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

npm audit

The npm audit command submits a description of the dependencies configured in your package to your default registry and asks for a report of known vulnerabilities.

DNSRecon

A powerful DNS enumeration script included in Kali Linux.

Application Inspector

Microsoft Application Inspector identifies “interesting” features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on.

PythonFuzz

PythonFuzz is coverage-guided fuzzer for testing python packages. (requires on-site installation and development integrations)