See our open source security testing tools
OWASP Zed Attack Proxy (ZAP)
OWASP® Zed Attack Proxy (ZAP). The world's most widely used web app scanner. Free and open source.
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for over 8000 issues.
Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.
SSLyze is a fast and powerful SSL/TLS scanning library to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues.
Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.
Bandit is a tool designed to find common security issues in Python code.
w3af is a Web Application Attack and Audit Framework, that helps you secure your web applications by finding and exploiting all web application vulnerabilities.
nodejsscan is a static security code scanner for Node.js applications.
The npm audit command submits a description of the dependencies configured in your package to your default registry and asks for a report of known vulnerabilities.
A powerful DNS enumeration script included in Kali Linux.
Microsoft Application Inspector identifies “interesting” features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on.
PythonFuzz is coverage-guided fuzzer for testing python packages. (requires on-site installation and development integrations)