Open Source Security Testing Tools

See our open source security testing tools

OWASP Zed Attack Proxy (ZAP)

OWASP® Zed Attack Proxy (ZAP). The world's most widely used web app scanner. Free and open source.

Dependency Check

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for over 8000 issues.


Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.


SSLyze is a fast and powerful SSL/TLS scanning library to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues.


Bandit is a tool designed to find common security issues in Python code.


nodejsscan is a static security code scanner for Node.js applications.

npm audit

The npm audit command submits a description of the dependencies configured in your package to your default registry and asks for a report of known vulnerabilities.


PythonFuzz is coverage-guided fuzzer for testing python packages. (requires on-site installation and development integrations)