/open-source-web-scanners

A list of open source web security scanners

Apache License 2.0Apache-2.0

open-source-web-scanners

A list of open source web security scanners on GitHub and GitLab (just added), ordered by Stars. It does not provide in-depth analysis - for more analysis or a wider range of tools, see the links below.

Note that some large projects have multiple repos - in which case the second most relevant repo is included immediately after.

General Purpose Web Scanners

Tools which can find a range of 'unknown' vulnerabilities on any websites.

Main Site Last Commit Committers Stars
ZAP Last Commit Contributors Stars
- ZAP Extensions Last Commit Contributors Stars
W3af Last Commit Contributors Stars
Hetty Last Commit Contributors Stars
Arachni Last Commit Contributors Stars
Astra Last Commit Contributors Stars
Skipfish Last Commit Contributors Stars
Sitadel Last Commit Contributors Stars
Taipan Last Commit Contributors Stars
Vega Last Commit Contributors Stars
Wapiti Last Commit Contributors Stars
Tuplar Last Commit Contributors Stars
Ugly-duckling Last Commit Contributors Stars
Jawfish Last Commit Contributors Stars
Browserker Last Commit Contributors Stars

Infrastructure Web Scanners

Tools which can find a range of 'known' vulnerabilities on any websites.

Main Site Last Commit Committers Stars
Nuclei Last Commit Contributors Stars
- Nuclei Templates Last Commit Contributors Stars
Tsunami Last Commit Contributors Stars
Nikto Last Commit Contributors Stars
Striker Last Commit Contributors Stars
Jaeles Last Commit Contributors Stars
- Jaeles-Signatures Last Commit Contributors Stars
Yasuo Last Commit Contributors Stars
Observatory Last Commit Contributors Stars
Spaghetti Last Commit Contributors Stars

Fuzzers / Brute Forcers

Tools which focus on throwing 'bad stuff' at things - the user typically has to work out if it sticks.

Main Site Last Commit Committers Stars
dirsearch Last Commit Contributors Stars
Ffuf Last Commit Contributors Stars
gobuster Last Commit Contributors Stars
Wfuzz Last Commit Contributors Stars
feroxbuster Last Commit Contributors Stars
rustbusterv Last Commit Contributors Stars
vaf Last Commit Contributors Stars

CMS Web Scanners

Tools which can find a range of 'known' vulnerabilities on one or more CMS websites.

Main Site Last Commit Committers Stars
WPscan Last Commit Contributors Stars
Volnx Last Commit Contributors Stars
Droopescan Last Commit Contributors Stars
CMSScan Last Commit Contributors Stars
JoomScan Last Commit Contributors Stars
Clusterd Last Commit Contributors Stars

API Web Scanners

Tools which focus on web APIs.

Main Site Last Commit Committers Stars
Automatic API Attack Tool Last Commit Contributors Stars
Cherrybomb Last Commit Contributors Stars

Specialised Scanners

Tools which focus on specific types of vulnerabilities.

Main Site Last Commit Committers Stars
Sqlmap Last Commit Contributors Stars
Comix Last Commit Contributors Stars
Xsscrapy Last Commit Contributors Stars

Links

Contribute

PR's welcomed.

Template line for GitHub projects (replace USER_REPO):

| []() | [![Last Commit](https://img.shields.io/github/last-commit/USER_REPO)](https://github.com/USER_REPO/commits) | [![Contributors](https://img.shields.io/github/contributors/USER_REPO)](https://github.com/USER_REPO/graphs/contributors) | [![Stars](https://img.shields.io/github/stars/USER_REPO)](https://github.com/USER_REPO/stargazers) |

Template line for GitLab projects (replace USER_REPO):

| []() | [![Last Commit](https://badgen.net/gitlab/last-commit/USER_REPO)](https://gitlab.com/USER_REPO/-/commits/master) | [![Contributors](https://badgen.net/gitlab/contributors/USER_REPO/)](https://gitlab.com/USER_REPO/-/graphs/master) | [![Stars](https://badgen.net/gitlab/stars/USER_REPO/)](https://gitlab.com/USER_REPO/-/starrers) |