Commercial

An open-source cloud security assessment tool that performs automated auditing of AWS, Azure, GCP, and Kubernetes environments against hundreds of security best-practice checks.

A fast, open-source static analysis tool that uses lightweight pattern matching to find bugs, security vulnerabilities, and anti-patterns across 30+ programming languages.

Developer security platform providing software composition analysis, static code analysis, container scanning, and IaC security testing integrated into the development workflow.

The most widely deployed platform for continuous code quality and security analysis, performing static analysis across 30+ languages to detect bugs, vulnerabilities, and code smells.

Commercial DAST/IAST web application security scanner with proof-based scanning, DeepScan JavaScript rendering, and optional grey-box AcuSensor agent for code-level precision.

Commercial network security scanner and patch management platform that audits, identifies, and remediates vulnerabilities across Windows, macOS, and Linux endpoints.

Enterprise-grade DAST platform using proof-based scanning to automatically confirm exploitable vulnerabilities in web applications and APIs with near-zero false positives.

The world's most widely used penetration testing framework, providing a modular library of 2,600+ exploits, 2,100+ payloads, and 1,300+ auxiliary tools for the full attack lifecycle.

Rapid7's on-premise vulnerability management scanner with Active Risk scoring, continuous asset discovery, and compliance benchmarking across network infrastructure and endpoints.

Cloud-native enterprise security platform delivering continuous vulnerability management, web application scanning, and compliance auditing across IT assets and cloud workloads.

The de facto WordPress security scanner, enumerating plugins, themes, and core versions against a curated database of 71,900+ known WordPress vulnerabilities.

A modern web application security proxy built in Rust, designed for penetration testers and bug bounty hunters as a fast alternative to legacy Java-based tools.

The industry standard for vulnerability assessment, providing deep scanning capabilities for IT assets and compliance.

Professional tools for web application security testing, from scanning for vulnerabilities to exploiting them.