Open-Source

A static analysis tool for Infrastructure as Code that scans Terraform, CloudFormation, Kubernetes, Helm, ARM, and Serverless configurations for security misconfigurations and compliance violations.

An automated, all-in-one mobile application security testing framework supporting static and dynamic analysis of Android, iOS, and Windows mobile apps.

An open-source cloud security assessment tool that performs automated auditing of AWS, Azure, GCP, and Kubernetes environments against hundreds of security best-practice checks.

A fast, open-source static analysis tool that uses lightweight pattern matching to find bugs, security vulnerabilities, and anti-patterns across 30+ programming languages.

The most widely deployed platform for continuous code quality and security analysis, performing static analysis across 30+ languages to detect bugs, vulnerabilities, and code smells.

A comprehensive open-source security scanner for containers, filesystems, Git repositories, and Infrastructure as Code, detecting vulnerabilities, misconfigurations, and exposed secrets.

An open-source security platform providing unified host-based intrusion detection, vulnerability assessment, compliance auditing, and threat detection across endpoints, servers, and cloud workloads.

The de facto standard open-source suite for 802.11 wireless network security auditing, covering packet capture, traffic analysis, injection, and WEP/WPA/WPA2 key recovery.

Fast, cross-platform IP address and port scanner with a simple GUI, supporting multithreaded scanning, NetBIOS resolution, and multi-format export across Windows, macOS, and Linux.

The world's most widely used penetration testing framework, providing a modular library of 2,600+ exploits, 2,100+ payloads, and 1,300+ auxiliary tools for the full attack lifecycle.

Internet-scale TCP port scanner capable of transmitting 10 million packets per second, scanning the entire IPv4 address space in under five minutes.

A fast, lightweight port scanner built for attack surface discovery with SYN, CONNECT, and UDP scanning plus native Nmap and ProjectDiscovery toolchain integration.

A fast, template-driven vulnerability scanner with 12,000+ community-maintained detection templates covering CVEs, misconfigurations, and exposures across web, network, and cloud.

Attack surface intelligence framework performing network mapping and external asset discovery using OSINT gathering and active reconnaissance across 50+ data sources.

The de facto WordPress security scanner, enumerating plugins, themes, and core versions against a curated database of 71,900+ known WordPress vulnerabilities.

Modular application-layer network scanner that performs deep protocol handshakes and banner grabbing across 33+ protocols, outputting structured JSON transcripts at Internet scale.

Stateless single-packet network scanner engineered for Internet-wide surveys, capable of scanning the entire IPv4 space on a single port in under 45 minutes.

Open-source web server scanner that checks for dangerous files, outdated software, and misconfigurations across 6,700+ known vulnerability signatures.

The industry-standard network mapper for host discovery, port scanning, OS detection, and security auditing across networks of any scale.

The definitive open-source SQL injection detection and exploitation tool, supporting 30+ database management systems and six injection techniques.

A full-featured vulnerability scanner with a large community and comprehensive vulnerability tests updated daily.

The world's most widely used web app scanner. Free and open source for both automation and manual testing.