awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

15 repositorios

Awesome GitHub RepositoriesWeb Application Scanners

Automated tools for discovering security vulnerabilities in web servers and applications.

Explore 15 awesome GitHub repositories matching part of an awesome list · Web Application Scanners. Refine with filters or upvote what's useful.

Awesome Web Application Scanners GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • projectdiscovery/nucleiAvatar de projectdiscovery

    projectdiscovery/nuclei

    29,189Ver en GitHub↗

    Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ

    Template-based scanner for fast, targeted vulnerability discovery.

    Goattack-surfacecve-scannerdast
    Ver en GitHub↗29,189
  • sullo/niktoAvatar de sullo

    sullo/nikto

    10,104Ver en GitHub↗

    Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are

    Comprehensive web server scanner for known vulnerabilities.

    Perl
    Ver en GitHub↗10,104
  • blacklanternsecurity/bbotAvatar de blacklanternsecurity

    blacklanternsecurity/bbot

    9,929Ver en GitHub↗

    This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte

    Recursive internet scanner for OSINT and asset discovery.

    Python
    Ver en GitHub↗9,929
  • wpscanteam/wpscanAvatar de wpscanteam

    wpscanteam/wpscan

    9,636Ver en GitHub↗

    WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the

    Security scanner specifically for WordPress installations.

    Ruby
    Ver en GitHub↗9,636
  • six2dez/reconftwAvatar de six2dez

    six2dez/reconftw

    7,226Ver en GitHub↗

    reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio

    Automated reconnaissance tool for domain enumeration and vulnerability discovery.

    Shellbug-bountybugbountybugbounty-tool
    Ver en GitHub↗7,226
  • j3ssie/osmedeusAvatar de j3ssie

    j3ssie/Osmedeus

    6,425Ver en GitHub↗

    Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp

    Orchestration engine for automating complex security scanning workflows.

    Go
    Ver en GitHub↗6,425
  • commixproject/commixAvatar de commixproject

    commixproject/commix

    5,757Ver en GitHub↗

    Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str

    Automated tool for finding and exploiting command injection vulnerabilities.

    Python
    Ver en GitHub↗5,757
  • stark0de/nginxpwnerAvatar de stark0de

    stark0de/nginxpwner

    1,599Ver en GitHub↗

    Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

    Identifies common Nginx misconfigurations and security vulnerabilities.

    Python
    Ver en GitHub↗1,599
  • droope/droopescanAvatar de droope

    droope/droopescan

    1,432Ver en GitHub↗

    A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

    Plugin-based scanner for identifying issues in various CMS platforms.

    HTML
    Ver en GitHub↗1,432
  • vigolium/vigoliumAvatar de vigolium

    vigolium/vigolium

    737Ver en GitHub↗

    Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

    High-fidelity vulnerability scanner utilizing agentic AI.

    Go
    Ver en GitHub↗737
  • hacktus/jmx2rceH

    Hacktus/jmx2rce

    0Ver en GitHub↗

    Exploitation tool for unauthenticated Tomcat JMX proxy access.

    Ver en GitHub↗0
  • spinkham/skipfishS

    spinkham/skipfish

    0Ver en GitHub↗

    Active reconnaissance tool for web application security.

    Ver en GitHub↗0
  • adityaks/spartyA

    adityaks/sparty

    0Ver en GitHub↗

    Audit tool for SharePoint and FrontPage web application architectures.

    Ver en GitHub↗0
  • crashbrz/webxmlexploiterC

    crashbrz/WebXmlExploiter

    0Ver en GitHub↗

    Exploits misconfigured or exposed web.xml files.

    Ver en GitHub↗0
  • mrcl0wnlab/shellshockhunterM

    MrCl0wnLab/ShellShockHunter

    0Ver en GitHub↗

    Scanner for identifying Shellshock vulnerabilities in web environments.

    Ver en GitHub↗0
  1. Home
  2. Part of an Awesome List
  3. Developer Tools
  4. Web Application Scanners