# Automated DAST Web Vulnerability Scanners > Search results for `automated DAST scanner to find runtime web vulnerabilities` on awesome-repositories.com. 115 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/automated-dast-scanner-to-find-runtime-web-vulnerabilities **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/automated-dast-scanner-to-find-runtime-web-vulnerabilities).** ## Results - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co - [dotnet/runtime](https://awesome-repositories.com/repository/dotnet-runtime.md) (17,966 ⭐) — This project is a cross-platform managed execution environment and general-purpose application framework designed for building high-performance software. It provides a unified runtime that handles memory management, type safety, and code execution across diverse operating systems. By integrating a native code compilation toolchain, the platform enables developers to convert managed code into optimized machine instructions, significantly improving startup performance and reducing runtime dependencies for production environments. The framework distinguishes itself through a comprehensive toolch - [google/tsunami-security-scanner](https://awesome-repositories.com/repository/google-tsunami-security-scanner.md) (8,584 ⭐) — Tsunami Security Scanner is a network vulnerability scanner and security auditor designed to identify high-severity flaws across network assets. It functions as an asynchronous security probe engine that utilizes automated probes and specialized detection logic to find critical weaknesses and prioritize remediation efforts. The project is distinguished by a plugin-based scanning engine, which uses a modular architecture of interchangeable detection plugins to identify vulnerabilities. This extensibility allows for the development and integration of custom security plugins to expand the variet - [vulnerscom/burp-vulners-scanner](https://awesome-repositories.com/repository/vulnerscom-burp-vulners-scanner.md) (897 ⭐) — Vulnerability scanner based on vulners.com search API - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [google/osv.dev](https://awesome-repositories.com/repository/google-osv-dev.md) (2,494 ⭐) — OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas - [silentsignal/damn-vulnerable-stateful-web-app](https://awesome-repositories.com/repository/silentsignal-damn-vulnerable-stateful-web-app.md) (14 ⭐) — Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [wapiti-scanner/wapiti](https://awesome-repositories.com/repository/wapiti-scanner-wapiti.md) (1,806 ⭐) — Web vulnerability scanner written in Python3 - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ - [crocodilestick/calibre-web-automated](https://awesome-repositories.com/repository/crocodilestick-calibre-web-automated.md) (4,834 ⭐) — Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co - [zan8in/afrog](https://awesome-repositories.com/repository/zan8in-afrog.md) (4,182 ⭐) — afrog is an HTTP vulnerability scanner and web vulnerability management system that identifies security flaws and known CVEs using a YAML-based rule engine. It functions as a payload generator and scanner, comparing server responses against detection rules to find unauthorized access points. The project provides a framework for out-of-band security testing, detecting blind vulnerabilities by triggering and verifying external DNS or HTTP callbacks. Beyond web traffic, it includes a protocol fuzzer capable of executing multi-step read and write sequences over raw TCP and SSL sockets to identify - [projectdiscovery/nuclei-templates](https://awesome-repositories.com/repository/projectdiscovery-nuclei-templates.md) (12,518 ⭐) — Nuclei-templates is a security automation framework and vulnerability scanning library designed for the continuous assessment of distributed infrastructure. It functions as a collection of structured configuration files that define how to identify security flaws and misconfigurations across web applications and network services. The project utilizes a declarative domain-specific language to decouple detection logic from the underlying execution engine. This approach allows for the creation of modular, protocol-agnostic scanning rules that can be updated independently of the core software. By - [florinpop17/app-ideas](https://awesome-repositories.com/repository/florinpop17-app-ideas.md) (95,036 ⭐) — App-ideas is a development platform that integrates autonomous AI agents into local environments to orchestrate code review, automated fix application, and workflow management. It functions as a command-line interface that connects external AI assistants to your codebase, enabling iterative development cycles through plugin-based integration and natural language triggers. The platform distinguishes itself through a robust static analysis engine that traverses syntax trees to enforce structural coding standards and identify violations. Users can define custom review rules, architectural prefer - [0x4d31/salt-scanner](https://awesome-repositories.com/repository/0x4d31-salt-scanner.md) (262 ⭐) — A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration. - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [actions/starter-workflows](https://awesome-repositories.com/repository/actions-starter-workflows.md) (11,694 ⭐) — This project provides a comprehensive library of standardized workflow templates designed to automate continuous integration, deployment, and repository maintenance tasks. By offering a collection of pre-configured blueprints, it enables developers to initialize and manage automated pipelines for diverse programming languages and platforms using declarative configuration files. The repository functions as a centralized resource for bootstrapping automation, allowing teams to inject repository-specific metadata and dynamic variables into standardized templates. This approach ensures consistent - [autoscrape-labs/pydoll](https://awesome-repositories.com/repository/autoscrape-labs-pydoll.md) (6,919 ⭐) — pydoll is a Chrome DevTools Protocol automation library and headless browser controller used for web data extraction and parallel browser automation. It controls Chromium-based browsers via direct WebSocket connections, allowing it to manage isolated browser contexts and tabs while bypassing the overhead and detection associated with WebDriver. The project features an anti-bot evasion framework that mimics natural human behavior, including mouse movements generated via Bezier curves and variable typing patterns. It provides specialized stealth capabilities to bypass behavioral analysis and au - [armosec/kubescape](https://awesome-repositories.com/repository/armosec-kubescape.md) (11,482 ⭐) — Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo - [introlab/find-object](https://awesome-repositories.com/repository/introlab-find-object.md) (477 ⭐) — Find-Object project - [wazuh/wazuh](https://awesome-repositories.com/repository/wazuh-wazuh.md) (14,779 ⭐) — Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito - [hiddify/hiddify-app](https://awesome-repositories.com/repository/hiddify-hiddify-app.md) (30,948 ⭐) — Hiddify is a cross-platform proxy client designed to manage secure network connections and traffic routing across desktop and mobile operating systems. It functions as a unified proxy manager, providing a centralized interface to configure and control various network proxy protocols for encrypted and private internet access. The application distinguishes itself by integrating local loopback interception, which configures the operating system network stack to route traffic through a local port for granular filtering. It also serves as a self-hosted infrastructure tool, enabling users to automa - [christophetd/log4shell-vulnerable-app](https://awesome-repositories.com/repository/christophetd-log4shell-vulnerable-app.md) (1,142 ⭐) — Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). - [aboutcode-org/scancode-toolkit](https://awesome-repositories.com/repository/aboutcode-org-scancode-toolkit.md) (2,567 ⭐) — ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le - [portswigger/wordpress-scanner](https://awesome-repositories.com/repository/portswigger-wordpress-scanner.md) (75 ⭐) — Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essentia - [lirantal/is-website-vulnerable](https://awesome-repositories.com/repository/lirantal-is-website-vulnerable.md) (2,029 ⭐) — finds publicly known security vulnerabilities in a website's frontend JavaScript libraries - [bee-san/rustscan](https://awesome-repositories.com/repository/bee-san-rustscan.md) (19,969 ⭐) — RustScan is a high-speed network reconnaissance tool designed for automated port discovery and service enumeration. It functions as an automated vulnerability scanner that identifies open ports and active services across network environments, providing a foundation for mapping attack surfaces and gathering intelligence on target systems. The tool distinguishes itself through its ability to dynamically adjust scanning parameters and concurrency in real-time based on system feedback, ensuring efficient performance while preventing network congestion. It features an extensible architecture that - [f/prompts.chat](https://awesome-repositories.com/repository/f-prompts-chat.md) (163,814 ⭐) — This platform serves as a centralized management system for organizing, refining, and versioning AI instructions and agent skills. It functions as a repository that enables users to store, categorize, and retrieve structured prompts, ensuring consistent performance across various artificial intelligence models. By integrating with the Model Context Protocol, the system allows external AI assistants and development environments to discover and access these instruction libraries directly. The platform distinguishes itself through its focus on prompt engineering and automated refinement, utilizi - [portswigger/backslash-powered-scanner](https://awesome-repositories.com/repository/portswigger-backslash-powered-scanner.md) (712 ⭐) — Finds unknown classes of injection vulnerabilities - [usestrix/strix](https://awesome-repositories.com/repository/usestrix-strix.md) (20,138 ⭐) — Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno - [sindresorhus/find-up](https://awesome-repositories.com/repository/sindresorhus-find-up.md) (640 ⭐) — Find a file or directory by walking up parent directories - [sullo/nikto](https://awesome-repositories.com/repository/sullo-nikto.md) (10,104 ⭐) — Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag - [camel-ai/camel](https://awesome-repositories.com/repository/camel-ai-camel.md) (17,253 ⭐) — This project is a comprehensive framework for building and managing autonomous agent systems. It provides a unified architecture for orchestrating multi-agent societies, where specialized agents collaborate through roleplay to decompose and solve complex tasks. The system integrates language models with external environments, enabling agents to perform real-world actions through a standardized tool-calling abstraction layer. The framework distinguishes itself through its focus on iterative reasoning and data reliability. It employs automated feedback loops to refine agent outputs and self-eva - [shadow1ng/fscan](https://awesome-repositories.com/repository/shadow1ng-fscan.md) (13,421 ⭐) — Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor - [hawkeyesec/scanner-cli](https://awesome-repositories.com/repository/hawkeyesec-scanner-cli.md) (362 ⭐) — The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. - [ripienaar/free-for-dev](https://awesome-repositories.com/repository/ripienaar-free-for-dev.md) (123,154 ⭐) — This project is a community-maintained directory of technical resources, tools, and services that offer free tiers for developers. It serves as a centralized reference point for discovering infrastructure, software, and educational materials, helping individuals and teams minimize operational costs while building and scaling applications. The directory distinguishes itself through a collaborative, community-driven curation model that aggregates metadata about third-party services. By utilizing a hierarchical taxonomy and storing all content in version-controlled, plain-text files, the project - [apache/flink](https://awesome-repositories.com/repository/apache-flink.md) (26,086 ⭐) — Apache Flink is a distributed processing engine designed for both high-throughput, low-latency data streams and finite batch workloads. It functions as a stateful stream processor and a SQL stream processing engine, providing a unified runtime to execute relational queries and event-based transformations. The system is distinguished by its ability to manage persistent operator state to ensure exactly-once processing guarantees and consistency during failures. It features specialized capabilities for complex event processing to detect temporal patterns and handles out-of-order events using eve - [future-architect/vuls](https://awesome-repositories.com/repository/future-architect-vuls.md) (12,185 ⭐) — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit - [chalarangelo/30-seconds-of-code](https://awesome-repositories.com/repository/chalarangelo-30-seconds-of-code.md) (128,121 ⭐) — 30-seconds-of-code is a comprehensive knowledge base and programming snippet library designed to support software engineering education and professional development. It provides a curated collection of reusable code units and technical guides that help developers master core language mechanics, design patterns, and architectural philosophies. The project distinguishes itself by offering a wide-ranging library of algorithmic solutions and web development patterns that are organized into modular, independently testable units. It emphasizes functional programming paradigms and declarative logic, - [runtime-org/runtime](https://awesome-repositories.com/repository/runtime-org-runtime.md) (201 ⭐) — Deterministic skills-based browser agent - [infoslack/awesome-web-hacking](https://awesome-repositories.com/repository/infoslack-awesome-web-hacking.md) (6,909 ⭐) — A list of web application security - [hadarmanor/public-vulnerabilities](https://awesome-repositories.com/repository/hadarmanor-public-vulnerabilities.md) (14 ⭐) — All my public vulnerabilities. - [rails/rails](https://awesome-repositories.com/repository/rails-rails.md) (58,690 ⭐) — This project is a full-stack web framework designed for building database-backed applications through a standardized architectural pattern. It provides a comprehensive suite of integrated libraries that manage the entire request-response lifecycle, from routing incoming web traffic to rendering dynamic server-side templates. By utilizing an object-relational mapping layer, the framework allows developers to define domain models that map database tables directly to application objects, simplifying data persistence, schema migrations, and complex relationship management. The framework is distin - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro - [bishopfox/iam-vulnerable](https://awesome-repositories.com/repository/bishopfox-iam-vulnerable.md) (574 ⭐) — Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.