The visitor is looking for a security scanning tool that uses customizable templates to identify known vulnerabilities across large-scale infrastructure.

usestrix/strix is the closest match — Strix is a comprehensive security orchestration platform that uses customizable agent-based templates to perform automated vulnerability research, infrastructure mapping, and CI/CD-integrated scanning.. Other strong matches: aquasecurity/trivy, projectdiscovery/nuclei, yogeshojha/rengine, arachni/arachni.

Why does usestrix/strix match “a templated vulnerability scanner”?

Strix is a comprehensive security orchestration platform that uses customizable agent-based templates to perform automated vulnerability research, infrastructure mapping, and CI/CD-integrated scanning.

Why does aquasecurity/trivy match “a templated vulnerability scanner”?

Trivy is a comprehensive vulnerability and misconfiguration scanner that supports template-based policy evaluation, CI/CD integration, and infrastructure auditing, making it a flagship tool for large-scale security scanning.

Why does projectdiscovery/nuclei match “a templated vulnerability scanner”?

Nuclei is a template-driven vulnerability scanning engine that supports distributed execution, CI/CD integration, and custom detection logic, making it a comprehensive tool for large-scale infrastructure security assessment.

Why does yogeshojha/rengine match “a templated vulnerability scanner”?

This platform functions as a comprehensive reconnaissance and vulnerability management framework that supports automated scanning workflows and template-driven reporting, making it a strong fit for infrastructure-wide security monitoring.

Why does arachni/arachni match “a templated vulnerability scanner”?

Arachni is a distributed web application security scanner that supports automated vulnerability detection and plugin-based extensibility, making it a strong fit for infrastructure-focused security auditing despite its primary focus on web-layer vulnerabilities.

Template-Based CVE Vulnerability Scanners

Automated security tools that utilize customizable templates to identify known vulnerabilities across large-scale infrastructure environments.

Find the best repos with AI.We'll search the best matching repositories with AI.

usestrix/strix
usestrix/strix
20,138View on GitHub
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
Strix is a comprehensive security orchestration platform that uses customizable agent-based templates to perform automated vulnerability research, infrastructure mapping, and CI/CD-integrated scanning.
PythonPipeline SecurityAttack Surface ManagementCI/CD Pipeline Integrations
View on GitHub20,138
aquasecurity/trivy
aquasecurity/trivy
36,462View on GitHub
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Trivy is a comprehensive vulnerability and misconfiguration scanner that supports template-based policy evaluation, CI/CD integration, and infrastructure auditing, making it a flagship tool for large-scale security scanning.
GoPipeline Security ToolsVulnerability Intelligence Feeds
View on GitHub36,462
projectdiscovery/nuclei
projectdiscovery/nuclei
29,189View on GitHub
Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Nuclei is a template-driven vulnerability scanning engine that supports distributed execution, CI/CD integration, and custom detection logic, making it a comprehensive tool for large-scale infrastructure security assessment.
GoAsset Discovery ToolsDistributed Scanning AgentsSecurity Automation Templates
View on GitHub29,189
yogeshojha/rengine
yogeshojha/rengine
8,472View on GitHub
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
This platform functions as a comprehensive reconnaissance and vulnerability management framework that supports automated scanning workflows and template-driven reporting, making it a strong fit for infrastructure-wide security monitoring.
HTMLAttack Surface ManagementAttack Surface MappingInfrastructure Reconnaissance
View on GitHub8,472
arachni/arachni
Arachni/arachni
4,000View on GitHub
Arachni is a dynamic application security testing vulnerability scanner and web application security tool. It functions as a distributed web audit framework that performs active and passive audits to identify security flaws such as SQL injection and cross-site scripting. The project features a JavaScript-aware web crawler that executes scripts and monitors DOM changes to analyze modern dynamic web applications. It utilizes server platform fingerprinting to target compatible security payloads and provides a grid-based system to distribute scanning workloads across multiple nodes. The tool cov
Arachni is a distributed web application security scanner that supports automated vulnerability detection and plugin-based extensibility, making it a strong fit for infrastructure-focused security auditing despite its primary focus on web-layer vulnerabilities.
RubyDistributed Scanning AgentsDistributed Security Scanning Frameworks
View on GitHub4,000
blacklanternsecurity/bbot
blacklanternsecurity/bbot
9,929View on GitHub
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
This tool functions as an automated reconnaissance and attack surface mapping framework that uses modular plugins and YARA rules to identify vulnerabilities across infrastructure, though it focuses more on discovery and OSINT than on traditional CVE-based vulnerability management.
PythonAttack Surface ManagementAttack Surface MappersAttack Surface Mapping
View on GitHub9,929
prowler-cloud/prowler
prowler-cloud/prowler
13,049View on GitHub
Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf
Prowler is a robust cloud security and posture management tool that provides automated infrastructure scanning, compliance mapping, and remediation guidance, making it a strong fit for identifying vulnerabilities in large-scale cloud environments.
PythonPipeline SecurityRemediation Guides
View on GitHub13,049
six2dez/reconftw
six2dez/reconftw
7,226View on GitHub
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
This tool functions as a comprehensive reconnaissance and attack surface management framework that orchestrates various security scanners, including template-based engines like Nuclei, to identify vulnerabilities across large-scale infrastructure.
ShellDistributed Scanning AgentsScanning Template LibrariesAttack Surface Management
View on GitHub7,226
tfsec/tfsec
tfsec/tfsec
7,013View on GitHub
tfsec is a static analysis tool and security scanner for infrastructure as code, specifically designed to detect misconfigurations and compliance violations in Terraform and cloud infrastructure definitions before deployment. It functions as a cloud security policy engine that identifies vulnerabilities across multiple cloud platforms. The tool provides capabilities for cloud compliance auditing and scanning of Cloud Development Kit code. It supports custom security policy enforcement and allows for the definition of organization-specific security requirements. The scanner includes features
This tool is a specialized static analysis scanner for infrastructure-as-code configurations that supports custom policy templates and CI/CD integration, though it focuses on misconfiguration detection rather than live infrastructure vulnerability scanning.
GoCI Pipeline IntegrationsCI/CD Pipeline Integrations
View on GitHub7,013
owasp-amass/amass
owasp-amass/amass
14,155View on GitHub
Amass is an attack surface management tool designed to identify, map, and inventory an organization's internet-facing digital assets. It functions as a security asset discovery engine that systematically expands an organization's known infrastructure footprint through recursive domain name resolution and the collection of intelligence from diverse public data sources. The platform distinguishes itself by utilizing a graph-based modeling approach to organize discovered resources. By maintaining a persistent graph database, it tracks the relationships between infrastructure components and norma
This tool focuses on attack surface management and asset discovery rather than template-based vulnerability scanning or CVE-driven remediation, making it a reconnaissance building block rather than a full-scale vulnerability scanner.
GoAsset Discovery ToolsAttack Surface Management
View on GitHub14,155
trickest/cve
trickest/cve
7,882View on GitHub
This project is a vulnerability intelligence database and aggregator that organizes common vulnerabilities and exposures alongside their corresponding proof-of-concept exploit code. It functions as a security vulnerability tracker and an indexed directory of public exploit payloads. The system monitors new security flaws and updates to known exploits through repository watches and atom feeds. It utilizes automated aggregation to collect vulnerability details from centralized repositories and discovers associated exploit code via reference analysis and global searches. The tool provides capab
This project is a vulnerability intelligence database and exploit aggregator rather than a security scanning tool capable of performing infrastructure-wide vulnerability assessments or CI/CD integration.
HTMLVulnerability Intelligence FeedsCVE Vulnerability AggregatorsVulnerability Monitoring Systems
View on GitHub7,882
infobyte/faraday
infobyte/faraday
6,523View on GitHub
Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag
Faraday is a vulnerability management platform that aggregates and normalizes data from various security scanners, providing the centralized tracking and remediation reporting required for large-scale infrastructure, though it functions as an orchestration layer rather than a standalone scanning engine.
PythonDistributed Scanning AgentsRemediation TrackingScanning Template Libraries
View on GitHub6,523
subfinder/subfinder
subfinder/subfinder
13,859View on GitHub
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
This tool is a specialized subdomain enumeration utility for reconnaissance rather than a vulnerability scanner, making it a building block for asset discovery rather than a tool for identifying known CVEs.
GoAsset Discovery ToolsAttack Surface MappingInfrastructure Reconnaissance
View on GitHub13,859
owasp/amass
OWASP/Amass
14,722View on GitHub
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
This tool focuses on network reconnaissance and attack surface mapping rather than vulnerability scanning, serving as a discovery component you would use to identify assets before running a vulnerability scan.
GoAsset Discovery ToolsAttack Surface MappersAttack Surface Mapping
View on GitHub14,722
1n3/sn1per
1N3/Sn1per
10,049View on GitHub
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Sn1per is a comprehensive vulnerability management and penetration testing platform that automates reconnaissance and scanning across infrastructure, fitting the category of a security orchestration tool despite its primary focus on offensive security workflows.
ShellAttack Surface ManagementAttack Surface Mapping
View on GitHub10,049
snyk/cli
snyk/cli
5,428View on GitHub
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
This tool is a comprehensive vulnerability scanner that integrates into CI/CD pipelines and provides remediation reporting, though it focuses more on application and dependency security than on infrastructure-wide asset discovery.
TypeScriptRemediation TrackingCI/CD Pipeline IntegrationsCI/CD
View on GitHub5,428
projectdiscovery/nuclei-templates
projectdiscovery/nuclei-templates
12,518View on GitHub
Nuclei-templates is a security automation framework and vulnerability scanning library designed for the continuous assessment of distributed infrastructure. It functions as a collection of structured configuration files that define how to identify security flaws and misconfigurations across web applications and network services. The project utilizes a declarative domain-specific language to decouple detection logic from the underlying execution engine. This approach allows for the creation of modular, protocol-agnostic scanning rules that can be updated independently of the core software. By
This repository provides the template library and detection logic definitions used by a scanner, rather than the standalone execution engine required to perform the actual infrastructure scanning and reporting.
JavaScriptScanning Template LibrariesSecurity Automation Templates
View on GitHub12,518
findomain/findomain
Findomain/Findomain
3,684View on GitHub
Findomain is a subdomain discovery tool and DNS resolver used for mapping an organization's external attack surface. It functions as a DNS infrastructure analyzer that searches for registered subdomains associated with a root domain to uncover undocumented infrastructure and services. The project includes an attack surface monitor that tracks changes to subdomains over time, using differential state monitoring to identify newly created or deleted assets. It provides real-time alerting via webhooks when changes in the monitored domain surface are detected. The system performs high-speed DNS r
This tool focuses on subdomain enumeration and attack surface mapping rather than vulnerability scanning or CVE-based security orchestration, making it a reconnaissance utility rather than a scanner.
RustAttack Surface ManagementAttack Surface Mapping
View on GitHub3,684

Template-Based CVE Vulnerability Scanners

usestrix/strix

aquasecurity/trivy

projectdiscovery/nuclei

yogeshojha/rengine

Arachni/arachni

blacklanternsecurity/bbot

prowler-cloud/prowler

six2dez/reconftw

tfsec/tfsec

owasp-amass/amass

trickest/cve

infobyte/faraday

subfinder/subfinder

OWASP/Amass

1N3/Sn1per

snyk/cli

projectdiscovery/nuclei-templates

Findomain/Findomain