# Automated Web Application Vulnerability Scanners > Search results for `web application vulnerability scanner` on awesome-repositories.com. 114 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/web-application-vulnerability-scanner **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/web-application-vulnerability-scanner).** ## Results - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co - [astaxie/build-web-application-with-golang](https://awesome-repositories.com/repository/astaxie-build-web-application-with-golang.md) (43,920 ⭐) — This project is an open-source software engineering handbook and technical learning resource focused on backend web development. It provides a comprehensive guide to building server-side applications, covering the end-to-end flow of web requests from initial HTTP traffic handling to database integration and dynamic content rendering. The material follows a code-centric pedagogical pattern, anchoring theoretical concepts in functional snippets that demonstrate practical implementation. The curriculum is organized through progressive complexity sequencing, moving from foundational language synt - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup - [google/tsunami-security-scanner](https://awesome-repositories.com/repository/google-tsunami-security-scanner.md) (8,584 ⭐) — Tsunami Security Scanner is a network vulnerability scanner and security auditor designed to identify high-severity flaws across network assets. It functions as an asynchronous security probe engine that utilizes automated probes and specialized detection logic to find critical weaknesses and prioritize remediation efforts. The project is distinguished by a plugin-based scanning engine, which uses a modular architecture of interchangeable detection plugins to identify vulnerabilities. This extensibility allows for the development and integration of custom security plugins to expand the variet - [vulnerscom/burp-vulners-scanner](https://awesome-repositories.com/repository/vulnerscom-burp-vulners-scanner.md) (897 ⭐) — Vulnerability scanner based on vulners.com search API - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [silentsignal/damn-vulnerable-stateful-web-app](https://awesome-repositories.com/repository/silentsignal-damn-vulnerable-stateful-web-app.md) (14 ⭐) — Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [mishakorzik/allhackingtools](https://awesome-repositories.com/repository/mishakorzik-allhackingtools.md) (5,186 ⭐) — AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng - [dolevf/damn-vulnerable-graphql-application](https://awesome-repositories.com/repository/dolevf-damn-vulnerable-graphql-application.md) (1,691 ⭐) — Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security. - [donnemartin/system-design-primer](https://awesome-repositories.com/repository/donnemartin-system-design-primer.md) (353,387 ⭐) — This project is a comprehensive educational resource and study guide focused on distributed systems architecture and backend infrastructure design. It provides a structured curriculum for mastering the principles of scalability, reliability, and performance required to design complex software systems. The repository distinguishes itself by offering a methodical approach to technical interview preparation, incorporating design patterns, architectural trade-offs, and spaced repetition tools to help users retain complex concepts. It emphasizes constraint-driven analysis, teaching users how to ev - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating ext - [wapiti-scanner/wapiti](https://awesome-repositories.com/repository/wapiti-scanner-wapiti.md) (1,806 ⭐) — Web vulnerability scanner written in Python3 - [google/osv.dev](https://awesome-repositories.com/repository/google-osv-dev.md) (2,494 ⭐) — OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas - [christophetd/log4shell-vulnerable-app](https://awesome-repositories.com/repository/christophetd-log4shell-vulnerable-app.md) (1,142 ⭐) — Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). - [ultimatehackers/xsstrike](https://awesome-repositories.com/repository/ultimatehackers-xsstrike.md) (15,027 ⭐) — XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques. - [florinpop17/app-ideas](https://awesome-repositories.com/repository/florinpop17-app-ideas.md) (95,036 ⭐) — App-ideas is a development platform that integrates autonomous AI agents into local environments to orchestrate code review, automated fix application, and workflow management. It functions as a command-line interface that connects external AI assistants to your codebase, enabling iterative development cycles through plugin-based integration and natural language triggers. The platform distinguishes itself through a robust static analysis engine that traverses syntax trees to enforce structural coding standards and identify violations. Users can define custom review rules, architectural prefer - [hahwul/dalfox](https://awesome-repositories.com/repository/hahwul-dalfox.md) (4,846 ⭐) — Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t - [0x4d31/salt-scanner](https://awesome-repositories.com/repository/0x4d31-salt-scanner.md) (262 ⭐) — A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration. - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo - [hadarmanor/public-vulnerabilities](https://awesome-repositories.com/repository/hadarmanor-public-vulnerabilities.md) (14 ⭐) — All my public vulnerabilities. - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [vulnerscom/nmap-vulners](https://awesome-repositories.com/repository/vulnerscom-nmap-vulners.md) (3,381 ⭐) — NSE script based on Vulners.com API - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag - [ethicalhack3r/dvwa](https://awesome-repositories.com/repository/ethicalhack3r-dvwa.md) (13,236 ⭐) — DVWA is a vulnerable web application sandbox and PHP security training environment. It serves as a deployable penetration testing target and an OWASP Top 10 lab designed for practicing exploits and simulating common web security vulnerabilities. The application allows users to adjust security difficulty levels to match their skill level and toggle between different SQL database engines to test how various systems handle injection attacks. It includes a mechanism to disable authentication, enabling automated security tools to interact directly with the environment. The project provides capabi - [actix/actix-web](https://awesome-repositories.com/repository/actix-actix-web.md) (24,421 ⭐) — Actix Web is an asynchronous web framework designed for building high-performance network services. It provides a foundation for processing concurrent requests through a non-blocking execution model, utilizing an actor-based concurrency system to manage lightweight processes and message passing. The framework includes a low-level networking layer that handles the parsing and serialization of HTTP traffic according to standard specifications. The framework distinguishes itself through a type-safe routing engine that enforces strict data types at compile time, ensuring that request parameters a - [qazbnm456/awesome-web-security](https://awesome-repositories.com/repository/qazbnm456-awesome-web-security.md) (13,097 ⭐) — This project serves as a comprehensive cybersecurity training platform and resource repository focused on web application security. It functions as a centralized hub for security practitioners, providing both a curated collection of technical documentation and research, and a system for deploying isolated, containerized environments to practice security analysis and exploitation techniques. The platform distinguishes itself by integrating automated data aggregation with hands-on, container-based orchestration. It maintains a current knowledge base of industry research and digital threats whil - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro - [hawkeyesec/scanner-cli](https://awesome-repositories.com/repository/hawkeyesec-scanner-cli.md) (362 ⭐) — The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. - [digininja/dvwa](https://awesome-repositories.com/repository/digininja-dvwa.md) (13,229 ⭐) — DVWA is a vulnerable web application lab and penetration testing sandbox designed to simulate common security flaws. It serves as a training platform for the OWASP Top 10 security risks and functions as a PHP and MySQL security lab for practicing the identification and exploitation of web vulnerabilities. The project provides a graduated learning experience through configurable security levels that adjust the difficulty of the vulnerabilities. It also supports switching between different database engines to research how various storage systems respond to injection attacks. The application is - [nxgn-kd01/react2shell-scanner](https://awesome-repositories.com/repository/nxgn-kd01-react2shell-scanner.md) (2 ⭐) — Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Fast, accurate scanner with zero false positives. - [webgoat/webgoat](https://awesome-repositories.com/repository/webgoat-webgoat.md) (9,160 ⭐) — WebGoat is a deliberately insecure web application designed as an interactive security lab for learning how to identify and exploit common web vulnerabilities. It serves as a containerized sandbox that allows for the simulation and experimentation of web-based attacks and penetration testing techniques without risking production systems. The project functions as a learning lab that maps specific insecure coding patterns to structured lessons. It implements simulated server-side flaws to provide a hands-on environment for studying common security vulnerabilities and defensive coding practices. - [hyprwm/hyprland](https://awesome-repositories.com/repository/hyprwm-hyprland.md) (36,388 ⭐) — Hyprland is a Wayland compositor and tiling window manager for Linux systems. It functions as a display server protocol implementation that coordinates communication between hardware and graphical applications, while automatically organizing open windows into non-overlapping layouts to maximize screen space. The project distinguishes itself through a dynamic tiling engine that utilizes a binary space partitioning algorithm to calculate window geometry in real time. It provides a highly customizable workspace platform where users define system behavior and visual aesthetics through declarative - [chaitin/xray](https://awesome-repositories.com/repository/chaitin-xray.md) (11,612 ⭐) — Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro - [flutter/flutter](https://awesome-repositories.com/repository/flutter-flutter.md) (177,056 ⭐) — This project is a multi-platform UI framework designed for building applications that target mobile, web, and desktop environments from a single codebase. It utilizes a declarative paradigm where the user interface is defined as a function of application state, supported by a layered architecture that includes a high-performance rendering engine and a multi-platform compilation model. The framework provides a comprehensive suite of developer tools, including hot reloading for real-time code injection and diagnostic utilities for monitoring application state and performance. It features a modu - [bishopfox/iam-vulnerable](https://awesome-repositories.com/repository/bishopfox-iam-vulnerable.md) (574 ⭐) — Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. - [flutter-team-archive/plugins](https://awesome-repositories.com/repository/flutter-team-archive-plugins.md) (17,710 ⭐) — This project is a collection of official plugin packages and a native integration library designed to provide a consistent interface for accessing hardware and software functionality across different mobile and desktop platforms. It serves as a native platform bridge, enabling cross-platform applications to invoke native code and manage operating system dependencies. The project utilizes a federated plugin architecture, splitting plugins into common interfaces and separate platform implementations to allow for independent development and extension. It further supports native integration throu - [faizann24/fwaf-machine-learning-driven-web-application-firewall](https://awesome-repositories.com/repository/faizann24-fwaf-machine-learning-driven-web-application-firewall.md) (437 ⭐) — Machine learning driven web application firewall to detect malicious queries with high accuracy. - [juice-shop/juice-shop](https://awesome-repositories.com/repository/juice-shop-juice-shop.md) (12,530 ⭐) — Juice Shop is a self-contained web application designed as a platform for cybersecurity education and security training. It functions as a controlled environment containing intentional security flaws, allowing users to practice offensive security techniques and defensive coding practices while tracking their progress through a live scoreboard. The platform serves as an industry-standard benchmark for evaluating the effectiveness and detection accuracy of automated security scanning tools. By hosting a standardized set of known vulnerabilities and common attack patterns, it provides a reliable - [trimstray/the-book-of-secret-knowledge](https://awesome-repositories.com/repository/trimstray-the-book-of-secret-knowledge.md) (228,641 ⭐) — This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal - [fetchai/innovation-lab-examples](https://awesome-repositories.com/repository/fetchai-innovation-lab-examples.md) (1,028 ⭐) — This project provides a comprehensive framework for building, deploying, and orchestrating autonomous agents within a decentralized network. It serves as a collection of patterns and examples for developing intelligent software entities capable of performing complex tasks, making decisions, and interacting with other agents to achieve shared goals. The framework distinguishes itself through its focus on multi-agent orchestration and decentralized communication. It enables the coordination of specialized agent teams that collaborate on workflows through structured messaging protocols, allowing - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part - [netdiscover-scanner/netdiscover](https://awesome-repositories.com/repository/netdiscover-scanner-netdiscover.md) (385 ⭐) — Netdiscover, ARP Scanner (official repository) - [bytebytegohq/system-design-101](https://awesome-repositories.com/repository/bytebytegohq-system-design-101.md) (83,491 ⭐) — This project is a centralized engineering knowledge repository that provides a structured curriculum for mastering system design, architectural patterns, and fundamental software development workflows. It serves as a professional development resource for engineers, offering foundational knowledge and real-world case studies to support the design of scalable, secure, and efficient distributed systems. The repository distinguishes itself through a visual-first approach to knowledge synthesis, distilling complex technical concepts into high-density graphical diagrams and succinct illustrations. - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma - [portswigger/upload-scanner](https://awesome-repositories.com/repository/portswigger-upload-scanner.md) (419 ⭐) — HTTP file upload scanner for Burp Proxy - [ariga/atlas](https://awesome-repositories.com/repository/ariga-atlas.md) (8,096 ⭐) — Atlas is a SQL database schema management tool and database infrastructure as code framework. It provides a declarative database migration engine that computes the difference between a desired schema state and the current database state to automatically generate the necessary SQL for transitions. The project distinguishes itself through a comprehensive suite of analysis and visualization tools, including a database schema linter that detects destructive changes and data loss risks. It also features a SQL schema visualization tool capable of generating entity-relationship diagrams from extract