Free Vulnerability Management Tools
Discover, prioritize, and remediate vulnerabilities with free and open source tools. Browse vulnerability scanners, patch management, and risk-based prioritization tools.
Showing 24 of 500 tools
trivy
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nuclei
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
lynis
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
vuls
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
oss-fuzz
google/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
nuclei-templates
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
grype
anchore/grype
A vulnerability scanner for container images and filesystems
wpscan
wpscanteam/wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
Sn1per
1N3/Sn1per
Attack Surface Management Platform
Scanners-Box
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
osv-scanner
google/osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
cve
trickest/cve
Gather and update all available and newest CVEs with their PoC.
PoC-in-GitHub
nomi-sec/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
DependencyCheck
dependency-check/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
reconftw
six2dez/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
faraday
infobyte/faraday
Open Source Vulnerability Management Platform
AFLplusplus
AFLplusplus/AFLplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
linux-exploit-suggester
The-Z-Labs/linux-exploit-suggester
Linux privilege escalation auditing tool
syzkaller
google/syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
clusterfuzz
google/clusterfuzz
Scalable fuzzing infrastructure.
cli
snyk/cli
Snyk CLI scans and monitors your projects for security vulnerabilities.
hackerone-reports
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
Nettacker
OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
django-DefectDojo
DefectDojo/django-DefectDojo
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Related Security Domains
Frequently Asked Questions
What is the best free vulnerability scanner?
OpenVAS (Greenbone Vulnerability Manager) is the most comprehensive free vulnerability scanner, covering thousands of CVEs across network services, operating systems, and applications. Nessus Essentials offers free scanning for up to 16 IPs. Nuclei is excellent for fast, template-based vulnerability detection.
What is CVSS and how is it used?
CVSS (Common Vulnerability Scoring System) is a standardized framework for rating the severity of security vulnerabilities on a 0–10 scale. Scores consider exploitability, impact, and scope. Security teams use CVSS scores to prioritize patching — critical (9.0–10.0) vulnerabilities are addressed first.
What is the difference between a vulnerability scanner and a penetration test?
A vulnerability scanner automatically identifies known weaknesses using a database of signatures. A penetration test involves a human tester actively attempting to exploit vulnerabilities to determine real-world impact. Scanners are broad and fast; pen tests are targeted and deep. Both are necessary for a complete security program.
How do I track vulnerabilities across my organization?
Open source vulnerability management platforms like DefectDojo, Faraday, and Archery aggregate findings from multiple scanners, track remediation status, and provide metrics. They integrate with Jira, GitHub Issues, and CI/CD pipelines to manage the full vulnerability lifecycle.