Skip to content

Tools

Vulnerability Scanning tools 16 tools

Submit tool
Category
Health

16 tools

msaad00/agent-bom Healthy open source

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Checkov Healthy open source

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Pompelmi Healthy open source

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.
trufflehog Healthy open source

Find, verify, and analyze leaked credentials
gebalamariusz/cloud-audit Healthy open source

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.
Secrover Mixed open source

Open-source security reports — no paywalls, just actionable insights.
grype Mixed open source

A vulnerability scanner for container images and filesystems
Trivy At Risk open source

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
is-website-vulnerable Healthy open source

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Bearer Mixed open source

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Sigma2KQL Mixed open source

A repository of all SIGMA rules converted to KQL that runs on a weekly schedule to update the repository and align with the up to date version of the SIGMA rules repository.
Deepfence ThreatMapper At Risk open source

Open Source Cloud Native Application Protection Platform (CNAPP)
clamav Mixed open source

ClamAV - Documentation is here: https://docs.clamav.net
Tsunami At Risk open source

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Deepfence SecretScanner At Risk open source

unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock
ajitpratap0/GoSQLX Healthy open source

7 SQL tools (validate, format, parse, lint, security scan, metadata extraction, full analysis) over Streamable HTTP. Public remote server at mcp.gosqlx.dev - no install needed. 1.25M+ ops/sec, 6 SQL dialects.

Beta — feedback welcome: [email protected]