Scanbee — No frills less verbose Security Scanner for AI era Builders

It is a free, open-source penetration testing tool. It is designed specifically for testing web applications and is both flexible and extensible.

detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base. However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backwards compatible, systematic means of: Preventing new secrets from entering the code base, Detecting if such preventions are explicitly bypassed, and Providing a checklist of secrets to roll, and migrate off to a more secure storage.

The first platform scanning all GitHub public activity in real time for API secret tokens, database credentials or vault keys. Be alerted in seconds. Integrate in minutes.

BitResurrector v3.0 is a high-performance suite for recovering lost Bitcoin private keys. It leverages extreme GPU acceleration, AVX-512 parallelism, and cryptographic optimizations like Montgomery REDC. Built for "Digital Archaeology," it specializes in auditing historical PRNG weaknesses and statistical anomalies in early blockchain assets.

An open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

Precogs AI is an AI-native code security platform designed to detect real, exploitable vulnerabilities with high precision and minimal false positives. In addition to code security, it extends to binary analysis and data protection, helping teams secure applications across the entire development lifecycle. By leveraging deep semantic analysis and neural-symbolic reasoning, Precogs AI enables developers to reduce noise, prioritize real risks, and fix vulnerabilities faster within CI/CD pipelines.

The only self-service scanner with active adversarial probing for AI endpoints. 12 Parallel Security Checks get your results in less than a minute. No agents. No SDK. No credentials required. Paste a URL, get a security score with actionable findings.

It is a compliance-focused pentesting-as-a-service platform. It allows companies to easily schedule and manage penetration tests, designed for both compliance and security enhancement.

It is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operates in an interactive mode to guide penetration testers in both overall progress and specific operations.

Autonomous AI security agents that run nonstop pentests to protect your websites, APIs and cloud infrastructure.

RedVeil offers on-demand penetration testing powered by agentic AI. Uncover vulnerabilities and get actionable at a fraction of traditional costs.

One AI-powered platform that detects, prioritizes, and remediate vulnerabilities and malware end-to-end without the traditional AppSec overhead.

Secuditor Lite is a free diagnostic security tool with a friendly GUI for Windows endpoints and networks. It helps identify system vulnerabilities, improve device Operational Security (OPSEC), detect network elements, and generate structured audit reports, all in one place. Suitable for both personal and organizational environments.

A breakthrough approach to securing applications built with AI assistance. SecVibe complements your existing security stack with specialized controls.

You built the app. We'll find the holes. One audit, one payment — no security knowledge required. Free quick scan, $29 deep audit.

Use AI safely with UnblockDevs — a powerful toolkit to mask sensitive JSON and SQL data before sending it to AI, fix broken or stringified JSON, unpack messy logs, and decode JWT tokens instantly. Perfect for developers working with APIs, debugging logs, and handling sensitive data. Everything runs 100% in your browser with zero uploads, so your code and data stay private while you clean, parse, format, and analyze it.

Find security vulnerabilities in your Replit, Bolt, Lovable, Cursor, and v0 projects. 40+ parallel scanner engines, risk scoring A+ to F, SARIF/CSV/PDF reports, and CI/CD integration.

PixelHush automatically hides tokens, API keys and passwords in your code editor the moment screen recording or sharing starts. No more leaked secrets in tutorials, demos, or live calls.

ZeroThreat.ai is an AI-powered web application and API pentesting platform designed to identify real, exploitable vulnerabilities—not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10× faster, deeply validated security testing. Unlike traditional DAST tools that rely on static signatures and generate excessive noise, ZeroThreat.ai executes adaptive, attacker-style workflows that evolve based on application behavior. Its interpreter-driven vulnerability intelligence continuously ingests emerging threats and newly disclosed CVEs, enabling near real-time detection updates and rapid CVE-to-exploit mapping. The platform supports over 100,000 vulnerability checks, including native Nuclei template execution, and extends beyond known issues with zero-day detection through behavioral pattern analysis. It validates every finding through live exploit execution, ensuring only real, impactful vulnerabilities are reported—with clear proof of risk and exposed data. ZeroThreat.ai is purpose-built for modern applications, with advanced browser automation for SPAs, authenticated testing, and complex multi-step workflows. It identifies critical issues such as auth bypass, business logic flaws, and workflow abuse that traditional scanners miss.

Axeploit signs up and navigates your platform independently, then scans for over 7,500 known vulnerabilities. Just like a real attacker.

At its core, Vulseek combines automated asset discovery and scanning with intelligent risk prioritization, allowing security teams to focus on what truly matters. Its customizable dashboards, real-time alerts, and integrations with popular ticketing systems and SIEMs help ensure vulnerabilities are addressed swiftly and systematically.

Continuous security platform for smart contracts and ZK circuits. Static analysis, fuzzing, and formal verification in one integrated workflow.

It is an online platform for checking port status. It checks whether a port is open, closed or filtered based on port number and IP address. The tool can handle IPv4/IPv6 IP addresses of a network. The tool verifies ports on both the internal computing network and the external one as well. This tool offers a premium feature of version scan and country-wise server testing to its users. With its unlimited usage, one can take maximum advantage of the tool for network issues troubleshooting.

DeepStrike, a world-renowned leader in penetration testing and attack surface management, enables organizations to expand their security initiatives confidently

Add white-label pentesting to your MSP stack. Client portal, branded reports, full API, scheduled scans. Ship your first pentest to a client in minutes.

Secrets, authentication tokens, passwords, and keys pose a security risk if they are left unprotected in production workloads. SecretScanner inspects file systems and running containers, identifying over 140 different types of secret data.

It is an open-source Java application for network communication proxying for the purpose of penetration testing. It allows penetration testers to set up proxies and interceptors to manage the traffic transmitted between client and server.