PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Vulnerability Scanner Python Packages

Python packages with the GitHub topic vulnerability-scanner. Sorted by relevance, with stars and monthly downloads.
dalisecurity
fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

13K 50 4
wordfence
wordfence

Wordfence malware and vulnerability scanner command line utility.

10K 155 32
mrhenrike
industrialxpl-forge

The World's Largest OT/ICS/SCADA Security Assessment Framework. Python-First. 976+ modules, 150+ vendors, 50 protocols, MITRE ATT&CK for ICS 82%, SAST/LLM, 26 ICS malware TTPs.

9K 6 0
Pantheon-Security
medusa-security

AI-first security scanner. NEW in v2026.7: Claude Code compromise detection — vet .claude/ hooks, permissions & skills before you clone — plus an always-on AI attack-signature scanner and native Rust & PHP rules. Also: medusa scan --git to vet any repo, medusa secrets scan for leaked API keys. 40,000+ patterns, zero setup.

8K 893 150
HeadyZhang
agent-audit

Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.

8K 192 22
adudley78
mcp-audit-scanner

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, credential exposure, supply chain risks, and more.

8K 2 1
cpeoples
ansible-security-scanner

🛡️ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed.

8K 7 0
OWASP
docksec

AI-powered Docker security scanner that explains vulnerabilities in plain English. An OWASP Lab Project.

7K 450 87
Usta0x001
phantom-agent

Autonomous Offensive Security Intelligence AI-powered multi-agent penetration testing

6K 15 4
0xSteph
ptai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

6K 1K 242
dmartinochoa
pipeline-check

CI/CD Security Posture Scanner

6K 7 1
mrhenrike
embedxpl

Embedded Device Security Assessment Framework — 700 modules, 350 CVEs, 55 vendors, APT Group Engine. Covers routers, IP cameras, GPON ONTs, ISP CPEs, IoT/embedded edge.

6K 22 6
eccenca
trivy-py-ecc

pre-commit hook that mirrors the trivy for usage as pre-commit language

4K 1 0
AgentSeal
agentseal

Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.

4K 292 43
quodeq
quodeq

AI-powered code quality and security scanner. Open source, MIT, runs locally. <🧭>

3K 14 1
gebalamariusz
cloud-audit

Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes.

3K 64 13
novadyne-hq
vulnfeed-mcp

Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions.

2K 1 0
bawbel
bawbel-scanner

Open-source CLI scanner for agentic AI components such as skills, MCP servers, system prompts

2K 9 4
bryanflowers
wpsecscan

Defensive WordPress security scanner. 200+ checks, 8-source nightly CVE aggregator, AI-assisted remediation (BYO key), 15 compliance frameworks (OWASP/PCI/NIST/ISO/HIPAA/SOC2/HITRUST/CMMC), Sigstore-signed releases with SLSA L3 provenance, 10 threat-intel feeds (KEV/EPSS/Exploit-DB/ATT&CK/STIX/MISP/OTX/GreyNoise), continuous monitors, consent-gated exploit verification, multi-tenant RBAC/SSO/audit-log enterprise mode, 12 report formats. Authorized testing only.

2K 1 1
cawa102
cve-sentinel

CVE auto-detection and remediation proposal system for Claude Code

2K 0 0
CopperSunDev
brasscoders

The bug scanner for AI coders. Local-first, deterministic CLI that catches the bugs your AI coding assistant misses. 12 scanners in one tool. Apache 2.0.

2K 1 0
HrushiYadav
ragsec

Static security scanner for RAG pipelines. Detects injection, secret logging, auth gaps, SSRF, and more in Python codebases.

2K 0 0
Amal-David
keyleak-detector

Runtime leak detector for modern web apps — finds exposed API keys, validates BaaS misconfigurations (Supabase/Firebase RLS), and catches secrets in JS bundles. Chrome extension + CLI.

1K 260 31
ExploitCraft
reconninja

38-phase automated reconnaissance framework for security researchers

1K 40 8
    • Data from PyPI, GitHub, ClickHouse, and BigQuery