Best Open-source Application Security Testing (SAST/DAST/SCA) tools

Dependency-Check

Detect known vulnerabilities in project dependencies automatically.

KICS

Secure your infrastructure-as-code before deployment with KICS

OSV-Scanner

Comprehensive vulnerability scanner for code, containers, and licenses

Nuclei

Fast, template-driven vulnerability scanner with zero false positives

ZAP

Automated web app security scanner for developers and pentesters

Nikto

Comprehensive Perl-based web server vulnerability scanner that detects misconfigurations and known exploits

Archery

Unified vulnerability scanner for CI/CD pipelines and DevOps teams

Raccoon

Fast, asynchronous reconnaissance suite for offensive security professionals

Arachni

Intelligent Ruby scanner for dynamic web application security

Nebula

AI-driven CLI assistant that automates penetration testing workflows

crawlergo

Headless Chrome crawler that harvests high-quality URLs for security testing

Vulnhuntr

AI-driven static analysis uncovers remote exploit chains in Python code

BinAbsInspector

Static binary analyzer for automated vulnerability detection via abstract interpretation

Jackhammer

Unified platform for collaborative security scanning and vulnerability management

RapidScan

Automated multi-tool web vulnerability scanner for rapid assessments