> Hacking Tools > Vulnerability & Exploit Tools
When you really need to know those credentials users keep typing, try one of our keyloggers and let them do the work for you.
- This section contains additional details, usage notes, caveats, or historical context about these tools.
| Tool Name | Resource Path | Description |
|---|---|---|
| NIST NVD (National Vulnerability Database) | NIST NVD | The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government's primary, publicly accessible repository for standards-based cybersecurity vulnerability management data. It enhances CVEs (Common Vulnerability and Exposures) records with analysis, such as severity ratings and scores (CVSS), impact metrics, and actionable, machine-readable information that helps organizations identify and mitigate security risks. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware. Launched in 1999 and maintained by The MITRE Corporation, it serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| GitHub Advisory Database | GitHub Advisory Database | The GitHub Advisory Database is a public, open-source collection of known security vulnerabilities and malware that affect open-source platforms and projects. It aggregates vulnerability information from various sources, including the National Vulnerability Database (NVD), language-specific package managers, and community contributions, and provides detailed, actionable data for developers, security professionals and researchers to secure their software environments. |
| The Open Cloud Vulnerability & Security Issue Database (CVDB) | Cloud Vulnerability Database | The Open Cloud Vulnerability & Security Issue Database (CVDB) is an open-source, community-driven project that catalogs, tracks, and analyzes security vulnerabilities in Cloud Service Providers (CSPs) like AWS (Amazon Web Services), Azure, and GCP (Google Cloud Platform). It acts as a centralized repository for cloud-specific security flaws that often lack CVE identifiers, providing detection and remediation guidance also. |
| Open Source Vulnerabilities (OSV) | OSV |
OSV.dev (Open Source Vulnerabilities) is a Google-maintained database and service that acts as a centralized repository for open-source vulnerability information. It provides a standardized, machine-readable format to aggregate, distribute, and query security vulnerabilities across numerous ecosystems - such as npm, PyPI, Go, Maven, and Linux distributions - enabling automated, precise scanning of software dependencies.
|
| Vulners.com | Vulners.com | Vulners.com is a comprehensive, AI-powered security intelligence platform and database that aggregates over 3 million security entries, including CVEs, exploits, and vendor advisories from 200+ sources. It serves as a one-stop shop for cybersecurity professionals, enabling rapid identification to software vulnerabilities, risk assessment, and tracking of active threats in near-real-time. |
| OpenCVE (Opensource Vulnerability Management Platform) | OpenCVE | OpenCVE.io is an open-source Vulnerability Intelligence Platform designed to help security teams monitor and manage CVEs (Common Vulnerabilities and Exposures). It aggregates vulnerability data from multiple sources, including MITRE, the NVD, RedHat, and CISA. The platform allows for searching and filtering by CVSS score, CWE, EPSS metrics, or KEV (Known Exploited Vulnerabilities) status. Newer features include AI report summaries to help teams quickly digest large volumes of vulnerability data. |
| Snyk | Snyk Security |
security.snyk.io is the public interface for the Snyk Vulnerability Database, a comprehensive and hand-curated repository of security intelligence used to identify vulnerabilities in open-source software, containers, and code. It provides a "health score" for open-source packages based on popularity, maintenance, and security history, helping developers choose safer dependencies. Remediation recommendations are provided and often include actionable advice, such as the specific version of a library that contains a fix, which is more detailed than standardized CVE reports. The database uses semantic versioning and interval notation to clearly show which exact versions of a package are affected.
How It Differs from OpenCVE.io: While OpenCVE.io acts as a centralized dashboard for tracking official CVEs across many vendors, security.snyk.io is specifically optimized for Software Composition Analysis (SCA). It focuses heavily on the open-source ecosystem and often identifies vulnerabilities before they are assigned a formal CVE. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
| MITRE CVE (Common Vulnerability and Exposures) | MITRE CVE | The MITRE Common Vulnerabilities and Exposures (CVE) system is a standardized, publicly available, and industry-standard dictionary of idenified cybersecurity vulnerabilities in software and firmware, launched in 1999 and maintained by The MITRE Corporation. It serves as a, "common language" for security professionals to share, track, and prioritize vulnerabilities, ensuring that different tools and researchers reference the same security flaws. |
