┌──(root㉿IHA089)-[/Toolkit/Automation & Template-Based Scanning/Template-Based Vulnerability Scanners]
└─#
Nuclei
Nuclei Nuclei is the high-speed, template-driven scanner that blasts through targets with YAML-based workflows, detecting CVEs, misconfigs, and exposures via community-curated templates for web, network, and cloud assets. Clone the repo, fire up the Go binary with your template dir, and customize rules for scoped hunts without rewriting from scratch. Open-source from ProjectDiscovery, it's the modular missile for pentesters automating vuln discovery across diverse attack surfaces.
Explore →Sn1per
Sn1per Sn1per is the automated recon scanner leveraging modular templates for subdomain enum, vuln checks, and screenshot captures, chaining tools like Nmap and Nuclei for full-spectrum recon in one command. Install via git clone, target your domain with custom profiles, and output JSON for pipeline integration. Open-source from 1N3, it's the one-shot orchestrator for individuals streamlining external pentests with template-driven flows.
Explore →Vuls
Vuls Vuls is the agentless vuln scanner for Linux distros, using config templates to query CPE databases and remote CVEs against installed packages for prioritized risk reports. Set up via Go install, define servers in TOML, and run scans for diff outputs highlighting changes since last check. Open-source from future-architect, it's the package profiler for sysadmins templating compliance audits across fleets.
Explore →Trivy
Trivy Trivy's IaC template scanner probes Terraform and K8s YAML for misconfigs using built-in policy packs, flagging risks like open S3 buckets or unbound ports in pre-deploy checks. Run the Go CLI on your configs with --scanners config, outputting SARIF for GitHub integration. Open-source from Aqua Security, it's the infra inspector for devs embedding template-based security in CI pipelines.
Explore →OpenVAS
OpenVAS OpenVAS harnesses NASL script templates for comprehensive vuln scanning, from network services to web apps, with a vast NVT library for automated discovery and exploitation checks. Deploy via source compile, configure feeds, and launch scans from the web UI for report exports. Open-source fork of Nessus, it's the script-slinging sentinel for pentesters templating enterprise-wide assessments.
Explore →ZAP (Zed Attack Proxy)
ZAP ZAP's add-on template system runs scripted scans for API vulns and passive checks, using YAML add-ons for custom rules in automated baseline or active attacks. Install the Java app, load scripts via marketplace, and proxy traffic for template-driven fuzzing. Open-source from OWASP, it's the extensible executor for web pentesters chaining templates into dynamic scans.
Explore →Sn0int
Sn0int Sn0int is the modular recon framework with template-based commands for DNS, whois, and HTTP probes, scripting workflows in Lua for targeted intel gathering. Clone and run the Go binary, defining modules for custom templates like subdomain brute-forcing. Open-source from kpcyrd, it's the scriptable scout for individuals templating OSINT chains into repeatable recon.
Explore →Atomic Red Team
Atomic Red Team Atomic Red Team uses YAML test templates to simulate MITRE ATT&CK techniques, validating detections by executing atomic actions like PowerShell downloads on endpoints. Pull the repo, run tests via Invoke-AtomicTest, and log outcomes for blue-team tuning. Open-source from Red Canary, it's the technique tester for pentesters templating red-team exercises into measurable evals.
Explore →Clair
Clair Clair's vulnerability matcher uses JSON layer templates to scan container images against CVE databases, indexing manifests for queryable risk assessments in registries. Docker-run the Go service, push images for analysis, and query APIs for template-driven reports. Open-source from Quay, it's the container curator for devs scanning builds with predefined vuln signatures.
Explore →YARA