Security automation content in SCAP, Bash, Ansible, and other formats

cve-search - a tool to perform local searches for known vulnerabilities

NIST Certified SCAP 1.2 toolkit

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Mapping the information system / Cartographie du système d'information

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

A suite of utilities to help with software supply chain challenges on nix targets

A simple Java command-line utility to mirror the CVE JSON data from NIST.

PatrowlHears - Vulnerability Intelligence Center / Exploits

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

A suite of Chef cookbooks that we use to manage our fleet of client devices

Tool to guess CPE name based on common software name

MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and CVE/CPE vulnerability intelligence. Works with Claude Code, Codex, Gemini CLI, and Claude Desktop.

TeamsACS exclusively serves Mikrotik's TR069 ACS server

Automated configuration files for your GenieACS deployment

Simple REST-style web service for the CVE searching

The clever vulnerability dependency finder

Repository for the IPvSeeYou talk at Black Hat 2021

Open Source Tool - Cybersecurity Graph Database in Neo4j

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.