English | 简体中文
Scanners Box also known as scanbox, is a powerful hacker toolkit, which collects more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc. But for other Well-known scanning tools, such as awvs,nmap,w3af will not be included in the scope of collection.
- Subdomain Scanners or Enumeration Tools
- Database Vulnerability Scanners or Enumeration Tools
- Weak Passwords Scanners or Enumeration Tools
- IoT Detecting Tools or Scanners
- Reflect or DOM-Based XSS Scanners
- Enterprise Assets Management or Leaks Gather Tools
- Webshell Detection or Malware Analysis Tools
- Intranet Penetration Tools or Scanners
- Middleware Scanners or Fingerprint Tools
- Special Scanners(Just for some special Components)
- Wireless Network Scanners
- Local Network(Local Area Network) Scanners
- Modular Design Scanners or Vulnerability Detecting Framework
- Some Tools relate with APT
- Some Security Tools relate with ICS & Large network
- https://github.com/lijiejie/subDomainsBrute - A classical subdomain enumeration Tool by lijiejie
Rating: 🌟🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/ring04h/wydomain - A Speed and Precision subdomain Enumeration Tool by ringzero
Rating: 🌟🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/le4f/dnsmaper - Subdomain Enumeration tool with map record
Rating: 🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/0xbug/orangescan - Online Subdomain Enumeration Tool
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/TheRook/subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains,supported API
Rating: 🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/We5ter/GSDF - Subdomain enumeration via Google Certificate Transparency
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/mandatoryprogrammer/cloudflare_enum - Subdomain enumeration via CloudFlare
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/guelfoweb/knock - Knock Subdomain Scan
Rating: 🌟🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✔️
- https://github.com/exp-db/PythonPool/tree/master/Tools/DomainSeeker - An Intergratd Python Subdomain Enumeration Tool
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/code-scan/BroDomain - Find brother domain
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/chuhades/dnsbrute - A fast domain brute tool
Rating: 🌟🌟🌟🌟 | Language: Go | Ongoing[last 6 months]: ✖️
- https://github.com/yanxiu0614/subdomain3 - A simple and fast tool for bruting subdomains
Rating: 🌟🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/michenriksen/aquatone - A powerful subdomain tool and Domain takeovers finding tools
Rating: 🌟🌟🌟🌟 | Language: Go | Ongoing[last 6 months]: ✔️
- https://github.com/evilsocket/dnssearch - A subdomain enumeration tool
Rating: 🌟🌟🌟🌟 | Language: Go | Ongoing[last 6 months]: ✖️
- https://github.com/reconned/domained - Subdomain enumeration tools for bug hunting
Rating: 🌟🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/bit4woo/Teemo - A Domain Name & Email Address Collection Tool
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/laramies/theHarvester - E-mail, subdomain and people names harvester
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/nmalcolm/Inventus - A spider designed to find subdomains of a specific domain by crawling it
Rating: 🌟🌟🌟🌟 | Language: Python 2.x/3.x | Ongoing[last 6 months]: ✖️
- https://github.com/aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
Rating: 🌟🌟🌟🌟🌟 | Language: Python 2.x/3.x | Ongoing[last 6 months]: ✔️
- https://github.com/jonluca/Anubis - Subdomain enumeration and information gathering tool
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/n4xh4ck5/N4xD0rk - Listing subdomains about a main domain
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/infosec-au/altdns - Subdomain discovery through alterations and permutations
Rating: 🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/FeeiCN/ESD - Enumeration sub domains tool,based on AsyncIO and non-repeating dict
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/UnaPibaGeek/ctfr - Abusing Certificate Transparency logs for getting HTTPS websites subdomains
Rating: 🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/giovanifss/Dumb - Dumain Bruteforcer, a fast and flexible domain bruteforcer
Rating: 🌟🌟🌟🌟 | Language: Haskell | Ongoing[last 6 months]: ✖️
- https://github.com/caffix/amass - Subdomain Enumeration in Go
Rating: 🌟🌟🌟🌟🌟 | Language: Go | Ongoing[last 6 months]: ✔️
- https://github.com/Ice3man543/subfinder - A subdomain discovery tool which has a simple modular architecture and has been aimed as a successor to sublist3r project
Rating: 🌟🌟🌟🌟🌟 | Language: Go | Ongoing[last 6 months]: ✔️
- https://github.com/0xbug/SQLiScanner - A SQLi Vulnerability Scanner via SQLMAP and Charles
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✖️
- https://github.com/stamparm/DSSS - A SQLi Vulnerability Scanner with 99 lines of code
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✔️
- https://github.com/youngyangyang04/NoSQLAttack - A SQLi Vulnerability Scanner for mongoDB
Rating: 🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/Neohapsis/bbqsql - A Blind SQLi Vulnerability Scanner
Rating: 🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/NetSPI/PowerUpSQL - A SQLi Vulnerability Scanner with Powershell Script
Rating: 🌟🌟🌟🌟 | Language: Powershell | Ongoing[last 6 months]: ✔️
- https://github.com/WhitewidowScanner/whitewidow - Another SQL Vulnerability Scanner
Rating: 🌟🌟 | Language: Ruby | Ongoing[last 6 months]: ✖️
- https://github.com/stampery/mongoaudit - A powerful MongoDB auditing and pentesting tool
Rating: 🌟🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✖️
- https://github.com/torque59/Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
Rating: 🌟🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/missDronio/blindy - Simple script to automate brutforcing blind sql injection vulnerabilities
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/fengxuangit/Fox-scan - A initiative and passive SQL Injection vulnerable Test tools
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/JohnTroony/Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers
Rating: 🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/ron190/jsql-injection - A lightweight application used to find database information from a distant server
Rating: 🌟🌟🌟 | Language: Java | Ongoing[last 6 months]: ✖️
- https://github.com/Hadesy2k/sqliv - Massive SQL injection vulnerability scanner
Rating: 🌟🌟🌟 | Language: Python 2.x | Ongoing[last 6 months]: ✖️
- https://github.com/s0md3v/sqlmate - A friend of SQLmap which will do what you always expected from SQLmap
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✖️
- https://github.com/m8r0wn/enumdb - MySQL and MSSQL brute force and post exploitation tool
Rating: 🌟🌟🌟🌟 | Language: Python 3.x | Ongoing[last 6 months]: ✔️
- https://github.com/lijiejie/htpwdScan (A python HTTP weak pass scanner)
- https://github.com/ysrc/F-Scrack (single file bruteforcer supports multi-protocol)
- https://github.com/Mebus/cupp (Common User Passwords Profiler)
- https://github.com/netxfly/crack_ssh (Ssh\redis\mongodb weak password bruteforcer)
- https://github.com/LandGrey/pydictor (A useful hacker dictionary builder for a brute-force attack)
- https://github.com/shengqi158/weak_password_detect (A python HTTP weak password scanner)
- https://github.com/s0md3v/Blazy (Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF)
- https://github.com/MooseDojo/myBFF (Web application brute force framework,supports Citrix Gateway,CiscoVPN and so on)
- https://github.com/rapid7/IoTSeeker (Weak-password IoT Devices Scanner)
- https://github.com/shodan-labs/iotdb (IoT Devices Scanner via nmap)
- https://github.com/googleinurl/RouterHunterBR (Testing vulnerabilities in devices and routers connected to the Internet)
- https://github.com/scu-igroup/telnet-scanner (weak telnet password scanner based on password enumeration)
- https://github.com/viraintel/OWASP-Nettacker (Network Information Gathering Vulnerability Scanner,most useful to scan IoT)
- https://github.com/threat9/routersploit (Exploitation Framework for Embedded Devices,such as router)
- https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer)
- https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing)
- https://github.com/0x584A/fuzzXssPHP (A very simple reflected XSS scanner supports GET/POST)
- https://github.com/chuhades/xss_scan (Reflected XSS scanner)
- https://github.com/BlackHole1/autoFindXssAndCsrf (A plugin for browser that checks automatically whether a page haves XSS and CSRF vulnerabilities)
- https://github.com/shogunlab/shuriken (XSS command line tool for testing lists of XSS payloads on web apps)
- https://github.com/s0md3v/XSStrike (fuzz and bruteforce parameters for XSS,WAFs detect and bypass)
- https://github.com/stamparm/DSXS (A fully functional Cross-site scripting vulnerability scanner,supporting GET and POST parameters,and written in under 100 lines of code)
- https://github.com/ysrc/xunfeng (Vulnerability rapid response,scanning system for Intranet)
- https://github.com/laramies/theHarvester (E-mail, subdomain and people names harvester)
- https://github.com/x0day/Multisearch-v2 (Enterprise assets collector based on search engine)
- https://github.com/Ekultek/Zeus-Scanner (An advanced dork searching tool that is capable of finding IP address /URL blocked by search engine,and can run sqlmap and nmap scans on the URL's)
- https://github.com/0xbug/Biu-framework (Security Scan Framework For Enterprise Intranet Based Services)
- https://github.com/metac0rtex/GitHarvester (Used for harvesting information from GitHub)
- https://github.com/shengqi158/svnhack (A
.svnfolder disclosure exploit) - https://github.com/repoog/GitPrey (Searching sensitive files and contents in GitHub)
- https://github.com/0xbug/Hawkeye (Github leak scan foe enterprise)
- https://github.com/lianfeng30/githubscan (Github leak scan for enterprise)
- https://github.com/UnkL4b/GitMiner (Advanced search tool and automation in Github)
- https://github.com/lijiejie/GitHack (A
.gitfolder disclosure exploit) - https://github.com/dxa4481/truffleHog (Searches high entropy strings through git repositories)
- https://github.com/1N3/Goohak (Automatically Launch Google Hacking Queries Against A Target Domain)
- https://github.com/UKHomeOffice/repo-security-scanner (CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys)
- https://github.com/FeeiCN/GSIL (Github Sensitive Information Leakage)
- https://github.com/MiSecurity/x-patrol (Github leaked patrol)
- https://github.com/1N3/BlackWidow (Gather OSINT and fuzz for OWASP vulnerabilities on a target website)
- https://github.com/anshumanbh/git-all-secrets (A tool to capture all the git secrets by leveraging multiple open source git searching tools)
- https://github.com/s0md3v/Photon (Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. )
- https://github.com/VKSRC/Github-Monitor (Github Sensitive Information Leakage Monitor by vipkid SRC)
- https://github.com/he1m4n6a/findWebshell (Simple webshell Detector)
- https://github.com/Tencent/HaboMalHunter (Used for automated malware analysis and security assessment on the Linux system)
- https://github.com/PlagueScanner/PlagueScanner (Open source multiple AV scanner framework)
- https://github.com/nbs-system/php-malware-finder (An awesome tool to detect potentially malicious PHP files)
- https://github.com/emposha/PHP-Shell-Detector (Helps you find and identify php/cgi(perl)/asp/aspx shells)
- https://github.com/erevus-cn/scan_webshell (Simple webshell Detector)
- https://github.com/emposha/Shell-Detector (A application that helps you find and identify php/perl/asp/aspx shells)
- https://github.com/m4rco-/dorothy2 (A malware/botnet analysis framework written in Ruby)
- https://github.com/droidefense/engine (Advance Android Malware Analysis Framework)
- https://github.com/lcatro/network_backdoor_scanner (An internal network scanner like meterpreter)
- https://github.com/fdiskyou/hunter (User hunter using WinAPI calls only)
- https://github.com/BlackHole1/WebRtcXSS (Use XSS automation Invade intranet)
- https://github.com/ring04h/wyportmap (Target port scanning + system service fingerprint recognition)
- https://github.com/ring04h/weakfilescan (Dynamic multi - thread sensitive information leak detection tool)
- https://github.com/EnableSecurity/wafw00f (Identify and fingerprint Web Application Firewall)
- https://github.com/rbsec/sslscan (Tests SSL/TLS enabled services to discover supported cipher suites)
- https://github.com/urbanadventurer/whatweb (Website Fingerprinter)
- https://github.com/tanjiti/FingerPrint (Another Website Fingerprinter)
- https://github.com/nanshihui/Scan-T (A new spider based on python with more function including Network fingerprint search)
- https://github.com/OffensivePython/Nscan (Fast internet-wide scanner)
- https://github.com/ywolf/F-NAScan (Scanning a network asset information script)
- https://github.com/ywolf/F-MiddlewareScan (A vulnerability detection scripts for middleware services)
- https://github.com/maurosoria/dirsearch (Web path scanner)
- https://github.com/x0day/bannerscan (C-segment Banner with path scanner)
- https://github.com/RASSec/RASscan (Internal network port speed scanners)
- https://github.com/3xp10it/bypass_waf (Automatic WAF Bypass Fuzzing Tool)
- https://github.com/3xp10it/xcdn (Try to find out the actual ip behind cdn)
- https://github.com/Xyntax/BingC (Based on the Bing search engine C / side-stop query, multi-threaded, supported API)
- https://github.com/Xyntax/DirBrute (Multi-thread WEB directory enumerating tool)
- https://github.com/zer0h/httpscan (A HTTP Service detector with a crawler from IP/CIDR)
- https://github.com/lietdai/doom (Distributed task distribution of the ip port vulnerability scanner based on thorn)
- https://github.com/chichou/grab.js (Fast TCP banner grabbing like zgrab, but supports much more protocol)
- https://github.com/Nitr4x/whichCDN (Detect if a given website is protected by a Content Delivery Network)
- https://github.com/secfree/bcrpscan (Base on crawler result web path scanner)
- https://github.com/mozilla/ssh_scan (A prototype SSH configuration and policy scanner)
- https://github.com/18F/domain-scan (Scans domains for data on their HTTPS configuration and assorted other things)
- https://github.com/ggusoft/inforfinder (A tool made to collect information of any domain pointing at a server and fingerprinter)
- https://github.com/boy-hack/gwhatweb (Fingerprinter for CMS)
- https://github.com/Mosuan/FileScan (Sensitive files scanner)
- https://github.com/Xyntax/FileSensor (Dynamic file detection tool based on crawler)
- https://github.com/deibit/cansina (Web Content Discovery Tool)
- https://github.com/0xbug/Howl (Network equipment, web services, fingerprint scanner and database)
- https://github.com/mozilla/cipherscan (A very simple way to find out which SSL ciphersuites are supported by a target)
- https://github.com/xmendez/wfuzz (Web application fuzzer/framework and web content scanner)
- https://github.com/s0md3v/Breacher (An advanced multithreaded admin panel finder written in python)
- https://github.com/ztgrace/changeme (A default credential scanner)
- https://github.com/medbenali/CyberScan (An open source penetration testing tool that can analyse packets,decoding,scanning ports, pinging and geolocation of an IP)
- https://github.com/m0nad/HellRaiser (HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities)
- https://github.com/scipag/vulscan (Advanced vulnerability scanning with Nmap NSE)
- https://github.com/jekyc/wig (WebApp Information Gatherer)
- https://github.com/eldraco/domain_analyzer (Analyze the security of any domain by finding all the information possible)
- https://github.com/cloudtracer/paskto (Passive directory scanner and web crawler based on Nikto DB)
- https://github.com/zerokeeper/WebEye (A web service and WAF fingerprinter)
- https://github.com/m3liot/shcheck (Just check security headers on a target website)
- https://github.com/aipengjie/sensitivefilescan (A speed and awesome sensitive files scanner)
- https://github.com/fnk0c/cangibrina (A fast and powerfull dashboard (admin) finder)
- https://github.com/n4xh4ck5/CMSsc4n (Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla)
- https://github.com/Ekultek/WhatWaf (Detect and bypass web application firewalls and protection systems)
- https://github.com/dzonerzy/goWAPT (Go Web Application Penetration Test and web application fuzz tool)
- https://github.com/blackye/webdirdig (Sensitive files scanner)
- https://github.com/GitHackTools/BillCipher (Information Gathering tool for a Website or IP address)
- https://github.com/boy-hack/w8fuckcdn (Get the website real IP address by scanning the entire net)
- https://github.com/boy-hack/w11scan (Distributed WEB fingerprint identification platform)
- https://github.com/Nekmo/dirhunt (Find web directories without bruteforce)
- https://github.com/MetaChar/pyHAWK (Searches the directory of choice for interesting files. Such as database files and files with passwords stored on them)
- https://github.com/H4ckForJob/dirmap (An advanced web directory scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian)
- https://github.com/blackye/Jenkins (Jenkins vulnerability detection, user grab enumerating)
- https://github.com/code-scan/dzscan (discuz scanner)
- https://github.com/chuhades/CMS-Exploit-Framework (CMS Exploit Framework)
- https://github.com/lijiejie/IIS_shortname_Scanner (An IIS shortname Scanner)
- https://github.com/riusksk/FlashScanner (Flash XSS Scanner)
- https://github.com/coffeehb/SSTIF (Server Side Template Injection Tool)
- https://github.com/epinna/tplmap (Automatic Server-Side Template Injection Detection and Exploitation Tool)
- https://github.com/cr0hn/dockerscan (Docker security analysis & hacking tools)
- https://github.com/m4ll0k/WPSeku (Simple Wordpress Security Scanner)
- https://github.com/rastating/wordpress-exploit-framework (Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems)
- https://github.com/ilmila/J2EEScan (A plugin for Burp Suite Proxy to improve the test coverage during web application penetration tests on J2EE applications)
- https://github.com/riusksk/StrutScan (Struts2 Vuls Scanner base perl script)
- https://github.com/D35m0nd142/LFISuite (Totally Automatic LFI Exploiterand Scanner supports Reverse Shell)
- https://github.com/0x4D31/salt-scanner (Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration)
- https://github.com/tijme/angularjs-csti-scanner (Automated client-side template injection detection for AngularJS)
- https://github.com/irsdl/IIS-ShortName-Scanner (Scanners for IIS short filename 8.3 disclosure vulnerability)
- https://github.com/swisskyrepo/Wordpresscan (WPScan rewritten in Python + some WPSeku ideas)
- https://github.com/CHYbeta/cmsPoc (CMS Exploit Framework)
- https://github.com/rudSarkar/crlf-injector (Auto CRLF Injector)
- https://github.com/3gstudent/Smbtouch-Scanner (Automatically scan the inner network to detect whether they are vulnerable)
- https://github.com/utiso/dorkbot (Command-line tool to scan Google search results for vulnerabilities)
- https://github.com/OsandaMalith/LFiFreak (A unique automated LFi Exploiter with Bind/Reverse Shells)
- https://github.com/mak-/parameth (This tool can be used to brute discover GET and POST parameters)
- https://github.com/Lucifer1993/struts-scan (Struts2 vuls Scanner,supported all vuls)
- https://github.com/hahwul/a2sv (Auto Scanning to SSL Vulnerability,such as heartbleed etc)
- https://github.com/NullArray/DorkNet (Selenium powered Python script to automate searching for vulnerable web apps)
- https://github.com/NickstaDB/BaRMIe (Java RMI enumeration and attack tool)
- https://github.com/RetireJS/grunt-retire (Scanner detecting the use of JavaScript libraries with known vulnerabilities)
- https://github.com/kotobukki/BDA (The vulnerability detector for Hadoop and Spark)
- https://github.com/jagracey/Regex-DoS (RegEx Denial of Service Scanner)
- https://github.com/milesrichardson/docker-onion-nmap (Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq)
- https://github.com/Moham3dRiahi/XAttacker (Web CMS Exploit Framework)
- https://github.com/lijiejie/BBScan (A tiny Batch weB vulnerability Scanner)
- https://github.com/almandin/fuxploider (File upload vulnerability scanner and exploitation tool)
- https://github.com/Ice3man543/SubOver (A Powerful Subdomain Takeover Tool)
- https://github.com/Jamalc0m/wphunter (A Wordpress Vulnerability Scanner)
- https://github.com/retirejs/retire.js (A scanner detecting the use of JavaScript libraries with known vulnerabilities)
- https://github.com/3xp10it/xupload (A tool for automatically testing whether the upload function can upload webshell)
- https://github.com/mobrine-mob/M0B-tool (Auto detect cms and exploit)
- https://github.com/rezasp/vbscan (OWASP VBScan is a Black Box vBulletin Vulnerability Scanner)
- https://github.com/MrSqar-Ye/BadMod (Detect websites CMS & auto exploit)
- https://github.com/Tuhinshubhra/CMSeeK (CMS Detection and Exploitation suite)
- https://github.com/cloudsploit/scans (AWS security scanning checks)
- https://github.com/radenvodka/SVScanner (Scanner vulnerability and maSsive exploit for wp,magento,joomla and so on)
- https://github.com/rezasp/joomscan (OWASP Joomla Vulnerability Scanner Project )
- https://github.com/6IX7ine/djangohunter (Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information)
- https://github.com/vulmon/Vulmap (Local vulnerability scanning programs for Windows and Linux operating systems)
- https://github.com/savio-code/fern-wifi-cracker/ (Testing and discovering flaws in ones own network)
- https://github.com/m4n3dw0lf/PytheM (Multi-purpose network pentest framework)
- https://github.com/P0cL4bs/WiFi-Pumpkin (Framework for Rogue Wi-Fi Access Point Attack)
- https://github.com/MisterBianco/BoopSuite (A Suite of Tools written in Python for wireless auditing and security testing)
- https://github.com/DanMcInerney/LANs.py (Automatically find the most active WLAN users,Inject code, jam wifi, and spy on wifi users)
- https://github.com/besimaltnok/PiFinger (Searches for wifi-pineapple traces and calculate wireless network security score)
- https://github.com/derv82/wifite2 (A complete re-write of Wifite,Automated Wireless Attack Tool)
- https://github.com/sowish/LNScan (Local Network Scanner based on BBScan via.lijiejie)
- https://github.com/niloofarkheirkhah/nili (Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing)
- https://github.com/SkyLined/LocalNetworkScanner (PoC Javascript that scans your local network when you open a webpage)
- https://github.com/wufeifei/cobra (A static code analysis system that automates the detecting vulnerabilities and security issue)
- https://github.com/OneSourceCat/phpvulhunter (A tool that can scan php vulnerabilities automatically using static analysis methods)
- https://github.com/Qihoo360/phptrace (A tracing and troubleshooting tool for PHP scripts)
- https://github.com/ajinabraham/NodeJsScan (A static security code scanner for Node.js applications)
- https://github.com/shengqi158/pyvulhunter (A static security code scanner for python applications)
- https://github.com/presidentbeef/brakeman (A static analysis security vulnerability scanner for Ruby on Rails applications)
- https://github.com/python-security/pyt (A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications)
- https://github.com/m4ll0k/WPSploit (WordPress Plugin Code audit)
- https://github.com/emanuil/php-reaper (PHP tool to scan ADOdb code for SQL Injections)
- https://github.com/lowjoel/phortress (A PHP static code analyser for potential vulnerabilities)
- https://github.com/infobyte/faraday (Collaborative Penetration Test and Vulnerability Management Platform)
- https://github.com/az0ne/AZScanner (Automatic all-around scanner)
- https://github.com/blackye/lalascan (Distributed web vulnerability scanning framework)
- https://github.com/blackye/BkScanner (Distributed, plug-in web vulnerability scanner)
- https://github.com/ysrc/GourdScanV2 (Passive Vulnerability Scanning System)
- https://github.com/netxfly/passive_scan (Realization of Web Vulnerability Scanner Based on http Proxy)
- https://github.com/1N3/Sn1per (Automated Pentest Recon Scanner)
- https://github.com/RASSec/pentestEr_Fully-automatic-scanner (Directional Fully Automated Penetration Testing)
- https://github.com/Lcys/lcyscan (A vuls scanner,plugins supported)
- https://github.com/Xyntax/POC-T (Penetration Test Plug-in Concurrency Framework)
- https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns)
- https://github.com/Skycrab/leakScan (Multiple vuls scan supports Web interface)
- https://github.com/zhangzhenfeng/AnyScan (A automated Penetration Testing Framework)
- https://github.com/Tuhinshubhra/RED_HAWK (An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling. Coded In PHP)
- https://github.com/Arachni/arachni (Web Application Security Scanner Framework)
- https://github.com/juansacco/exploitpack (Exploit Pack - Penetration testing framework GPLv3)
- https://github.com/swisskyrepo/DamnWebScanner (Another web vulnerabilities scanner, this extension works on Chrome and Opera)
- https://github.com/anilbaranyelken/tulpar (Web Vulnerability Scanner written in python,supported multiple web vulnerabilities scan)
- https://github.com/m4ll0k/Spaghetti (A web application security scanner tool,designed to find various default and insecure files, configurations and misconfigurations)
- https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest (An automated Penetration Testing tool this tool will auditing all standard security test method for you)
- https://github.com/0xsauby/yasuo ( ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network)
- https://github.com/hatRiot/clusterd (application server attack toolkit)
- https://github.com/erevus-cn/pocscan (Open source and distributed web vulnerability scanning framework)
- https://github.com/TophantTechnology/osprey (Distributed web vulnerability scanning framework)
- https://github.com/yangbh/Hammer (A web vulnerability scanner framework)
- https://github.com/Lucifer1993/AngelSword (Web vulnerability scanner framework based on python3)
- https://github.com/secrary/EllaScanner (Passive web scanner,and you can get CVEs related to server’s version)
- https://github.com/zaproxy/zaproxy (One of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers)
- https://github.com/sullo/nikto (Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server)
- https://github.com/s0md3v/Striker (Striker is an offensive information and vulnerability scanner)
- https://github.com/dermotblair/webvulscan (Written in PHP and can be used to test remote, or local, web applications for security vulnerabilities)
- https://github.com/alienwithin/OWASP-mth3l3m3nt-framework (Penetration testing aiding tool and exploitation framework)
- https://github.com/toyakula/luna (An open-source web security scanner which is based on reduced-code passive scanning framework)
- https://github.com/Manisso/fsociety (A Penetration Testing Framework including Information Gathering,Wireless Testing,Web Hacking and so on)
- https://github.com/boy-hack/w9scan (A web vulnerability scanner framework,running with 1200+ plugins)
- https://github.com/YalcinYolalan/WSSAT (Web Service Security Assessment Tool,provide simple .exe application to use based on windows OS)
- https://github.com/AmyangXYZ/AssassinGo (An extenisble and concurrency pentest framework in Go)
- https://github.com/m4ll0k/Galileo (Web Application Audit Framework,like metasploit)
- https://github.com/joker25000/Optiva-Framework (Web Application Scanner)
- https://github.com/theInfectedDrake/TIDoS-Framework (The offensive web application penetration testing framework)
- https://github.com/TideSec/WDScanner (A full-featured vulnerability scanner for enterprise security)
- https://github.com/j3ssie/Osmedeus (Fully automated offensive security tool for reconnaissance and vulnerability scanning)
- https://github.com/jeffzh3ng/Fuxi-Scanner (Open source network security vulnerability scanner with asset discovery & management)
- https://github.com/Neo23x0/Loki (Simple IOC and Incident Response Scanner)
- https://github.com/w3h/icsmaster/tree/master/nse (Digital Bond's ICS Enumeration Tools)
- https://github.com/seungsoo-lee/DELTA (Sdn security evaluation framework)
The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.
Wester(Twitter @Zhiyang Zeng) & Martin(Twitter @Martin Chow)
[↑] means update scanner description
[+] means add scanner
[-] means remove scanner
[category] means change scanner category
[contributor] means add someone to Acknowledgments
Do not use for illegal purposes.
We welcome everyone to contribute,you can open an issue for this if you have some new idea about this project or you have found some valuable scanner,and then I will add your name to Acknowledgments.
Please specify reproduced from https://github.com/We5ter/Scanners-Box , and please do not republish this article for profit.
- @0c0c0f
- @藏形匿影(wacai.com)
- @Mottoin team
- @BlackHole
- @CodeColorist
- @3xp10it
- @re4lity
- @s0md3v
- @boy-hack
- @marsII
- @tom0li
- @hksanduo
- @alexlauerman
- @MedivhMT
©Sixtant Security Lab 2019