README.md

Scanners-Box Guidelines

README.md in Chinese 中文

---

###Project Description

Scanners-Box is a collection of opensource scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. Well-known scanning tools, such as: nmap, w3af, brakeman will not be included int the scope of collection.

We welcome everyone to contribute!

---

####Subdomain Enumeration

• https://github.com/lijiejie/subDomainsBrute (Classical Subdomain Enumeration Tool)
• https://github.com/ring04h/wydomain (Intergrated Subdomain Enumeration Tool via Massive Dictionary Rules)
• https://github.com/le4f/dnsmaper (Subdomain Enumeration via DNS Record)
• https://github.com/0xbug/orangescan (Online Subdomain Enumeration Tool)
• https://github.com/TheRook/subbrute (Subdomain Enumeration via DNS Record)
• https://github.com/We5ter/GSDF (Subdomain Enumeration via Google Certificate Transparency）
• https://github.com/mandatoryprogrammer/cloudflare_enum (Subdomain Enumeration via CloudFlare）
• https://github.com/18F/domain-scan (A Domain Scanner）
• https://github.com/guelfoweb/knock (Knock Subdomain Scan)
• https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker (An Intergratd Python Subdomain Enumeration Tool)

####Database Vulnerability Scanners

• https://github.com/0xbug/SQLiScanner (A SQLi Vulnerability Scanner via SQLMAP and Charles)
• https://github.com/stamparm/DSSS (A SQLi Vulnerability Scanner with 99 lines of code)
• https://github.com/LoRexxar/Feigong (A SQLi Vulnerability Scanner for MySQL)
• https://github.com/youngyangyang04/NoSQLAttack (A SQLi Vulnerability Scanner for mongoDB)
• https://github.com/Neohapsis/bbqsql (A Blind SQLi Vulnerability Scanner)
• https://github.com/NetSPI/PowerUpSQL (A SQLi Vulnerability Scanner with Powershell Script)

####Weak passwords or information leak scanners

• https://github.com/lijiejie/htpwdScan ()
• https://github.com/lijiejie/BBScan
• https://github.com/lijiejie/GitHack
• https://github.com/wilson9x1/fenghuangscanner_v3
• https://github.com/ysrc/F-Scrack
• https://github.com/Mebus/cupp
• https://github.com/RicterZ/genpAss
• https://github.com/netxfly/crack_ssh
• https://github.com/n0tr00t/Sreg
• https://github.com/repoog/GitPrey (Searching sensitive files and contents in GitHub)
• https://github.com/dxa4481/truffleHog (Searches high entropy strings through git repositories)

####IoT scanners

• https://github.com/rapid7/IoTSeeker (Weak-password IoT Devices Scanner)
• https://github.com/shodan-labs/iotdb (IoT Devices Scanner via nmap)

####XSS scanners

• https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer)
• https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing)
• https://github.com/0x584A/fuzzXssPHP
• https://github.com/chuhades/xss_scan
• https://github.com/BlackHole1/autoFindXssAndCsrf

####Enterprise network self-test

• https://github.com/sowish/LNScan
• https://github.com/SkyLined/LocalNetworkScanner
• https://github.com/ysrc/xunfeng
• https://github.com/laramies/theHarvester
• https://github.com/x0day/Multisearch-v2

####Webshell detection

• https://github.com/We5ter/Scanners-Box/tree/master/Find_webshell/ (PHP Webshell Decetor)
• https://github.com/ym2011/ScanBackdoor (Webshell Decetor)
• https://github.com/yassineaddi/BackdoorMan (A toolkit find malicious, hidden and suspicious PHP scripts and shells in a chosen destination)
• https://github.com/he1m4n6a/findWebshell (Webshell Decetor)

####Intranet penetration

• https://github.com/0xwindows/VulScritp
• https://github.com/lcatro/network_backdoor_scanner
• https://github.com/fdiskyou/hunter
• https://github.com/BlackHole1/WebRtcXSS

####Port scanners or Fingerprint scanners

• https://github.com/ring04h/wyportmap
• https://github.com/ring04h/weakfilescan
• https://github.com/EnableSecurity/wafw00f
• https://github.com/rbsec/sslscan
• https://github.com/urbanadventurer/whatweb
• https://github.com/tanjiti/FingerPrint
• https://github.com/nanshihui/Scan-T
• https://github.com/OffensivePython/Nscan
• https://github.com/ywolf/F-NAScan
• https://github.com/ywolf/F-MiddlewareScan
• https://github.com/maurosoria/dirsearch
• https://github.com/x0day/bannerscan
• https://github.com/RASSec/RASscan
• https://github.com/3xp10it/bypass_waf
• https://github.com/3xp10it/mytools/blob/master/xcdn.py
• https://github.com/Xyntax/BingC
• https://github.com/Xyntax/DirBrute
• https://github.com/zer0h/httpscan
• https://github.com/lietdai/doom
• https://github.com/chichou/grab.js (Fast TCP banner grabbing like zgrab, but supports much more protocol)

####Dedicated scanner

• https://github.com/blackye/Jenkins
• https://github.com/code-scan/dzscan
• https://github.com/chuhades/CMS-Exploit-Framework
• https://github.com/lijiejie/IIS_shortname_Scanner
• https://github.com/riusksk/FlashScanner
• https://github.com/coffeehb/SSTIF

####Wireless network penetration and scanners

• https://github.com/savio-code/fern-wifi-cracker/
• https://github.com/m4n3dw0lf/PytheM
• https://github.com/P0cL4bs/WiFi-Pumpkin

####Code static scan and running-code stack trace

• https://github.com/wufeifei/cobra
• https://github.com/OneSourceCat/phpvulhunter
• https://github.com/Qihoo360/phptrace

####Modular scanners or integrated scanner

• https://github.com/az0ne/AZScanner
• https://github.com/blackye/lalascan
• https://github.com/blackye/BkScanner
• https://github.com/ysrc/GourdScanV2
• https://github.com/alpha1e0/pentestdb
• https://github.com/netxfly/passive_scan
• https://github.com/1N3/Sn1per
• https://github.com/RASSec/pentestEr_Fully-automatic-scanner
• https://github.com/3xp10it/3xp10it
• https://github.com/Lcys/lcyscan
• https://github.com/Xyntax/POC-T
• https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns)
• https://github.com/Skycrab/leakScan

---

###Collection purposes

The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.

###Project Maintenance

Wester(twitter @We5ter) & Martin(twitter@Martin ZHOU) ###Disclaimer

Do not use for illegal purposes.

###Copyright

Please specify reproduced from https://github.com/We5ter/Scanners-Box

###Acknowledgments

• @0c0c0f
• @藏形匿影(wacai.com)
• Mottoin team
• @BlackHole
• @CodeColorist

©CNSISMO 2016-2017