Need help with Scanners-Box?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

We5ter
5.5K Stars 2.0K Forks 825 Commits 0 Opened issues

Description

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Services available

!
?

Need anything else?

Contributors list

# 1,660
HTML
Shell
GitHub
Python
760 commits
# 42,262
PHP
HTML
privacy...
scanner...
9 commits
# 56,486
Python
pentest...
scanner...
4 commits
# 10,611
Shell
PHP
Perl
scanner...
2 commits
# 22,026
JavaScr...
Java
pentest...
webrtc
2 commits
# 142,139
pentest...
scanner...
1 commit
# 18,584
Java
travis-...
spock
sonarcl...
1 commit
# 36,069
Python
python3
macOS
Shell
1 commit
# 28,505
Shell
pentest...
C#
PHP
1 commit

English | 简体中文

python 3.x license number

Introduction

Scanners Box also known as scanbox, is a powerful hacker toolkit, which has collected more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc. But for other Well-known scanning tools, such as nmap, w3af, brakeman, arachni, nikto, metasploit, aircrack-ng will not be included in the scope of collection.

Contents


Red Team vs Blue Team

Container and Cluster

  • https://github.com/cdk-team/CDK - A tool to gather information inside container/cluster and exploit them

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/cr0hn/dockerscan - Docker security analysis & hacking tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/armosec/kubescape - The first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

GitHub language count GitHub last commit GitHub stars GitHub

Services fingerprint detection

  • https://github.com/EdgeSecurityTeam/EHole - Core system fingerprint detection tool for Red team

GitHub language count GitHub last commit GitHub stars GitHub

Man-In-The-Middle

  • https://github.com/niloofarkheirkhah/nili - Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing

GitHub language count GitHub last commit GitHub stars GitHub

Intranet penetration

  • https://github.com/lcatro/networkbackdoorscanner - An internal network scanner like meterpreter

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Tib3rius/AutoRecon - A multi-threaded network reconnaissance tool which performs automated enumeration of services

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/m4n3dw0lf/PytheM - Multi-purpose network pentest framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/sowish/LNScan - Local Network Scanner based on BBScan via.lijiejie

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shadow1ng/fscan - Intranet integrated scanning tool,build for automatic, full coverage scanning

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/FunnyWolf/Viper - Graphical, Modularization and weaponization intranet penetration tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/P1-Team/AlliN - Mostly used for asset collection before penetration and lateral movement of intranet

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/b1gcat/DarkEye - Ports scan and host-alived detect

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/v-byte-cpu/sx - A network scanner that 30x times faster than nmap

GitHub language count GitHub last commit GitHub stars GitHub

Wireless Pentest

  • https://github.com/savio-code/fern-wifi-cracker - Testing and discovering flaws in ones own network

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/P0cL4bs/WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/MisterBianco/BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/besimaltnok/PiFinger - Searches for wifi-pineapple traces and calculate wireless network security score

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/derv82/wifite2 - A complete re-write of Wifite,Automated Wireless Attack Tool

GitHub language count GitHub last commit GitHub stars GitHub

Privacy Compliance

  • https://github.com/riskscanner/riskscanner - Multi-cloud privacy compliance scanning platform, through Cloud Custodian's YAML DSL to define scanning rules

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/momosecurity/bombus - Enterprise security and privacy compliance platform

GitHub language count GitHub last commit GitHub stars GitHub

Subdomain Enumeration or Takeover

  • https://github.com/lijiejie/subDomainsBrute - A classical subdomain enumeration Tool by lijiejie

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ring04h/wydomain - A Speed and Precision subdomain enumeration Tool by ringzero

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/le4f/dnsmaper - Subdomain enumeration tool with map record

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TheRook/subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains,supported API

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/We5ter/GSDF - Subdomain enumeration via Google certificate transparency

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/mandatoryprogrammer/cloudflare_enum - Subdomain enumeration via CloudFlare

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/guelfoweb/knock - Knock subdomain scan

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/exp-db/PythonPool/tree/master/Tools/DomainSeeker - An intergratd Python subdomain enumeration tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/code-scan/BroDomain - Find brother domain

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/chuhades/dnsbrute - A fast domain brute tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/yanxiu0614/subdomain3 - A simple and fast tool for bruting subdomains

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/michenriksen/aquatone - A powerful subdomain tool and domain takeovers finding tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/evilsocket/dnssearch - A subdomain enumeration tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/reconned/domained - Subdomain enumeration tools for bug hunting

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/bit4woo/Teemo - A domain name & Email address collection tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/laramies/theHarvester - E-mail, subdomain and people names harvester

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/nmalcolm/Inventus - A spider designed to find subdomains of a specific domain by crawling it

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/jonluca/Anubis - Subdomain enumeration and information gathering tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/n4xh4ck5/N4xD0rk - Listing subdomains about a main domain

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/infosec-au/altdns - Subdomain discovery through alterations and permutations

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/FeeiCN/ESD - Enumeration sub domains tool,based on AsyncIO and non-repeating dict

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/UnaPibaGeek/ctfr - Abusing certificate transparency logs for getting HTTPS websites subdomains

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/giovanifss/Dumb - Dumain Bruteforcer, a fast and flexible domain bruteforcer

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/caffix/amass - Subdomain enumeration in Go

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Ice3man543/subfinder - A subdomain discovery tool which has a simple modular architecture and has been aimed as a successor to sublist3r project

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Ice3man543/SubOver - A powerful subdomain takeover tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/janniskirschner/horn3t - Powerful Visual Subdomain Enumeration

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/yunxu1/dnsub - A high concurrency and cross platform subdomain scanner based on Golang

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shmilylty/OneForAll - An ultimate subdomains scanner integrated multiple subdomain scanning tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/knownsec/ksubdomain - A stateless and cross-platform subdomain enumeration tool, speed up to 30w/s on Mac and Windows, and 160w/s on Linux

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/gwen001/github-subdomains - Find subdomains on GitHub

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/bit4woo/domainhunterpro - Domain finder and Targets management, automated information collection, integrated with burpsuite

GitHub language count GitHub last commit GitHub stars GitHub

Database SQL Injection Vulnerability or Brute Force

  • https://github.com/0xbug/SQLiScanner - A SQLi vulnerability scanner via SQLMAP and Charles

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/stamparm/DSSS - A SQLi vulnerability scanner with 99 lines of code

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/youngyangyang04/NoSQLAttack - A SQLi vulnerability scanner for mongoDB

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Neohapsis/bbqsql - A blind SQLi vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/NetSPI/PowerUpSQL - A SQLi vulnerability scanner with Powershell script

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/WhitewidowScanner/whitewidow - Another SQL vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/stampery/mongoaudit - A powerful MongoDB auditing and pentesting tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/torque59/Nosql-Exploitation-Framework - A Python framework For NoSQL scanning and exploitation

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/missDronio/blindy - Simple script to automate brutforcing blind sql injection vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/fengxuangit/Fox-scan - A initiative and passive SQL injection vulnerable test tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/JohnTroony/Blisqy - Exploit time-based blind-SQL injection in HTTP-Headers

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ron190/jsql-injection - A lightweight application used to find database information from a distant server

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Hadesy2k/sqliv - Massive SQL injection vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/sqlmate - A friend of SQLmap which will do what you always expected from SQLmap

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/m8r0wn/enumdb - MySQL and MSSQL brute force and post exploitation tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/tariqhawis/injectbot - A web-based, easy-to-use, SQL injection scanner and exploiter tool

GitHub language count GitHub last commit GitHub stars GitHub

Weak Usernames or Passwords Enumeration For Web

  • https://github.com/lijiejie/htpwdScan - A python HTTP weak pass scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/netxfly/crack_ssh - SSH, Redis, mongoDB weak password bruteforcer

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shengqi158/weakpassworddetect - A python HTTP weak password scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/Blazy - a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/MooseDojo/myBFF - Web application brute force framework,supports Citrix Gateway,CiscoVPN and so on

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TideSec/webpwdcommoncrack - **A common web weakpassword cracking script,can detect batches of management backgrounds without verification codes**

GitHub language count GitHub last commit GitHub stars GitHub

Authorization Brute Force or Vulnerability Scan For IoT

  • https://github.com/rapid7/IoTSeeker - Weak-password IoT devices scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shodan-labs/iotdb - IoT Devices scanner via nmap

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/googleinurl/RouterHunterBR - Testing vulnerabilities in devices and routers connected to the Internet

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/scu-igroup/telnet-scanner - Weak telnet password scanner based on password enumeration

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/viraintel/OWASP-Nettacker - Network information gathering vulnerability scanner,most useful to scan IoT

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/threat9/routersploit - Exploitation Framework for embedded Devices,such as router

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/w3h/icsmaster/tree/master/nse - Digital bond's ICS enumeration tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/firmianay/firmeye - An IDA plug-in, based on sensitive function parameter backtracking to assist in vulnerability mining

GitHub language count GitHub last commit GitHub stars GitHub

Mutiple types of Cross-site scripting Detection

  • https://github.com/0x584A/fuzzXssPHP - A very simple reflected XSS scanner supports GET/POST

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/chuhades/xss_scan - Reflected XSS scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/BlackHole1/autoFindXssAndCsrf - A plugin for browser that checks automatically whether a page haves XSS and CSRF vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shogunlab/shuriken - XSS command line tool for testing lists of XSS payloads on web apps

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/XSStrike - Fuzz and bruteforce parameters for XSS, WAFs detect and bypass

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/stamparm/DSXS - A fully functional cross-site scripting vulnerability scanner,supporting GET and POST parameters,and written in under 100 lines of code

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/fcavallarin/domdig - DOM XSS scanner for Single Page Applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lwzSoviet/NoXss - Faster reflected-xss and dom-xss scanner based on Phantomjs

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/pwn0sec/PwnXSS - A powerful XSS scanner made in python 3.7

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/hahwul/dalfox - Parameter Analysis and XSS Scanning tool based on golang

GitHub language count GitHub last commit GitHub stars GitHub

Enterprise sensitive information Leak Scan

  • https://github.com/x0day/Multisearch-v2 - Enterprise assets collector based on search engine

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Ekultek/Zeus-Scanner - An advanced dork searching tool that is capable of finding IP address /URL blocked by search engine,and can run sqlmap and nmap scans on the URL's

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/metac0rtex/GitHarvester - Used for harvesting information from GitHub

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/repoog/GitPrey - Searching sensitive files and contents in GitHub

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/0xbug/Hawkeye - Github leak scan for enterprise

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/UnkL4b/GitMiner - Advanced search tool and automation in Github

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/dxa4481/truffleHog - Searches high entropy strings through git repositories

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/1N3/Goohak - Automatically launch Google hacking queries against a target domain

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/UKHomeOffice/repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/FeeiCN/GSIL - Github sensitive information leakage scan

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/MiSecurity/x-patrol - Github leaked patrol

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/anshumanbh/git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/VKSRC/Github-Monitor - Github sensitive information leakage monitor by vipkid SRC

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/eth0izzle/shhgit - A docker and web based monitor for finding secrets and sensitive files across GitHub

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/SAP/credential-digger - A GitHub scanning tool that identifies hardcoded credentials, filtering the false positive data through machine learning models.

GitHub language count GitHub last commit GitHub stars GitHub

Malicious Scripts or Binary Malware Detection

  • https://github.com/he1m4n6a/findWebshell -Simple webshell detector

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Tencent/HaboMalHunter -Used for automated malware analysis and security assessment on the Linux system

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/PlagueScanner/PlagueScanner - Open source multiple AV scanner framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/nbs-system/php-malware-finder - An awesome tool to detect potentially malicious PHP files

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/emposha/PHP-Shell-Detector - Helps you find and identify PHP/Perl/Asp/Aspx shells

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/erevus-cn/scan_webshell - Simple webshell detector

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/emposha/Shell-Detector - A application that helps you find and identify PHP/Perl/Asp/Aspx shells

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/m4rco-/dorothy2 - A malware/botnet analysis framework written in Ruby

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/droidefense/engine - Advance Android malware analysis framework

GitHub language count GitHub last commit GitHub stars GitHub

Vulnerability Assessment for Middleware or Information Leak Scan

  • https://github.com/ring04h/wyportmap - Target port scanning + system service fingerprint recognition

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ring04h/weakfilescan - Dynamic multi - thread sensitive information leak detection tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/EnableSecurity/wafw00f - Identify and fingerprint Web Application Firewall

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/rbsec/sslscan - Tests SSL/TLS enabled services to discover supported cipher suites

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TideSec/TideFinger - Web fingerprint identification tool, more fingerprint database, more detection methods

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TideSec/FuzzScanner - Comprehensive web information collection platform, easy to deploy, versatile and practical

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/urbanadventurer/whatweb - Website fingerprinter

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/tanjiti/FingerPrint - Another website fingerprinter

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/nanshihui/Scan-T - A new spider based on Python with more function including Network fingerprint search

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/OffensivePython/Nscan - Fast internet-wide scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ywolf/F-NAScan - Scanning a network asset information script

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/maurosoria/dirsearch - Web path scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/x0day/bannerscan - C-segment Banner with path scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/RASSec/RASscan - Internal network port speed scanners

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/3xp10it/bypass_waf - Automatic WAF Bypass Fuzzing Tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/3xp10it/xcdn - Try to find out the actual ip behind cdn

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Xyntax/BingC - Based on the Bing search engine C / side-stop query, multi-threaded, supported API

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Xyntax/DirBrute - Multi-thread web directory enumerating tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/zer0h/httpscan - A HTTP service detector with a crawler from IP/CIDR

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lietdai/doom - Distributed task distribution of the IP port vulnerability scanner based on thorn

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/chichou/grab.js - Fast TCP banner grabbing like zgrab, but supports much more protocol

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Nitr4x/whichCDN - Detect if a given website is protected by a CDN

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/secfree/bcrpscan - Base on crawler result web path scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/mozilla/ssh_scan - A prototype SSH configuration and policy scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/18F/domain-scan - Scans domains for data on their HTTPS configuration and assorted other things

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ggusoft/inforfinder - A tool made to collect information of any domain pointing at a server and fingerprinter

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/boy-hack/gwhatweb - Fingerprinter for CMS

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Mosuan/FileScan - Sensitive files scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Xyntax/FileSensor - Dynamic file detection tool based on crawler

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/deibit/cansina - Web content discovery tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/mozilla/cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/xmendez/wfuzz - Web application framework and web content scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/Breacher - An advanced multithreaded admin panel finder written in Python

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ztgrace/changeme - A default credential scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/medbenali/CyberScan - An open source penetration testing tool that can analyse packets,decoding,scanning ports, pinging and geolocation of an IP

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/m0nad/HellRaiser - HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/scipag/vulscan - Advanced vulnerability scanning with Nmap NSE

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/jekyc/wig - WebApp information gatherer

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/eldraco/domain_analyzer - Analyze the security of any domain by finding all the information possible

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/cloudtracer/paskto - Passive directory scanner and web crawler based on Nikto DB

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/zerokeeper/WebEye - A web service and WAF fingerprinter

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/m3liot/shcheck - Just check security headers on a target website

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/aipengjie/sensitivefilescan - A speed and awesome sensitive files scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/fnk0c/cangibrina - A fast and powerfull dashboard (admin) finder

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/n4xh4ck5/CMSsc4n - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Ekultek/WhatWaf - Detect and bypass web application firewalls and protection systems

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/dzonerzy/goWAPT - Go web application penetration test and web application fuzz tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/blackye/webdirdig - Sensitive files scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/boy-hack/w8fuckcdn - Get the website real IP address by scanning the entire net

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/boy-hack/w11scan - Distributed web fingerprint identification platform

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Nekmo/dirhunt - Find web directories without bruteforce

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/H4ckForJob/dirmap - An advanced web directory scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/Photon - **Incredibly fast crawler which extracts urls, emails, files, website accounts and much more

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/1N3/BlackWidow - Gather OSINT and fuzz for OWASP vulnerabilities on a target website

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/saeeddhqan/Maryam - OSINT and Web-based Footprinting modular framework based on the Recon-ng

GitHub language count GitHub last commit GitHub stars GitHub

Special Components or Vulnerability Categories Scan

  • https://github.com/1N3/XSSTracer - A small python script to check for cross-Site tracing, Clickjacking etc

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/0xHJK/dumpall -
    .git
    /
    .svn
    /
    .DS_Store
    disclosure exploit

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shengqi158/svnhack - A
    .svn
    folder disclosure exploit

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lijiejie/GitHack - A
    .git
    folder disclosure exploit

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/blackye/Jenkins - Jenkins vulnerability detection, user grab enumerating

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/code-scan/dzscan - discuz scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/chuhades/CMS-Exploit-Framework -CMS exploit framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lijiejie/IISshortnameScanner - An IIS shortname scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/riusksk/FlashScanner - Flash XSS scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/epinna/tplmap - Automatic Server-Side Template Injection detection and exploitation tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/rastating/wordpress-exploit-framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ilmila/J2EEScan - A plugin for Burp Suite proxy to improve the test coverage during web application penetration tests on J2EE applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/riusksk/StrutScan - Struts2 vuls scanner base Perl script

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/D35m0nd142/LFISuite - Totally automatic LFI exploiterand scanner supports reverse shell

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/0x4D31/salt-scanner - Linux vulnerability scanner based on Salt Open and vulners audit API, with Slack notifications and JIRA integration

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/tijme/angularjs-csti-scanner - Automated client-side template injection detection for AngularJS

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/irsdl/IIS-ShortName-Scanner - Scanners for IIS short filename 8.3 disclosure vulnerability

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/swisskyrepo/Wordpresscan - WPScan rewritten in Python + some WPSeku ideas

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/CHYbeta/cmsPoc - CMS exploit framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/3gstudent/Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/OsandaMalith/LFiFreak - A unique automated LFI exploiter with bind/reverse shells

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/mak-/parameth - This tool can be used to brute discover GET and POST parameters

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Lucifer1993/struts-scan - Struts2 vuls scanner,supported all vuls

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/hahwul/a2sv - Auto scanning to SSL vulnerability, such as heartbleed etc

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/NickstaDB/BaRMIe - Java RMI enumeration and attack tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/RetireJS/grunt-retire - Scanner detecting the use of Javascript libraries with known vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/kotobukki/BDA - The vulnerability detector for Hadoop and Spark

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/jagracey/Regex-DoS - RegEx Denial of service scanner for Node.js package

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/milesrichardson/docker-onion-nmap - Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Moham3dRiahi/XAttacker - Web CMS exploit framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lijiejie/BBScan - A tiny batch web vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Jamalc0m/wphunter - A Wordpress vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/retirejs/retire.js - A scanner detecting the use of Javascript libraries with known vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/3xp10it/xupload - A tool for automatically testing whether the upload function can upload webshell

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/rezasp/vbscan - OWASP VBScan is a Black Box vBulletin vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/MrSqar-Ye/BadMod - Detect websites CMS & auto exploit

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Tuhinshubhra/CMSeeK - CMS detection and exploitation suite

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/cloudsploit/scans - AWS security scanning checks

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/radenvodka/SVScanner - Scanner vulnerability and massive exploit for Wordpress,Magento,Joomla and so on

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/rezasp/joomscan - OWASP Joomla vulnerability scanner project

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/6IX7ine/djangohunter - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/vulmon/Vulmap - Local vulnerability scanning programs for Windows and Linux operating systems

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/seungsoo-lee/DELTA - Sdn security evaluation framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions

GitHub language count GitHub last commit GitHub stars GitHub

Dynamic or Static Code Analysis

  • https://github.com/wufeifei/cobra - A static code analysis system that automates the detecting vulnerabilities and security issue

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/OneSourceCat/phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Qihoo360/phptrace - A tracing and troubleshooting tool for PHP scripts

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ajinabraham/NodeJsScan - A static security code scanner for Node.js applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/shengqi158/pyvulhunter - A static security code scanner for Python applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/python-security/pyt - A static analysis tool for detecting security vulnerabilities in Python web applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/emanuil/php-reaper - PHP tool to scan ADOdb code for SQL injections

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/lowjoel/phortress - A PHP static code analyser for potential vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/zsdlove/Hades - A Java static code auditing system

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/LoRexxar/Kunlun-M - Static code auditing system for PHP/JavaScript/Chrome EXT

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/PyCQA/bandit - A tool designed to find common security issues in Python code

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/praetorian-inc/gokart - A static analysis tool for securing Go code

GitHub language count GitHub last commit GitHub stars GitHub

Modular Design Scanners or Vulnerability Detecting Framework

  • https://github.com/infobyte/faraday - Collaborative penetration test and vulnerability management platform

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/az0ne/AZScanner - Automatic all-around scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/blackye/lalascan - Distributed web vulnerability scanning framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/blackye/BkScanner - Distributed, plug-in web vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ysrc/GourdScanV2 - Passive vulnerability scanning system

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/netxfly/passive_scan - Realization of web vulnerability scanner based on http proxy

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/1N3/Sn1per - Automated pentest recon scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/RASSec/pentestEr_Fully-automatic-scanner - Directional fully automated penetration testing

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Xyntax/POC-T - Penetration test plug-in concurrency framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/v3n0m-Scanner/V3n0M-Scanner - Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other vulns

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Skycrab/leakScan - Multiple vuls scan supports web interface

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/zhangzhenfeng/AnyScan - A automated penetration testing framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Tuhinshubhra/RED_HAWK - An all In one tool For information gathering, SQL vulnerability scanning and crawling, coded In PHP

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/swisskyrepo/DamnWebScanner - Another web vulnerabilities scanner, this extension works on Chrome and Opera

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/anilbaranyelken/tulpar - Web Vulnerability Scanner written in Python,supported multiple web vulnerabilities scan

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest - An automated penetration testing tool this tool will auditing all standard security test method for you

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/0xsauby/yasuo - ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/hatRiot/clusterd - application server attack toolkit

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/erevus-cn/pocscan - Open source and distributed web vulnerability scanning framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TophantTechnology/osprey - Distributed web vulnerability scanning framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/yangbh/Hammer - A web vulnerability scanner framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Lucifer1993/AngelSword - Web vulnerability scanner framework based on python3

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/zaproxy/zaproxy - One of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/s0md3v/Striker - Striker is an offensive information and vulnerability scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/dermotblair/webvulscan - Written in PHP and can be used to test remote, or local, web applications for security vulnerabilities

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/alienwithin/OWASP-mth3l3m3nt-framework - Penetration testing aiding tool and exploitation framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/toyakula/luna - An open-source web security scanner which is based on reduced-code passive scanning framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Manisso/fsociety - A Penetration Testing Framework including Information Gathering,Wireless Testing,Web Hacking and so on

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/boy-hack/w9scan - A web vulnerability scanner framework,running with 1200+ plugins

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/YalcinYolalan/WSSAT - Web service security assessment tool,provide simple .exe application to use based on Windows OS

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/AmyangXYZ/AssassinGo - An extenisble and concurrency pentest framework in Go

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/joker25000/Optiva-Framework - Web Application Scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/theInfectedDrake/TIDoS-Framework - The offensive web application penetration testing framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TideSec/WDScanner - A full-featured vulnerability scanner for enterprise security

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/j3ssie/Osmedeus - Fully automated offensive security tool for reconnaissance and vulnerability scanning

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/jeffzh3ng/Fuxi-Scanner - Open source network security vulnerability scanner with asset discovery & management

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/knownsec/Pocsuite - Open-sourced remote vulnerability testing framework

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/opensec-cn/kunpeng - An open source POC framework written by Golang that provides various language calls in the form of a dynamic link library

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TideSec/Mars - The totally new generation of WDScanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/knassar702/scant3r - Yet another web security scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/google/tsunami-security-scanner - A general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidenc by Google

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/er10yi/MagiCude - A scanner based on the Spring Boot micro-service,supports distributed port (vulnerability) scanning, asset security management, real-time threat monitoring and notification, vulnerability lifecycle, vulnerability wiki, email notification, etc

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/projectdiscovery/nuclei - A fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/ysrc/xunfeng - Vulnerability rapid response,scanning system for intranet

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/TophantTechnology/ARL - An agile asset reconnaissance system

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/smallcham/sec-admin - SEC can be used for enterprises to scan and check the security of server resources which has strong controllability, supports distributed multi-node deployment

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/olacabs/jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems

GitHub language count GitHub last commit GitHub stars GitHub

Advanced Persistent Threat

  • https://github.com/Neo23x0/Loki - Simple IOC and Incident Response Scanner

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/Neo23x0/Fenrir - Simple IOC and Incident Response Scanner

GitHub language count GitHub last commit GitHub stars GitHub

Mobile Apps Packages Analysis

  • https://github.com/dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/kelvinBen/AppInfoScanner - Collecting information from APK file, support self-defined rules

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/maaaaz/androwarn - Yet another static code analyzer for malicious Android applications

GitHub language count GitHub last commit GitHub stars GitHub

  • https://github.com/quark-engine/quark-engine - Android Malware (Analysis | Scoring) System

GitHub language count GitHub last commit GitHub stars GitHub


Why Create This Collection?

The purpose of this collection is to provide various types of open-source security scanners that can help companies to be more safer.

Commit Symbolic Description

[↑] means update scanner URL or description
[+] means add scanner
[-] means remove scanner
[category] means change scanner category
[contributor] means add someone to Acknowledgments

Authors

Wester(Twitter @Zhiyang Zeng) & Martin(Twitter @Martin Chow)

Legal Disclaimer

The scanners provided by this project are for research and study purposes only, and you must obey the laws and regulations of your country during use. If you are a Chinese citizen, please ensure you are obedient to The Cyber Security Law of the People's Republic of China, and please do not break the article 286 of the Criminal Law of the People's Republic of China for the regulation on the crime of destroying computer systems. At last, I would like to point out to you that you must be fully held responsible duty for any consequence that may arise.

How to contribute?

If you have any questions about this project ,or you have found some valuable scanners, please feel free to tell us :)

License

scanbox is released under the Mozilla license.

Copyright

It's happy to see that this repository has been widely spreaded in information security community, but I hope everyone could at all times respect knowledge and our efforts, so please specify reproduced from https://github.com/We5ter/Scanners-Box in your articles, and please do not republish this article for profit.

Acknowledgments

We would like to thanks the following security researchers for their valuable feedbacks amd suggestions.

  • @0c0c0f
  • @藏形匿影
  • @Mottoin team
  • @BlackHole
  • @CodeColorist
  • @3xp10it
  • @re4lity
  • @s0md3v
  • @boy-hack
  • @marsII
  • @tom0li
  • @hksanduo
  • @alexlauerman
  • @MedivhMT
  • @TideSec
  • @0xHJK
  • @j3ssie
  • @Luci-d
  • @cnlnn
  • @yunxu1
  • @saeeddhqan
  • @Sofiane Lounici

Stargazers

Stargazers over time

©Monster Zero Team 2021

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.