Security testing tools

Others 2019-06-27 13:33:49 views: null

This switched: https://blog.csdn.net/Bul1et/article/details/85157176 

Security industry on github collection of open-source research platform for practitioners from warehouse scanners, including sub-domains enumeration, database vulnerability scanning, weak passwords, or information leakage scanning, port scanning, fingerprinting and other large modular scanner or scanner.
Project address: https: //github.com/We5ter/Scanners-Box

Subdomain enumeration scanner or blasting tool
https://github.com/lijiejie/subDomainsBrute(lijiejie the development of a widely used subdomain blasting enumeration tool)
https://github.com/ring04h/wydomain (Pig Xia development of a domain name to collect comprehensive, accurate subdomain enumeration tool)
https://github.com/le4f/dnsmaper (subdomain enumeration blasting tools, and map location marker)
https://github.com/0xbug/ orangescan (providing online web interface sub-domain information-gathering tool)
https://github.com/TheRook/subbrute (subdomain precise and efficient blasting tools, but also the most commonly used scanner subdomain API library)
HTTPS: // github.com/We5ter/GSDF (sub-domain query script based on Google transparent SSL certificate)
https://github.com/mandatoryprogrammer/cloudflare_enum (using CloudFlare sub-domain enumeration script)
https://github.com/guelfoweb / knock (knock subdomain acquisition, can be used to find vulnerabilities to take over the sub-domain)
https://github.com/exp-db/PythonPool/tree/master/Tools/DomainSeeker (multi-mode collection target sub-domain information)
HTTPS: // github.com/code-scan/BroDomain ( Brother Domain Search)
https://github.com/chuhades/dnsbrute (efficient subdomain blasting tool)
https://github.com/yanxiu0614/subdomain3 (a highly effective tool subdomain blasting)
https://github.com/michenriksen/aquatone (subdomain enumeration, detection tools can be used to take over the sub-domain vulnerability detection)
HTTPS : //github.com/evilsocket/dnssearch (a subdomain blasting tool)
https://github.com/reconned/domained (a tool that can be used to collect the subdomain)
https://github.com/bit4woo/ Teemo (domain name collection and enumeration tool)
https://github.com/laramies/theHarvester (mailbox server information collection and subdomain enumeration tool)
https://github.com/swisskyrepo/Subdomino (subdomain enumeration, port scanning, service survival confirmation)
subdomain reptile collection tool automatically achieved
https://github.com/aboul3la/Sublist3r (fast subdomain enumeration tool)
https://github.com/jonluca/Anubis (subdomain enumeration and information gathering tools)
https://github.com/n4xh4ck5/N4xD0rk (sub-domain name query tool)
https://github.com/infosec-au/altdns (a highly effective tool subdomain blasting)
HTTPS: // GitHub .com / FeeiCN / ESD (based on the sub domain and a non-repeating AsyncIO coroutine dictionary blasting With)
https://github.com/giovanifss/Dumb (fast and flexible subdomain blasting tool)
https://github.com/UnaPibaGeek/ctfr (obtaining sub-domain by domain transparent record certificate)
https://github.com/ caffix / amass (Go subdomain enumeration language development tool)
https://github.com/Ice3man543/subfinder (inherited from the modular architecture sublist3r projects, a strong sub-domain enumeration tools)
database class vulnerability scanner or blasting tool
https://github.com/0xbug/SQLiScanner (injection vulnerability scanning tool based on a passive SQL sQLMAP and Charles)
https://github.com/stamparm/DSSS(99 lines of code to achieve sql injection vulnerability scanning device)
https://github.com/LoRexxar/Feigong (free injection for a variety of circumstances changing MySQL script)
https://github.com/youngyangyang04/NoSQLAttack (for MongoDB in an attack tools)
HTTPS: // github.com/Neohapsis/bbqsql(SQL blinds using the framework)
https://github.com/NetSPI/PowerUpSQL (SQLSERVER attack of Powershell scripting framework)
https://github.com/WhitewidowScanner/whitewidow (a database scan device)
https://github.com/stampery/mongoaudit(MongoDB auditing and penetration tools)
https://github.com/torque59/Nosql-Exploitation-Framework(NoSQL Scan / blasting tool)
https://github.com/missDronio/ blindy (MySQL blind blasting tool)
https://github.com/fengxuangit/Fox-scan (based on active and passive resources SQLMAP discovered vulnerability scanning tool)
https://github.com/NetSPI/PowerUpSQL (for SQL Server powershell script audit)
https://github.com/JohnTroony/Blisqy (http header in time for the blind blasting tools, only for MySQL / MariaDB)
https://github.com/ron190/jsql-injection ( SQL injection tool written in Java)
https://github.com/Hadesy2k/sqliv (search engine based batch SQL injection vulnerability scanner)
https://github.com/s0md3v/sqlmate (based on the increase in sqlmap directory scan , hash blasting and other functions)
https://github.com/m8r0wn/enumdb(Mysys and MSSQL blasting Tuoku tool)
https://github.com/9tail123/wooscan (batch query to ignore the existence of the site in the clouds sql injection vulnerability and automatically call sqlmap test)
weak password / username scanner or weak Breaking tool
https://github.com/lijiejie/htpwdScan (a simple HTTP brute, hit attack script library)
https://github.com/ysrc/F-Scrack (for various services were weak password detection scripts)
HTTPS : //github.com/Mebus/cupp (weak password detection dictionary generation script based on user habits)
https://github.com/netxfly/crack_ssh(Go write coroutine version of ssh \ redis \ mongodb weak password cracking tools)
https://github.com/LandGrey/pydictor (brute force dictionary creation tool)
https://github.com/shengqi158/weak_password_detect (multithreaded probing weak passwords)
https://github.com/s0md3v/Blazy (supports testing CSRF, Clickjacking, Cloudflare and weak passwords detector WAF)
https://github.com/MooseDojo/myBFF (script CiscoVPN, Citrix Gateway, and other services for the detection of weak passwords)
things tools or equipment identification scanner
https : //github.com/rapid7/IoTSeeker (default password things device scan tool)
https://github.com/shodan-labs/iotdb (IoT using nmap scanning device)
https://github.com/googleinurl/ RouterHunterBR (router vulnerability scanning equipment use)
https://github.com/scu-igroup/telnet-scanner(Telnet service password hit library)
https://github.com/viraintel/OWASP-Nettacker (automated information gathering and penetration testing tools, more suitable for scanning IoT)
https://github.com/threat9/routersploit (embedded devices and the use of vulnerability scanning tools)
reflective or DOM-based XSS scanner
https://github.com/shawarkhanethicalhacker/BruteXSS (a XSS scanner, can be violent implantation parameters)
https://github.com/1N3/XSSTracer (XSS small scanners, can also be detected CRLF, XSS, Clickjacking)
https://github.com/0x584A/fuzzXssPHP(PHP version reflective scanning xss )
https://github.com/chuhades/xss_scan (XSS batch scanning of python script)
https://github.com/BlackHole1/autoFindXssAndCsrf (automated detection page exists XSS and CSRF vulnerabilities in browser plug-ins)
HTTPS : //github.com/shogunlab/shuriken (using command line batch testing XSS)
https://github.com/s0md3v/XSStrike (WAF recognizes and bypassing the scan tool XSS)
https://github.com/ stamparm / DSXS (XSS scanner support efficient GET, POST mode )
Enterprise Asset Management or divulge information gathering tool
https://github.com/ysrc/xunfeng (net asset recognition engine, vulnerability detection engine)
https://github.com/laramies/theHarvester (indexed by search engines sensitive corporate information assets monitoring script: employee mailboxes, subdomains, host)
https://github.com/x0day/Multisearch-v2(Bing,google,360,zoomeye and other search engines search the polymerization can be used to find companies indexed by search engines sensitive information assets )
https://github.com/Ekultek/Zeus-Scanner (search engines can crawl into a hidden url, and handed sqlmap, nmap scan)
https://github.com/0xbug/Biu-framework (within the enterprise network foundation security scanning service framework)
https://github.com/metac0rtex/GitHarvester(github Repo information gathering tool)
https://github.com/shengqi158/svnhack(.svn folder leak using the tool)
https://github.com / repoog / GitPrey (GitHub sensitive information scanning tool)
https://github.com/0xbug/Hawkeye (corporate assets, sensitive information leakage monitoring system GitHub)
https://github.com/lianfeng30/githubscan (according to business keywords item retrieval And the corresponding sensitive files and file content scanning tools)
https://github.com/UnkL4b/GitMiner(github sensitive information search tools)
https://github.com/lijiejie/GitHack (.git folder leak with a tool)
https://github.com/dxa4481/truffleHog(GitHub sensitive information scan tool, comprising detecting submission, etc.)
https://github.com / 1N3 / Goohak (automated Google hacking specified domain name search and collect information)
https://github.com/UKHomeOffice/repo-security-scanner (for sensitive information promised in the search git, such as passwords, private keys, etc. client tools)
https://github.com/FeeiCN/GSIL(Github sensitive information leakage scanning)
https://github.com/MiSecurity/x-patrol(Github leak cruise tools)
https://github.com/ 1N3 / BlackWidow (Web site information gathering tools, including email, telephone and other information)
https://github.com/anshumanbh/git-all-secrets (GitHub open source collection of more sensitive information scanned enterprise information leak cruise tools)
HTTPS: //github.com/s0md3v/Photon (can extract URL, e-mail, documents, accounts and other sites of high-speed reptiles)
webshell detection or Trojan analysis tool
https://github.com/he1m4n6a/findWebshell (a simple webshell detection tool)
https://github.com/T encent / HaboMalHunter (Hubble analysis system, LINUX system virus analysis and safety testing)
https://github.com/PlagueScanner/PlagueScanner (integrated ClamAV using python implementation, ESET, Bitdefender antivirus engine)
https://github.com/nbs-system/php-malware-finder (a high efficiency PHP -webshell scan tool)
https://github.com/emposha/PHP-Shell-Detector/ (test efficiency up to 99% webshell detection tool)
https://github.com/erevus-cn/scan_webshell (a simple the webshell scan tool)
https://github.com/emposha/Shell-Detector(Webshell scanning tool that supports php / perl / asp / aspx webshell scan)
https://github.com/m4rco-/dorothy2 (a Trojan horse botnet analysis framework)
https://github.com/droidefense/engine (Android Trojan senior analytical framework)
within the network penetration or scan tool
https://github.com/lcatro/network_backdoor_scanner (network-based network traffic probe framework)
https://github.com/fdiskyou/hunter (Windows API call to enumerate the user login information)
https://github.com/BlackHole1/WebRtcXSS (XSS in the use of automated intrusion network)
middleware scanner or fingerprinting tools
https://github.com/ring04h/wyportmap (+ destination port scan fingerprint identification system service)
https://github.com/ring04h/weakfilescan (dynamic multi-threaded sensitive information leakage detection tool)
https://github.com/ EnableSecurity / wafw00f (WAF product fingerprinting)
https://github.com/rbsec/sslscan(SSL type identification)
https://github.com/urbanadventurer/whatweb(Web fingerprinting)
https://github.com/tanjiti / fingerPrint (web fingerprint recognition)
https://github.com/nanshihui/Scan-T (crawlers fingerprint identification)
https://github.com/OffensivePython/Nscan (Masscan and Zmap based network scanner)
HTTPS : //github.com/ywolf/F-NAScan (network asset information scanning, ICMP survival detection, port scanning, port services fingerprint identification)
https://github.com/ywolf/F-MiddlewareScan (middleware scan)
HTTPS: //github.com/maurosoria/dirsearch(web path collection and scanning)
https://github.com/x0day/bannerscan(C section banner and path scanning)
https://github.com/RASSec/RASscan (port scanning service )
https://github.com/3xp10it/bypass_waf(waf automatic storms break)
https://github.com/3xp10it/xcdn (try to find the real ip cdn behind)
https://github.com/Xyntax/BingC ( Bing search engine based on the segment of C / next station queries, multi-threaded, supporting API)
https://github.com/Xyntax/DirBrute (WEB directory blasting multithreaded tool)
https://github.com/zer0h/httpscan (a reptile-like segment Web host discovery gadgets)
implemented on https://github.com/lietdai/doom(Thorn distributed task distribution ip port vulnerability scanner)
https://github.com/chichou/grab. js (similar zgrab quick grab TCP fingerprint analysis tool that supports more protocols)
https://github.com/Nitr4x/whichCDN(CDN identify, detect)
https://github.com/secfree/bcrpscan (based on reptiles web path scanner)
https://github.com/mozilla/ssh_scan (ssh configuration information server scan)
https://github.com/18F/domain-scan (asset data detection for the domain and subdomain / scan, including http / https detection, etc.)
https://github.com/ggusoft/inforfinder (domain name asset collection and fingerprinting tools)
https://github.com/boy-hack/gwhatweb(CMS achieve recognition python gevent)
https://github.com/Mosuan/FileScan (Scan sensitive files / reduce false alarm rate of the secondary judgment / regulation of the contents of the scan / Multi Catalog scan)
https://github.com/Xyntax/FileSensor (dynamic sensitive probe tool file reptiles)
https://github.com/deibit/cansina(web path scanning tool)
https://github.com/0xbug / Howl (network device fingerprint scan retrieval web service)
https://github.com/mozilla/cipherscan (ssl target host service type identification)
https://github.com/xmendez/wfuzz(Web fuzz application tool framework, At the same time can be used for web path / service scanning)
https://github.com/s0md3v/Breacher (backstage path scanner multithreaded execution can also be used to find the redirection vulnerability)
https://github.com/ztgrace/changeme (weak password scanner, not only support the general logon page, and also supports ssh, mongodb and other components)
https://github.com/medbenali/CyberScan (penetration testing aids, support the analysis of data packets, decoding, port scanning, IP address analysis etc.)
https://github.com/m0nad/HellRaiser (based on nmap Scanners, vulnerability associated with cve)
https://github.com/scipag/vulscan (based on high-level vulnerability scanner nmap, the command-line environments)
https://github.com/jekyc/wig(web application information gathering tool)
https://github.com / eldraco / domain_analyzer (information gathering and "domain transfer" around the domain name web services such as vulnerability scanning, port scanning is also supported for server behind, etc.)
https://github.com/cloudtracer/paskto (Nikto scan rules based on passive and an information path of the scanning reptiles)
https://github.com/zerokeeper/WebEye (WEB server to quickly identify the type, the CMS type, the type of the WAF, the WHOIS information, and language frame)
https://github.com/m3liot/shcheck (with security checks in the http header of a web service)
https://github.com/aipengjie/sensitivefilescan (a sensitive files fast and efficient scanning tool)
https://github.com/fnk0c/cangibrina (through exhaustive dictionary, google, robots.txt and other means of cross-platform back-end management path scanner)
https://github.com/n4xh4ck5/CMSsc4n (CMS conventional fingerprint recognition)
https://github.com/Ekultek/WhatWaf(WAF and automated fingerprint identification bypassing tool)
HTT ps: //github.com/dzonerzy/goWAPT (fuzzy network tools, frame, while a network path / service scanning)
https://github.com/blackye/webdirdig(web sensitive directory / information leak scan script)
https://github.com/GitHackTools/BillCipher (information-gathering tool for website or IP address)
HTTPS: // GitHub. com / boy-hack / w8fuckcdn (get real IP by scanning the entire network automation program)
https://github.com/boy-hack/w11scan (distributed WEB fingerprint identification platform)
https://github.com/Nekmo/ dirhunt (web crawlers formula directory scan tool)
dedicated (i.e., specificity for certain components) scanner
https://github.com/blackye/Jenkins(Jenkins vulnerability detection, the user grabs blasting)
https://github.com/ code-scan / dzscan (first integrated Discuz scan tool)
https://github.com/chuhades/CMS-Exploit-Framework (a simple to use and elegant CMS scan frame)
https://github.com/lijiejie / IIS_shortname_Scanner (IIS short file name enumeration violent exploits)
https://github.com/riusksk/FlashScanner(flashxss scan)
https://github.com/coffeehb/SSTIF (raising a server-side template injection vulnerabilities half automated tools)
https://github.com/epinna/tplmap (server-side template injection leakage Cave detection and use of tools)
https://github.com/cr0hn/dockerscan(Docker scan tool)
https://github.com/m4ll0k/WPSeku (a streamlined wordpress scanning tools)
https://github.com/rastating/wordpress-exploit- framework (integrated wordpress exploit framework)
https://github.com/ilmila/J2EEScan (a plug-in for scanning burpsuite J2EE applications)
https://github.com/riusksk/StrutScan (a perl-based strut2 history vulnerability scanner)
https://github.com/D35m0nd142/LFISuite (local file containing the exploit and scan tools, to support a rebound shell)
https://github.com/0x4D31/salt-scanner (based Salt Open and Vulners Linux Audit API of the linux vulnerability scanner, using the support in conjunction with JIRA, slack platform)
https://github.com/tijme/angularjs-csti-scanner (automatic detection of the client AngularJS template injection vulnerability tool)
HTTPS: // GitHub. com / irsdl / IIS-ShortName- scanner (Java short file name written in IIS violence enumeration exploits)
https://github.com/swisskyrepo/Wordpresscan (based on an optimized version of wordpress WPScan and WPSeku scanner)
https://github.com/CHYbeta/cmsPoc(CMS penetration testing framework)
https://github.com/rudSarkar/crlf-injector(CRLF injection vulnerabilities batch scanning)
https://github.com/3gstudent/Smbtouch-Scanner (net present within the automated scanning leaked by the shadow broker ETERNAL series of loopholes)
https://github.com/utiso/dorkbot (page Search and vulnerability scanning through customized Google search engine)
HTTPS: // GitHub. com / OsandaMalith / LFiFreak (local file containing the exploit and scan tools, to support a rebound shell)
https://github.com/mak-/parameth (GET / POST unknown parameter field is used to enumerate scripts)
HTTPS: // GitHub .com / Lucifer1993 / struts-scan ( struts2 vulnerability detection and use the full version of the tool)
https://github.com/hahwul/a2sv(SSL vulnerability scanning, such as heart blood loopholes)
https://github.com/ NullArray / DorkNet (vulnerability-based web search search engine)
https://github.com/NickstaDB/BaRMIe (used to attack blasting Java Remote Method Invocation service tool)
https://github.com/RetireJS/grunt-retire ( common vulnerability scanning extension js library)
https://github.com/kotobukki/BDA (hadoop / sparks big data platform for vulnerabilities detection tool)
https://github.com/jagracey/Regex-DoS(RegEx denial of service scanner)
HTTPS: / /github.com/milesrichardson/docker-onion-nmap (hidden on the use of NMAP scans of the Tor network "onion" service)
https://github.com/Moham3dRiahi/XAttacker(Web CMS Exploit tools, including 66 against the mainstream CMS different exploits)
https://github.com/lijiejie/BBScan (a mini-batch scanning of information leakage script)
https://github.com/almandin/fuxploider (file upload vulnerability scanner and the use of tools)
HTTPS: //github.com/Ice3man543/SubOver (subdomain takeover vulnerability testing tools, support 30+ cloud hosting service detection)
https://github.com/Jamalc0m/wphunter(WordPress vulnerability scanner also supports scanning sensitive documents leaked )
https://github.com/retirejs/retire.js (detection sites depend JavaScript library presence known common vulnerabilities)
https://github.com/3xp10it/xupload (upload feature automatically detects whether to upload webshell)
https://github.com/mobrine-mob/M 0B-tool (CMS fingerprint identification and automated penetration testing framework)
https://github.com/rezasp/vbscan (framework of the Forum vBulletin black box vulnerability scanner)
https://github.com/MrSqar-Ye/BadMod(CMS fingerprint identification and automated penetration testing framework)
HTTPS: // GitHub. com / Tuhinshubhra / CMSeeK (CMS vulnerability and exploit detection kit)
https://github.com/cloudsploit/scans(AWS security audit tool)
https://github.com/radenvodka/SVScanner (for wp, magento, joomla and other CMS the vulnerability scanner and automatic use of tools)
https://github.com/rezasp/joomscan(OWASP's joomla vulnerability scanning project)
https://github.com/6IX7ine/djangohunter (used to detect due to incorrect configuration results in exposure of sensitive information Django application)
wireless network (audit) scanner
https://github.com/savio-code/fern-wifi-cracker/ (wireless security audit tools)
https://github.com/m4n3dw0lf/PytheM(Python network / penetration testing tools)
https://github.com/P0cL4bs/WiFi-Pumpkin (wireless security penetration testing suite)
https://github.com/MisterBianco/BoopSuite (wireless network audit tools to support 2-5GHZ band)
https://github.com/DanMcInerney/LANs.py(ARP deception, wireless network hijacking)
https://github.com/besimaltnok/PiFinger (check wifi is "Big Pineapple" the open hot spots, and give the network ratings )
https://github.com/derv82/wifite2 (automated wireless network attack tools wifite reconstructed version)
LAN (local network) scanner
https://github.com/sowish/LNScan (based on the BBScan via.lijiejie local network scan)
your own network scanning
https://github.com/SkyLined/LocalNetworkScanner (JavaScript-based local network scanning)
free software URL: address port scan
code audit tools or scanner
https://github.com/wufeifei / cobra (white-box code security audit system)
https://github.com/OneSourceCat/phpvulhunter (static PHP code audit)
https://github.com/Qihoo360/phptrace (tracking, analysis tools PHP running conditions)
HTTPS: //github.com/ajinabraham/NodeJsScan (NodeJS the application code audit)
https://github.com/shengqi158/pyvulhunter(Python application audit)
https://github.com/presidentbeef/brakeman(Ruby on Rails application of static code analysis)
https://github.com/python-security/pyt(Python application of static code audit)
https://github.com/m4ll0k/ WPSploit (WordPress plug-in code security audit)
https://github.com/emanuil/php-reaper (ADOdb code may exist for SQL vulnerability scanning PHP applications)
https://github.com/lowjoel/phortress (with to detect potential security vulnerabilities of PHP static code analysis tool)
modular design scanner or vulnerability assessment framework
https://github.com/az0ne/AZScanner (automated vulnerability scanner, subdomain blasting, port scanning, directory blasting, common framework vulnerability detection)
https://github.com/blackye/lalascan (distributed web vulnerability scanning frame collection owasp top10 border asset discovery and vulnerability scanning capabilities)
https://github.com/blackye/BkScanner(BkScanner distributed, plug-in of web vulnerability scanner)
passive vulnerability scanning tool https://github.com/ysrc/GourdScanV2(ysrc produced)
https://github.com/netxfly/passive_scan (web-based vulnerability scanners http proxy)
HTTPS: / /github.com/1N3/ Sn1per (automated scanner comprising a scanning and fingerprinting middleware)
https://github.com/RASSec/pentestEr_Fully-automatic-scanner (directional fully automated penetration testing tools)
https://github.com/3xp10it/3xp10it (automated penetration testing framework to support real cdn ip lookup, fingerprint identification, etc.)
https://github.com/Lcys/lcyscan (python plug of vulnerability scanners, scanning support for generating reports)
https://github.com/Xyntax/POC-T (penetration testing plug-in of concurrent framework)
HTTPS: // GitHub .com / v3n0m-scanner / v3n0M- scanner ( scanner detects support SQLI / XSS / LFI / RFI vulnerability, etc.)
https://github.com/Skycrab/leakScan(Web graphical vulnerability scanning frame)
HTTPS: // github.com/zhangzhenfeng/AnyScan (a network of automated penetration testing framework)
https://github.com/Tuhinshubhra/RED_HAWK (an integrated information gathering, vulnerability scanning, fingerprint scanning and other in-one tool)
HTTPS : //github.com/Arachni/arachni (highly integrated Web application vulnerability scanner framework to support REST, RPC api calls, etc.)
https://github.com/infobyte/faraday (integrated penetration testing and vulnerability management platform aid platform)
https://github.com/juansacco/exploitpack (infiltration Testing Integration Framework, contains more than 38,000+ attack)
https://github.com/swisskyrepo/DamnWebScanner (based on chrome / Opera widget passive vulnerability scanning)
https://github.com/anilbaranyelken/tulpar (supports a variety of network vulnerability scanning, command-line environments)
HTTPS: // github.com/m4ll0k/Spaghetti(web application scanners, fingerprint recognition support, file directory blasting, SQL / XSS / RFI vulnerability scanning, etc., can also be used directly for struts, ShellShock scanning, etc.)
https://github.com/Yukinoshita47 / Yuki-Chan-the-Auto -Pentest ( integrated subdomain enumeration, web applications scanner nmap, waf fingerprint recognition module)
https://github.com/0xsauby/yasuo (ruby developed using the host network scanning the existence of third-party web service application vulnerabilities)
https://github.com/hatRiot/clusterd(Web automated scanning application framework that supports automated upload webshell)
https://github.com/erevus-cn/pocscan (an open source Poc invocation framework, you can easily call Pocsuite, Tangscan, Beebeeto, Knowsec old version POC, docker deployment) can be used
https://github.com/TophantTechnology/osprey (elephant Competence Center produced and long-term maintenance of open source exploit framework)
https://github.com/yangbh/Hammer(Web application vulnerability scanning frame)
https://github.com/Lucifer1993/AngelSword(Web application vulnerability scanning framework, based on python3)
https://github.com/secrary/EllaScanner (passive vulnerability scanning, vulnerability identification number support history cve)
HTTPS: // GitHub. com / zaproxy / zaproxy (OWASP ZAP core project produced a comprehensive penetration testing tools)
https://github.com/sullo/nikto(Web service integrated scanner, is used to specify the target collection of assets, security configuration or security flaws vulnerability scanning)
https://github.com/s0md3v/Striker (a multi-faceted information gathering, vulnerability scanning and fingerprinting tool)
https://github.com/dermotblair/webvulscan (a web application vulnerability scanner, support scanning the reflection type and a storage type xss, sql injection vulnerabilities such support report output pdf)
https://github.com/alienwithin/OWASP-mth3l3m3nt-framework (aids penetration testing, utilization frame)
https://github.com / toyakula / luna (automated web-based vulnerability scanning tool passive scanning frame)
https://github.com/Manisso/fsociety (penetration testing auxiliary frame including information gathering, wireless penetration, network applications Scanning and other functions)
https://github.com/boy-hack/w9scan (built 1200 + plug-in web vulnerability scanning frame)
https://github.com/YalcinYolalan/WSSAT(Web service security assessment tool that provides a simple .exe application windows based operating system)
https://github.com/AmyangXYZ/AssassinGo (use to develop scalable and high concurrency penetration testing framework)
https://github.com/jeffzh3ng/InsectsAwake (vulnerability scanning system application framework based on Flask)
https://github.com/m4ll0k/Galileo (Web application security audit framework metasploit on a similar operation)
HTTPS : //github.com/joker25000/Optiva-Framework (a web application vulnerability scanner that supports scanning reflective and storage type xss, sql injection and other vulnerabilities)
https://github.com/theInfectedDrake/TIDoS-Framework (integrated Web application 104 modules penetration testing framework)
advanced persistent threat (APT) tools
https://github.com/Neo23x0/Loki (APT invasion marks a scanner)
industrial control systems and large-scale network-related security tools
https: //github.com/w3h/icsmaster/tree/master/nse(ICS equipment nmap scan script)
https://github.com/OpenNetworkingFoundation/DELTA(SDN security assessment framework)
collection purposes
This warehouse to collect intention is to provide open source security scanning tools in the construction of enterprise information security protection system process can refer to all kinds of enterprise security practitioners to expect businesses to take advantage of these scanners to self-test their business to improve its own business security

Guess you like

Origin www.cnblogs.com/despotic/p/11095416.html
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com