we5ter / scanners-box Goto Github PK

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

pentesting-tools hacker-tools vulnerability-scanners information-security redteam-tools penetration-testing devsecops security-automation smart-contracts privacy-compliance

scanners-box's People

Contributors

Stargazers

Watchers

Forkers

solutionplus r00tak 957204459 janepeak520 haply tdr130 brianwrf eniac888 songofhack wucaishi xfkxfk llovoll chengfangang aliluyala ezy2015 ssdtfarm xiaofengtongxue pengtao007 san-na webvul byte4sec jackbro c3stbon j0bkeeper lfoder fireswood dptechma w4ter npc7 sampr0 ahmatjan zminjiao thor509 xunnun leohuang2015 tuhaolam adonchan fooying 404soul ziv0chou n0maj1o24 tyekrgk oneroy anlev5 uppentest codeself lhxkailiang ver007 whojeff shengxinking magicpwn arschlochnop xlck1ng blueroutecn antonio24 chencool blbana cyri1s wbellmelodyw t1med0ut xiju2003 aka99 xiaodin1 0xqq webshell520 yi6ei2ifd ysice jesseei jguoguo michael1981 j5s lockgit aylhex m3g4byt3 theralfbrown pghook bipabo1l v1cker chakra-coder 1sn0m4d liuhuimin westke jackerzhou bongwa purplehua vvip phpplay awesome-security yhdsir linxi0428 fzxcp3 xxoxx fenxiahui vysecurity 0x24bin newaynewlife pysec linger118927 skskevin huaxuduan

scanners-box's Issues

AngelSword作者已停止维护

AngelSword作者已在说明中称已停止维护

https://github.com/Lucifer1993/AngelSword/blob/master/README.md

Add Jaeles Framework

See if its worthy for the collection:
https://github.com/jaeles-project/jaeles

Add OWASP Maryam : Open-source Intelligence(OSINT) Framework

OWASP Maryam : Open-source Intelligence(OSINT) Framework

Thank

p

https://github.com/edoardottt/awesome-hacker-search-engines

wifi

mb

Add AssassinGo

See if its worthy for the collection:
https://github.com/AmyangXYZ/AssassinGo

Add Osmedeus

See if its worthy for the collection:
https://github.com/j3ssie/Osmedeus

Photon

Photon is an incredibly fast web crawler which extracts URLs, website accounts, emails, aws buckets, files and more.

https://github.com/s0md3v/Photon

One more thing, please change all the occurrences of UltimateHackers to s0md3v as I changed my username recently.

Thanks ^_^

联通相关数据删除

您好，我是联通智慧安全敏感信息监测处置组的，您在Github平台是上传的信息涉及到联通内部敏感数据，希望您这边能将相关信息下线删除，URL如下：
https://github.com/We5ter/Scanners-Box/blob/89b68a9e22665d6483b48ea4c3727d80822005bc/wordlist_users_passwords/user_emails.txt

Add Credential Digger

Hi, could you consider to add Credential Digger ? It is an open-source GitHub scanner, reducing false positives with machine learning.

hi

关于工具18F/domain-scan的说明

从此工具的官方描述、代码注释以及代码来看，此工具非子域名枚举工具，我几个月前就已移除，只是大家在fork之后未及时更新，给大家说声抱歉，最早收集的时候没有仔细看。


Scans domains for data on their HTTPS configuration and assorted other things.

scanners/subdomains.py用于筛选满足条件的子域名：

##
# == subdomains ==
#
# This scanner takes a CSV full of *potential* subdomains (e.g. a list of DNS requests)
# and produces a resulting subdomains.csv of likely "public websites".
#
# Given three input files:
#
# 1. CSV of potential subdomains (the main input CSV)
# 2. CSV of subdomains to be excluded (e.g. from manual review)
# 3. CSV of second-levels with a metadata field in 3rd column (e.g. .gov domain list)
#
# This scanner filters out:
#
# * second-level domains (or www subdomains)
# * subdomains that didn't get the "inspect" scanner run on them
# * subdomains that weren't reachable by HTTP/HTTPS over the public internet
# * subdomains that matched a wildcard DNS record AND whose "canonical" endpoint
#   returned a *non-200* status code. 200 status codes should be manually reviewed.
# * subdomains which appear on the provided exclusion list (input CSV #2)
#
# And includes fields for:
#
# * Subdomain's parent second-level domain's metadata (input CSV #3)
# * Whether the subdomain appears to redirect to another second-level domain
# * Whether the subdomain appears to redirect to another subdomain within the same second-level
# * The HTTP status code returned by the subdomain's "canonical" endpoint (best guess)
# * Whether the subdomain appears to match a wildcard DNS record
#
##

因此我认为将其添加到中间件扫描器为妥！

恳请收录 Cyclops--一款具有 XSS 检测功能的浏览器

Cyclops 是一款具有 XSS 检测功能的浏览器
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking

英文介绍
Cyclops is a web browser with XSS detection feature
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking/blob/main/README-en.md

添加项目

https://github.com/boy-hack/w8fuckcdn 通过扫描全网获得真实IP的自动化程序
https://github.com/boy-hack/w11scan 分布式WEB指纹识别平台

另外https://github.com/boy-hack/w8scan 是无效项目，但链接中还存在，希望删除

XSStrike : XSS fuzzer & Bruteforcer [Request]

It can replace your whole set of XSS tools.
Features:

Fuzz parameters for XSS
Bruteforce parameters
Open the POC in a browser window
All payloads are hand crafted
Can detect and bypass WAFs
Repo: https://github.com/UltimateHackers/XSStrike

Remove XSSight

You should remove XSSight from XSS Scanner list because it got upgraded to XSStrike.

add dnsub

https://github.com/yunxu1/dnsub 高并发跨平台子域名扫描

https://github.com/yunxu1/dnsub/releases releases下载

一些小建议

一、可以把扫描器改称为“安全行业从业人员自研开源安全工具合集”，把扫描器放在下面的一个分支里，现在的话局限性有点大，很多不错的工具都无法收录。

二、推出英语版，针对外国安全研究者在github上方便搜索

OWASP Maryam: Migrate to python3

now, OWASP Maryam completely migrated to python3

请求移除项目

这个"webshell检测或木马分析工具" 条目中的项目 https://github.com/ym2011/ScanBackdoor 不是我的，但是发现代码都没写完，是个半成品，不能运行。个人认为不能加入Scanners-Box中，请求移除项目，减轻对寻求相关项目人士的误导。

Add SQLMate

Take a look at it and feature if it worths it.
https://github.com/UltimateHackers/sqlmate

请问下有没有集成这些工具得iso下载

类似kali, 集成这些工具得镜像，有没有；如果没有，有没有推荐得，我现在用得 sn1per，

a fast domain brute tool

https://github.com/chuhades/dnsbrute

check security http headers tools

url https://github.com/m3liot/shcheck

Just check security headers on a target website

Add w9scan

See if its worthy for the collection:
https://github.com/boy-hack/w9scan

“OpenNetworkingFoundation/DELTA” 地址改了

https://github.com/OpenNetworkingFoundation/DELTA (Sdn security evaluation framework)

DELTA: SDN SECURITY EVALUATION FRAMEWORK
We now manage DELTA in new repository (https://github.com/seungsoo-lee/DELTA).