we5ter / scanners-box Goto Github PK
View Code? Open in Web Editor NEWA powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
https://github.com/OpenNetworkingFoundation/DELTA (Sdn security evaluation framework)
DELTA: SDN SECURITY EVALUATION FRAMEWORK
We now manage DELTA in new repository (https://github.com/seungsoo-lee/DELTA).
Take a look at it and feature if it worths it.
https://github.com/UltimateHackers/sqlmate
AngelSword作者已在说明中称已停止维护
https://github.com/Lucifer1993/AngelSword/blob/master/README.md
https://github.com/0xwindows/VulScritp (Intranet penetration test scripts)
OWASP Maryam : Open-source Intelligence(OSINT) Framework
Thank
这个"webshell检测或木马分析工具" 条目中的项目 https://github.com/ym2011/ScanBackdoor 不是我的,但是发现代码都没写完,是个半成品,不能运行。个人认为不能加入Scanners-Box中,请求移除项目,减轻对寻求相关项目人士的误导。
See if its worthy for the collection:
https://github.com/jaeles-project/jaeles
https://github.com/yunxu1/dnsub 高并发跨平台子域名扫描
https://github.com/yunxu1/dnsub/releases releases下载
Take a look at my Breahcer and it to this awesome list if you think it deserves it.
https://github.com/UltimateHackers/Breacher
一、可以把扫描器改称为“安全行业从业人员自研开源安全工具合集”,把扫描器放在下面的一个分支里,现在的话局限性有点大,很多不错的工具都无法收录。
二、推出英语版,针对外国安全研究者在github上方便搜索
Cyclops 是一款具有 XSS 检测功能的浏览器
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking
英文介绍
Cyclops is a web browser with XSS detection feature
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking/blob/main/README-en.md
See if its worthy for the collection:
https://github.com/AmyangXYZ/AssassinGo
MDUT - Multiple Database Utilization Tools 项目地址:https://github.com/SafeGroceryStore/MDUT
https://github.com/boy-hack/w8fuckcdn 通过扫描全网获得真实IP的自动化程序
https://github.com/boy-hack/w11scan 分布式WEB指纹识别平台
另外https://github.com/boy-hack/w8scan 是无效项目,但链接中还存在,希望删除
类似kali, 集成这些工具得镜像,有没有;如果没有,有没有推荐得,我现在用得 sn1per,
https://github.com/boy-hack/WebshellManager 一句话WEB端管理工具
https://github.com/boy-hack/gwhatweb CMS识别 python gevent实现
https://github.com/boy-hack/w8scan 一款模仿bugscan的扫描器
https://github.com/boy-hack/pythonwebhack python web框架建立的在线渗透平台
now, OWASP Maryam completely migrated to python3
You should remove XSSight from XSS Scanner list because it got upgraded to XSStrike.
Hi, could you consider to add Credential Digger ? It is an open-source GitHub scanner, reducing false positives with machine learning.
See if its worthy for the collection:
https://github.com/UltimateHackers/Striker
See if its worthy for the collection:
https://github.com/j3ssie/Osmedeus
See if its worthy for the collection:
https://github.com/boy-hack/w9scan
能否在每个项目增加一个加入时间呢
Binance Teams up With Macau Judiciary Police To Launch Joint Anti-Scam Campaign
https://s.binance.com/GoJnZlJh
It can replace your whole set of XSS tools.
Features:
您好,我是联通智慧安全敏感信息监测处置组的,您在Github平台是上传的信息涉及到联通内部敏感数据,希望您这边能将相关信息下线删除,URL如下:
https://github.com/We5ter/Scanners-Box/blob/89b68a9e22665d6483b48ea4c3727d80822005bc/wordlist_users_passwords/user_emails.txt
从此工具的官方描述、代码注释以及代码来看,此工具非子域名枚举工具,我几个月前就已移除,只是大家在fork之后未及时更新,给大家说声抱歉,最早收集的时候没有仔细看。
Scans domains for data on their HTTPS configuration and assorted other things.
scanners/subdomains.py用于筛选满足条件的子域名:
##
# == subdomains ==
#
# This scanner takes a CSV full of *potential* subdomains (e.g. a list of DNS requests)
# and produces a resulting subdomains.csv of likely "public websites".
#
# Given three input files:
#
# 1. CSV of potential subdomains (the main input CSV)
# 2. CSV of subdomains to be excluded (e.g. from manual review)
# 3. CSV of second-levels with a metadata field in 3rd column (e.g. .gov domain list)
#
# This scanner filters out:
#
# * second-level domains (or www subdomains)
# * subdomains that didn't get the "inspect" scanner run on them
# * subdomains that weren't reachable by HTTP/HTTPS over the public internet
# * subdomains that matched a wildcard DNS record AND whose "canonical" endpoint
# returned a *non-200* status code. 200 status codes should be manually reviewed.
# * subdomains which appear on the provided exclusion list (input CSV #2)
#
# And includes fields for:
#
# * Subdomain's parent second-level domain's metadata (input CSV #3)
# * Whether the subdomain appears to redirect to another second-level domain
# * Whether the subdomain appears to redirect to another subdomain within the same second-level
# * The HTTP status code returned by the subdomain's "canonical" endpoint (best guess)
# * Whether the subdomain appears to match a wildcard DNS record
#
##
因此我认为将其添加到中间件扫描器为妥!
Photon is an incredibly fast web crawler which extracts URLs, website accounts, emails, aws buckets, files and more.
https://github.com/s0md3v/Photon
One more thing, please change all the occurrences of UltimateHackers
to s0md3v
as I changed my username recently.
Thanks ^_^
url https://github.com/m3liot/shcheck
Just check security headers on a target website
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.