we5ter / scanners-box Goto Github PK

url https://github.com/m3liot/shcheck

Just check security headers on a target website

项目地址：https://github.com/shmilylty/OneForAll

Photon is an incredibly fast web crawler which extracts URLs, website accounts, emails, aws buckets, files and more.

https://github.com/s0md3v/Photon

One more thing, please change all the occurrences of UltimateHackers to s0md3v as I changed my username recently.

Thanks ^_^

https://github.com/edoardottt/awesome-hacker-search-engines

一、可以把扫描器改称为“安全行业从业人员自研开源安全工具合集”，把扫描器放在下面的一个分支里，现在的话局限性有点大，很多不错的工具都无法收录。

二、推出英语版，针对外国安全研究者在github上方便搜索

It can replace your whole set of XSS tools.
Features:

1. Fuzz parameters for XSS
2. Bruteforce parameters
3. Open the POC in a browser window
4. All payloads are hand crafted
5. Can detect and bypass WAFs
   Repo: https://github.com/UltimateHackers/XSStrike

https://github.com/9tail123/wooscan

这个"webshell检测或木马分析工具" 条目中的项目 https://github.com/ym2011/ScanBackdoor 不是我的，但是发现代码都没写完，是个半成品，不能运行。个人认为不能加入Scanners-Box中，请求移除项目，减轻对寻求相关项目人士的误导。

AngelSword作者已在说明中称已停止维护

https://github.com/Lucifer1993/AngelSword/blob/master/README.md

Hi, could you consider to add Credential Digger ? It is an open-source GitHub scanner, reducing false positives with machine learning.

See if its worthy for the collection:
https://github.com/AmyangXYZ/AssassinGo

See if its worthy for the collection:
https://github.com/jaeles-project/jaeles

See if its worthy for the collection:
https://github.com/j3ssie/Osmedeus

从此工具的官方描述、代码注释以及代码来看，此工具非子域名枚举工具，我几个月前就已移除，只是大家在fork之后未及时更新，给大家说声抱歉，最早收集的时候没有仔细看。

Scans domains for data on their HTTPS configuration and assorted other things.

scanners/subdomains.py用于筛选满足条件的子域名：

##
# == subdomains ==
#
# This scanner takes a CSV full of *potential* subdomains (e.g. a list of DNS requests)
# and produces a resulting subdomains.csv of likely "public websites".
#
# Given three input files:
#
# 1. CSV of potential subdomains (the main input CSV)
# 2. CSV of subdomains to be excluded (e.g. from manual review)
# 3. CSV of second-levels with a metadata field in 3rd column (e.g. .gov domain list)
#
# This scanner filters out:
#
# * second-level domains (or www subdomains)
# * subdomains that didn't get the "inspect" scanner run on them
# * subdomains that weren't reachable by HTTP/HTTPS over the public internet
# * subdomains that matched a wildcard DNS record AND whose "canonical" endpoint
#   returned a *non-200* status code. 200 status codes should be manually reviewed.
# * subdomains which appear on the provided exclusion list (input CSV #2)
#
# And includes fields for:
#
# * Subdomain's parent second-level domain's metadata (input CSV #3)
# * Whether the subdomain appears to redirect to another second-level domain
# * Whether the subdomain appears to redirect to another subdomain within the same second-level
# * The HTTP status code returned by the subdomain's "canonical" endpoint (best guess)
# * Whether the subdomain appears to match a wildcard DNS record
#
##

因此我认为将其添加到中间件扫描器为妥！

Binance Teams up With Macau Judiciary Police To Launch Joint Anti-Scam Campaign
https://s.binance.com/GoJnZlJh

您好，我是联通智慧安全敏感信息监测处置组的，您在Github平台是上传的信息涉及到联通内部敏感数据，希望您这边能将相关信息下线删除，URL如下：
https://github.com/We5ter/Scanners-Box/blob/89b68a9e22665d6483b48ea4c3727d80822005bc/wordlist_users_passwords/user_emails.txt

类似kali, 集成这些工具得镜像，有没有；如果没有，有没有推荐得，我现在用得 sn1per，

https://github.com/chuhades/dnsbrute

See if its worthy for the collection:
https://github.com/boy-hack/w9scan

Take a look at my Breahcer and it to this awesome list if you think it deserves it.
https://github.com/UltimateHackers/Breacher

https://github.com/boy-hack/w8fuckcdn 通过扫描全网获得真实IP的自动化程序
https://github.com/boy-hack/w11scan 分布式WEB指纹识别平台

另外https://github.com/boy-hack/w8scan 是无效项目，但链接中还存在，希望删除

https://github.com/yunxu1/dnsub 高并发跨平台子域名扫描

https://github.com/yunxu1/dnsub/releases releases下载

项目地址：https://github.com/kvesta/vesta

You should remove XSSight from XSS Scanner list because it got upgraded to XSStrike.

https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/0xwindows/VulScritp (Intranet penetration test scripts)

能否在每个项目增加一个加入时间呢

now, OWASP Maryam completely migrated to python3

Take a look at it and feature if it worths it.
https://github.com/UltimateHackers/sqlmate

Cyclops 是一款具有 XSS 检测功能的浏览器
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking

英文介绍
Cyclops is a web browser with XSS detection feature
https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking/blob/main/README-en.md

https://github.com/boy-hack/WebshellManager 一句话WEB端管理工具
https://github.com/boy-hack/gwhatweb CMS识别 python gevent实现
https://github.com/boy-hack/w8scan 一款模仿bugscan的扫描器
https://github.com/boy-hack/pythonwebhack python web框架建立的在线渗透平台

https://github.com/OpenNetworkingFoundation/DELTA (Sdn security evaluation framework)

DELTA: SDN SECURITY EVALUATION FRAMEWORK
We now manage DELTA in new repository (https://github.com/seungsoo-lee/DELTA).

See if its worthy for the collection:
https://github.com/UltimateHackers/Striker

MDUT - Multiple Database Utilization Tools 项目地址：https://github.com/SafeGroceryStore/MDUT

OWASP Maryam : Open-source Intelligence(OSINT) Framework

Thank