https://github.com/we5ter/scanners-box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
https://github.com/we5ter/scanners-box
apk-analysis binary-analysis code-analyzer devsecops exploitation-framework hacker-tools information-security malware-analysis penetration-testing pentesting-tools privacy-compliance redteam-tools security-audit security-automation smart-contracts static-analysis vulnerability-scanners wifi-hacking wifi-security
Last synced: 4 months ago
JSON representation
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
- Host: GitHub
- URL: https://github.com/we5ter/scanners-box
- Owner: We5ter
- Created: 2016-12-24T16:07:50.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-11-11T10:23:21.000Z (over 1 year ago)
- Last Synced: 2025-01-29T17:44:40.331Z (over 1 year ago)
- Topics: apk-analysis, binary-analysis, code-analyzer, devsecops, exploitation-framework, hacker-tools, information-security, malware-analysis, penetration-testing, pentesting-tools, privacy-compliance, redteam-tools, security-audit, security-automation, smart-contracts, static-analysis, vulnerability-scanners, wifi-hacking, wifi-security
- Homepage:
- Size: 7.08 MB
- Stars: 8,378
- Watchers: 407
- Forks: 2,385
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
English | [简体中文](./README_CN.md)
## Donate with PayPal or Buy me a coffee
## Sponsors
Albert
## Introduction
**Scanners Box** also known as **scanbox**, is a powerful **hacker toolkit**, which has collected more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc. **But for other Well-known scanning tools, such as nmap, w3af, brakeman, arachni, nikto, metasploit, aircrack-ng will not be included in the scope of collection.**
## Contents
- [AIGC Security](#aigc-security)
- [Smart Contracts Security](#smart-contracts-security)
- [Red Team vs Blue Team](#red-team-vs-blue-team)
- [Mobile App Packages Analysis](#mobile-apps-packages-analysis)
- [Binary Executables Analysis](#binary-executables-analysis)
- [Privacy Compliance](#privacy-compliance)
- [Subdomain Enumeration or Takeover](#subdomain-enumeration-or-takeover)
- [Database SQL Injection Vulnerability or Brute Force](#database-sql-injection-vulnerability-or-brute-force)
- [Weak Usernames or Passwords Enumeration For Web](#weak-usernames-or-passwords-enumeration-for-web)
- [IoT Hardware Automated Audit](#iot-hardware-automated-audit)
- [Mutiple types of Cross-site scripting Detection](#mutiple-types-of-cross-site-scripting-detection)
- [Enterprise sensitive information Leak Scan](#enterprise-sensitive-information-leak-scan)
- [Malicious Scripts Detection](#malicious-scripts-detection)
- [Vulnerability Assessment for Middleware](#vulnerability-assessment-for-middleware)
- [Special Vulnerability Categories Scan for Web](#special-vulnerability-categories-scan-for-web)
- [Dynamic or Static Code Analysis](#dynamic-or-static-code-analysis)
- [Modular Design Scanners or Vulnerability Detecting Framework](#modular-design-scanners-or-vulnerability-detecting-framework)
- [Advanced Persistent Threat Detect](#advanced-persistent-threat-detect)
***
### AIGC Security
- https://github.com/leondz/garak - **LLM vulnerability scanner for hallucination, data leakage, promp injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses**
>      
- https://github.com/protectai/rebuff - **Designed to protect AI applications from prompt injection (PI) attacks**
>      
- https://github.com/mnns/LLMFuzzer - **Fuzzing Framework for Large Language Models**
>      
- https://github.com/Tencent/AI-Infra-Guard - **A.I.G (AI-Infra-Guard) integrates capabilities such as AI infrastructure vulnerability scanning, MCP Server risk detection, and LLM security assessments**
>      
### Smart Contracts Security
- https://github.com/ConsenSys/mythril - **Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera etc.**
>      
- https://github.com/enzymefinance/oyente - **An Analysis Tool for Smart Contracts**
>      
- https://github.com/eth-sri/securify2 - **Official security scanner for Ethereum smart contracts supported by the Ethereum Foundation**
>      
- https://github.com/smartdec/smartcheck - **Static analysis tool that detects vulnerabilities and bugs in Solidity programs**
>      
- https://github.com/ivicanikolicsg/MAIAN - **Automatic tool for finding trace vulnerabilities in Ethereum smart contracts**
>      
### Red Team vs Blue Team
#### Supply Chain Analysis(SCA)
- https://github.com/murphysecurity/murphysec - **Open source tool for software supply chain security**
>      
#### Container and Cluster
- https://github.com/cdk-team/CDK - **A tool to gather information inside container/cluster and exploit them**
>      
- https://github.com/cr0hn/dockerscan - **Docker security analysis & hacking tools**
>      
- https://github.com/armosec/kubescape - **The first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA**
>      
- https://github.com/chaitin/veinmind-tools - **Container security scanner for backdoor, malicious, weak pass and sensitive and the like.**
>      
- https://github.com/deepfence/ThreatMapper - **Scan for in-production vulnerabilities and exposed secrets, and identify attack paths to reach them remotely**
>      
- https://github.com/deepfence/SecretScanner - **Scan containers and host filesystems for unprotected keys, API tokens and passwords**
>      
- https://github.com/cyberark/KubiScan - **A tool to scan Kubernetes cluster for risky permissions**
>      
- https://github.com/kvesta/vesta - **A static analysis of vulnerabilities, Docker and Kubernetes cluster configuration detect toolkit**
>      
- https://github.com/anchore/grype - **A vulnerability scanner for container images and filesystems**
>      
#### Services fingerprint detection
- https://github.com/EdgeSecurityTeam/EHole - **Core system fingerprint detection tool for Red team**
>      
- https://github.com/opabravo/mass-bruter - **Mass bruteforce network protocols and default credentials for ports**
>      
#### Man-In-The-Middle
- https://github.com/niloofarkheirkhah/nili - **Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing**
>      
#### The framework
- https://github.com/m4n3dw0lf/PytheM - **Multi-purpose network pentest framework**
>      
- https://github.com/FunnyWolf/Viper - **Graphical, Modularization and weaponization intranet penetration tool**
>      
- https://github.com/P1-Team/AlliN - **Mostly used for asset collection before penetration and lateral movement of intranet**
>      
- https://github.com/k8gege/LadonGo - **Pentest framework for Windows/Linux/Mac intranet networks**
>      
- https://github.com/shmilylty/netspy - **Quickly scan the reachable network segmentation of the intranet**
>      
- https://github.com/byt3bl33d3r/CrackMapExec - **Swiss army knife for pentesting Windows/Active Directory environments**
>      
- https://github.com/u21h2/nacs - **Event-driven intranet pentest scanner**
>      
- https://github.com/h4wkst3r/SCMKit - **Source Code Management Attack Toolkit,such as GitHub Enterprise, GitLab Enterprise and Bitbucket Server**
>      
- https://github.com/lijiejie/MisConfig_HTTP_Proxy_Scanner - **Helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers**
>      
- https://github.com/chainreactors/gogo - **A highly controllable and scalable automation engine for red teams**
>      
- https://github.com/freelabz/secator - **secator - the pentester's swiss knife**
>      
#### Wireless Pentest
- https://github.com/savio-code/fern-wifi-cracker - **Testing and discovering flaws in ones own network**
>      
- https://github.com/P0cL4bs/WiFi-Pumpkin - **Framework for Rogue Wi-Fi Access Point Attack**
>      
- https://github.com/MisterBianco/BoopSuite - **A Suite of Tools written in Python for wireless auditing and security testing**
>      
- https://github.com/besimaltnok/PiFinger - **Searches for wifi-pineapple traces and calculate wireless network security score**
>      
- https://github.com/derv82/wifite2 - **A complete re-write of Wifite,Automated Wireless Attack Tool**
>      
- https://github.com/D3Ext/WEF - **Wi-Fi Exploitation Framework for 2.4 and 5 Ghz both attacks**
>      
- https://github.com/pinecone-wifi/pinecone - **A WLAN red team framework**
>      
### Mobile Apps Packages Analysis
- https://github.com/dwisiswant0/apkleaks - **Scanning APK file for URIs, endpoints & secrets**
>      
- https://github.com/kelvinBen/AppInfoScanner - **Collecting information from APK file, support self-defined rules**
>      
- https://github.com/maaaaz/androwarn - **Yet another static code analyzer for malicious Android applications**
>      
- https://github.com/quark-engine/quark-engine - **Android Malware (Analysis | Scoring) System**
>      
- https://github.com/droidefense/engine - **Advance Android malware analysis framework**
>      
- https://github.com/abhi-r3v0/Adhrit - **Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks**
>       
- https://github.com/pascal-lab/Tai-e - **An easy-to-learn/use static analysis framework for Java, especially for Android**
>      
- https://github.com/Cyber-Buddy/APKHunt - **A comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework**
>      
- https://github.com/cryptax/droidlysis - **A pre-analysis tool for Android apps: it performs repetitive and boring tasks we'd typically do at the beginning of any reverse engineering**
>      
### Binary Executables Analysis
- https://github.com/m4rco-/dorothy2 - **A malware/botnet analysis framework written in Ruby**
>      
- https://github.com/Tencent/HaboMalHunter - **Used for automated malware analysis and security assessment on the Linux system**
>      
- https://github.com/KeenSecurityLab/BinAbsInspector - **Static analyzer for automated reverse engineering and scanning vulnerabilities in binaries**
>      
- https://github.com/fkie-cad/cwe_checker - **Static analyzer for detecting common bug classes such as buffer overflows in binaries**
>      
- https://github.com/airbus-seclab/bincat - **Binary code static analyser, with IDA integration. Performs value and taint analysis**
>      
### Privacy Compliance
- https://github.com/riskscanner/riskscanner - **Multi-cloud privacy compliance scanning platform, through Cloud Custodian's YAML DSL to define scanning rules**
>      
- https://github.com/momosecurity/bombus - **Enterprise security and privacy compliance platform**
>      
### Subdomain Enumeration or Takeover
- https://github.com/lijiejie/subDomainsBrute - **A classical subdomain enumeration Tool by lijiejie**
>      
- https://github.com/ring04h/wydomain - **A Speed and Precision subdomain enumeration Tool by ringzero**
>      
- https://github.com/le4f/dnsmaper - **Subdomain enumeration tool with map record**
>      
- https://github.com/TheRook/subbrute - **A DNS meta-query spider that enumerates DNS records, and subdomains,supported API**
>      
- https://github.com/We5ter/GSDF - **Subdomain enumeration via Google certificate transparency**
>      
- https://github.com/mandatoryprogrammer/cloudflare_enum - **Subdomain enumeration via CloudFlare**
>      
- https://github.com/guelfoweb/knock - **Knock subdomain scan**
>      
- https://github.com/exp-db/PythonPool/tree/master/Tools/DomainSeeker - **An intergratd Python subdomain enumeration tool**
>      
- https://github.com/code-scan/BroDomain - **Find brother domain**
>      
- https://github.com/chuhades/dnsbrute - **A fast domain brute tool**
>      
- https://github.com/yanxiu0614/subdomain3 - **A simple and fast tool for bruting subdomains**
>      
- https://github.com/michenriksen/aquatone - **A powerful subdomain tool and domain takeovers finding tools**
>      
- https://github.com/evilsocket/dnssearch - **A subdomain enumeration tool**
>      
- https://github.com/reconned/domained - **Subdomain enumeration tools for bug hunting**
>      
- https://github.com/bit4woo/Teemo - **A domain name & Email address collection tool**
>      
- https://github.com/laramies/theHarvester - **E-mail, subdomain and people names harvester**
>      
- https://github.com/nmalcolm/Inventus - **A spider designed to find subdomains of a specific domain by crawling it**
>      
- https://github.com/aboul3la/Sublist3r - **Fast subdomains enumeration tool for penetration testers**
>      
- https://github.com/jonluca/Anubis - **Subdomain enumeration and information gathering tool**
>      
- https://github.com/n4xh4ck5/N4xD0rk - **Listing subdomains about a main domain**
>      
- https://github.com/infosec-au/altdns - **Subdomain discovery through alterations and permutations**
>      
- https://github.com/FeeiCN/ESD - **Enumeration sub domains tool,based on AsyncIO and non-repeating dict**
>      
- https://github.com/UnaPibaGeek/ctfr - **Abusing certificate transparency logs for getting HTTPS websites subdomains**
>      
- https://github.com/giovanifss/Dumb - **Dumain Bruteforcer, a fast and flexible domain bruteforcer**
>      
- https://github.com/OWASP/Amass - **In-depth Attack Surface Mapping and Asset Discovery**
>      
- https://github.com/Ice3man543/subfinder - **A subdomain discovery tool which has a simple modular architecture and has been aimed as a successor to sublist3r project**
>      
- https://github.com/Ice3man543/SubOver - **A powerful subdomain takeover tool**
>      
- https://github.com/janniskirschner/horn3t - **Powerful Visual Subdomain Enumeration**
>      
- https://github.com/yunxu1/dnsub - **A high concurrency and cross platform subdomain scanner based on Golang**
>      
- https://github.com/shmilylty/OneForAll - **An ultimate subdomains scanner integrated multiple subdomain scanning tools**
>      
- https://github.com/knownsec/ksubdomain - **A stateless and cross-platform subdomain enumeration tool, speed up to 30w/s on Mac and Windows, and 160w/s on Linux**
>      
- https://github.com/gwen001/github-subdomains - **Find subdomains on GitHub**
>      
- https://github.com/bit4woo/domain_hunter_pro - **Domain finder and Targets management, automated information collection, integrated with burpsuite**
>      
- https://github.com/m4ll0k/takeover - **Sub-Domain TakeOver Vulnerability Scanner**
>      
- https://github.com/v4d1/Dome - **Active and/or passive scan to obtain subdomains and search for open port**
>      
- https://github.com/cramppet/regulator - **Automated subdomain enumeration tool by learning of regexes for DNS discovery**
>      
- https://github.com/hadriansecurity/subwiz - **A lightweight GPT model, trained to discover subdomains.**
>      
### Database SQL Injection Vulnerability or Brute Force
- https://github.com/0xbug/SQLiScanner - **A SQLi vulnerability scanner via SQLMAP and Charles**
>      
- https://github.com/stamparm/DSSS - **A SQLi vulnerability scanner with 99 lines of code**
>      
- https://github.com/youngyangyang04/NoSQLAttack - **A SQLi vulnerability scanner for mongoDB**
>      
- https://github.com/Neohapsis/bbqsql - **A blind SQLi vulnerability scanner**
>      
- https://github.com/NetSPI/PowerUpSQL - **A SQLi vulnerability scanner with Powershell script**
>      
- https://github.com/WhitewidowScanner/whitewidow - **Another SQL vulnerability scanner**
>      
- https://github.com/stampery/mongoaudit - **A powerful MongoDB auditing and pentesting tool**
>      
- https://github.com/torque59/Nosql-Exploitation-Framework - **A Python framework For NoSQL scanning and exploitation**
>      
- https://github.com/missDronio/blindy - **Simple script to automate brutforcing blind sql injection vulnerabilities**
>      
- https://github.com/fengxuangit/Fox-scan - **A initiative and passive SQL injection vulnerable test tools**
>      
- https://github.com/JohnTroony/Blisqy - **Exploit time-based blind-SQL injection in HTTP-Headers**
>      
- https://github.com/ron190/jsql-injection - **A lightweight application used to find database information from a distant server**
>      
- https://github.com/Hadesy2k/sqliv - **Massive SQL injection vulnerability scanner**
>      
- https://github.com/s0md3v/sqlmate - **A friend of SQLmap which will do what you always expected from SQLmap**
>      
- https://github.com/m8r0wn/enumdb - **MySQL and MSSQL brute force and post exploitation tool**
>      
- https://github.com/tariqhawis/injectbot - **A web-based, easy-to-use, SQL injection scanner and exploiter tool**
>      
### Weak Usernames or Passwords Enumeration For Web
- https://github.com/lijiejie/htpwdScan - **A python HTTP weak pass scanner**
>      
- https://github.com/netxfly/crack_ssh - **SSH, Redis, mongoDB weak password bruteforcer**
>      
- https://github.com/shengqi158/weak_password_detect - **A python HTTP weak password scanner**
>      
- https://github.com/s0md3v/Blazy - **a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF**
>      
- https://github.com/MooseDojo/myBFF - **Web application brute force framework,supports Citrix Gateway,CiscoVPN and so on**
>      
- https://github.com/TideSec/web_pwd_common_crack - **A common web weak_password cracking script,can detect batches of management backgrounds without verification codes**
>      
### IoT Hardware Automated Audit
- https://github.com/rapid7/IoTSeeker - **Weak-password IoT devices scanner**
>      
- https://github.com/shodan-labs/iotdb - **IoT Devices scanner via nmap**
>      
- https://github.com/googleinurl/RouterHunterBR - **Testing vulnerabilities in devices and routers connected to the Internet**
>      
- https://github.com/scu-igroup/telnet-scanner - **Weak telnet password scanner based on password enumeration**
>      
- https://github.com/viraintel/OWASP-Nettacker - **Network information gathering vulnerability scanner,most useful to scan IoT**
>      
- https://github.com/threat9/routersploit - **Exploitation Framework for embedded Devices,such as router**
>      
- https://github.com/w3h/icsmaster/tree/master/nse - **Digital bond's ICS enumeration tools**
>      
- https://github.com/firmianay/firmeye - **An IDA plug-in, based on sensitive function parameter backtracking to assist in vulnerability mining**
>      
- https://github.com/bahaabdelwahed/st - **An advanced security tool engineered specifically to scrutinize and detect threats within the intricate protocols utilized by IoT (Internet of Things) devices**
>      
- https://github.com/0x4D31/salt-scanner - **Linux vulnerability scanner based on Salt Open and vulners audit API, with Slack notifications and JIRA integration**
>      
- https://github.com/vulmon/Vulmap - **Local vulnerability scanning programs for Windows and Linux operating systems**
>      
### Mutiple types of Cross-site scripting Detection
- https://github.com/0x584A/fuzzXssPHP - **A very simple reflected XSS scanner supports GET/POST**
>      
- https://github.com/chuhades/xss_scan - **Reflected XSS scanner**
>      
- https://github.com/BlackHole1/autoFindXssAndCsrf - **A plugin for browser that checks automatically whether a page haves XSS and CSRF vulnerabilities**
>      
- https://github.com/shogunlab/shuriken - **XSS command line tool for testing lists of XSS payloads on web apps**
>      
- https://github.com/s0md3v/XSStrike - **Fuzz and bruteforce parameters for XSS, WAFs detect and bypass**
>      
- https://github.com/stamparm/DSXS - **A fully functional cross-site scripting vulnerability scanner,supporting GET and POST parameters,and written in under 100 lines of code**
>      
- https://github.com/fcavallarin/domdig - **DOM XSS scanner for Single Page Applications**
>      
- https://github.com/lwzSoviet/NoXss - **Faster reflected-xss and dom-xss scanner based on Phantomjs**
>      
- https://github.com/pwn0sec/PwnXSS - **A powerful XSS scanner made in python 3.7**
>      
- https://github.com/hahwul/dalfox - **Parameter Analysis and XSS Scanning tool based on golang**
>      
### Enterprise sensitive information Leak Scan
- https://github.com/x0day/Multisearch-v2 - **Enterprise assets collector based on search engine**
>      
- https://github.com/Ekultek/Zeus-Scanner - **An advanced dork searching tool that is capable of finding IP address /URL blocked by search engine,and can run sqlmap and nmap scans on the URL's**
>      
- https://github.com/metac0rtex/GitHarvester - **Used for harvesting information from GitHub**
>      
- https://github.com/repoog/GitPrey - **Searching sensitive files and contents in GitHub**
>    ![GitHub last commit](https://img.shields.io/github/last-comm