All Categories → Security → security-scanner

Top 106 security-scanner open source projects

Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Grinder
🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Security Scripts
A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)
Yawast
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Portauthority
A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Wpscan V3
THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!
Gsil
GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Vuln Web Apps
A curated list of vulnerable web applications.
Pbscan
Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
Nosqli
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Security Checker
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.
Minions
Distributed filesystem scanner
Btscan
批量漏洞扫描框架
Vscan Go
golang version for nmap service and application version detection (without nmap installation)
Pakala
Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine
Keynuker
🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Kube Score
Kubernetes object analysis with recommendations for improved reliability and security
Hoper
Security tool to trace URL's jumps across the rel links to obtain the last URL
Slowhttptest
Application Layer DoS attack simulator
Pentest Chainsaw
Scrapes Router Passwords From http://www.routerpasswords.com ,more then +300 product
Machine Learning Approach For Malware Detection
A Machine Learning approach for classifying a file as Malicious or Legitimate
Doublepulsar Detection Script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Censys Ruby
Ruby API client for the Censys internet-wide network-scan search engine
Recon Raven
Reconnaissance tool of Penetration test & Bug Bounty
Esd
Enumeration sub domains(枚举子域名)
Inql
InQL - A Burp Extension for GraphQL Security Testing
Serverscan
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
Wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Jsprime
a javascript static security analysis tool
1-60 of 106 security-scanner projects