rverton / Webanalyze
Licence: mit
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Stars: ✭ 311
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Webanalyze
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+347.59%)
Mutual labels: pentesting, enumeration
Jalesc
Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box
Stars: ✭ 152 (-51.13%)
Mutual labels: pentesting, enumeration
Scilla
🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-62.7%)
Mutual labels: pentesting, enumeration
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+643.41%)
Mutual labels: pentesting, enumeration
Ssrfmap
Simple Server Side Request Forgery services enumeration tool.
Stars: ✭ 50 (-83.92%)
Mutual labels: pentesting, enumeration
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-53.7%)
Mutual labels: pentesting, enumeration
Bugcrowd Levelup Subdomain Enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (+64.95%)
Mutual labels: pentesting, enumeration
Enumdb
Relational database brute force and post exploitation tool for MySQL and MSSQL
Stars: ✭ 167 (-46.3%)
Mutual labels: pentesting, enumeration
Pspy
Monitor linux processes without root permissions
Stars: ✭ 2,470 (+694.21%)
Mutual labels: pentesting, enumeration
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+179.74%)
Mutual labels: pentesting, enumeration
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-41.48%)
Mutual labels: pentesting, enumeration
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+176.21%)
Mutual labels: pentesting, enumeration
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-74.92%)
Mutual labels: pentesting, enumeration
Horn3t
Powerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-61.41%)
Mutual labels: pentesting, enumeration
Nullinux
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+45.02%)
Mutual labels: pentesting, enumeration
Dostoevsky Pentest Notes
Notes for taking the OSCP in 2097. Read in book form on GitBook
Stars: ✭ 495 (+59.16%)
Mutual labels: pentesting, enumeration
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-49.84%)
Mutual labels: pentesting, enumeration
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-43.09%)
Mutual labels: pentesting, enumeration
webanalyze
This is a port of Wappalyzer in Go. This tool is designed to be performant and allows to test huge lists of hosts.
Installation and usage
Precompiled releases can be downloaded directly here.
If you want to build for yourself:
$ go get -v -u github.com/rverton/webanalyze/cmd/webanalyze
$ webanalyze -update # loads new technologies.json file from wappalyzer project
$ webanalyze -h
Usage of webanalyze:
-apps string
app definition file. (default "technologies.json")
-crawl int
links to follow from the root page (default 0)
-host string
single host to test
-hosts string
filename with hosts, one host per line.
-output string
output format (stdout|csv|json) (default "stdout")
-search
searches all urls with same base domain (i.e. example.com and sub.example.com) (default true)
-silent
avoid printing header (default false)
-update
update apps file
-worker int
number of worker (default 4)
The -update flags downloads a current version of technologies.json from the wappalyzer repository to the current folder.
Development / Usage as a lib
See cmd/webanalyze/main.go for an example on how to use this as a library.
Example
$ ./webanalyze -host robinverton.de -crawl 1
:: webanalyze : v1.0
:: workers : 4
:: apps : technologies.json
:: crawl count : 1
:: search subdomains : true
https://robinverton.de/hire/ (0.5s):
Highlight.js, (Miscellaneous)
Netlify, (Web Servers, CDN)
Google Font API, (Font Scripts)
http://robinverton.de (0.8s):
Highlight.js, (Miscellaneous)
Netlify, (Web Servers, CDN)
Hugo, 0.42.1 (Static Site Generator)
Google Font API, (Font Scripts)
$ ./webanalyze -host robinverton.de -crawl 1 -output csv
:: webanalyze : v1.0
:: workers : 4
:: apps : technologies.json
:: crawl count : 1
:: search subdomains : true
Host,Category,App,Version
https://robinverton.de/hire/,Miscellaneous,Highlight.js,
https://robinverton.de/hire/,Font Scripts,Google Font API,
https://robinverton.de/hire/,"Web Servers,CDN",Netlify,
http://robinverton.de,"Web Servers,CDN",Netlify,
http://robinverton.de,Static Site Generator,Hugo,0.42.1
http://robinverton.de,Miscellaneous,Highlight.js,
http://robinverton.de,Font Scripts,Google Font API,
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].