Packages that scan selected systems for vulnerabilities.
Tool count: 552
| Name | Version | Description | Category | Website |
|---|---|---|---|---|
| 0d1n | 1:210.78028eb | Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. | webapp fuzzer scanner | |
| 0trace | 1.5 | A hop enumeration tool. | scanner | |
| a2sv | 135.973ba13 | Auto Scanning to SSL Vulnerability (HeartBleed, CCS Injection, SSLv3 POODLE, FREAK, LOGJAM Attack, SSLv2 DROWN etc). | scanner | |
| adminpagefinder | 0.1 | This python script looks for a large amount of possible administrative interfaces on a given site. | webapp scanner | |
| admsnmp | 0.1 | ADM SNMP audit scanner. | scanner | |
| allthevhosts | 1.0 | A vhost discovery tool that scrapes various web applications. | scanner webapp | |
| amass | 2:886.f12600b | In-depth subdomain enumeration written in Go. | scanner recon | |
| androidsniffer | 0.1 | A perl script that lets you search for 3rd party passwords, dump the call log, dump contacts, dump wireless configuration, and more. | mobile scanner sniffer | |
| anti-xss | 166.2725dc9 | A XSS vulnerability scanner. | webapp scanner | |
| apache-users | 2.1 | This perl script will enumerate the usernames on a unix system that use the apache module UserDir. | scanner | |
| api-dnsdumpster | 59.eda15d6 | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
| apnbf | 0.1 | A small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device. | wireless scanner | |
| appmon | 153.97d2276 | A runtime security testing & profiling framework for native apps on macOS, iOS & android and it is built using Frida. | mobile scanner | |
| aquatone | 120.854a5d5 | a set of tools for performing reconnaissance on domain names. | recon scanner | |
| arjun | 74.3d4853d | HTTP parameter discovery suite. | webapp scanner | |
| arp-scan | 1.9.7 | A tool that uses ARP to discover and fingerprint IP hosts on the local network | networking scanner fingerprint | |
| asp-audit | 2BETA | An ASP fingerprinting tool and vulnerability scanner. | fingerprint scanner webapp | |
| assetfinder | 16.3527f1c | Find domains and subdomains potentially related to a given domain. | scanner recon | |
| atear | 139.245ec8d | Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. | wireless recon scanner | |
| athena-ssl-scanner | 0.6.2 | a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers. | scanner crypto | |
| atscan | 2367.4c29b7c | Server, Site and Dork Scanner. | scanner webapp fuzzer exploitation automation | |
| atstaketools | 0.1 | This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. | windows scanner forensic cracker sniffer recon | |
| autorecon | 71.ff94d45 | A multi-threaded network reconnaissance tool which performs automated enumeration of services. | automation recon scanner | |
| aws-extender-cli | 10.e5df716 | Script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues. | scanner webapp | |
| awsbucketdump | 76.f8a6301 | A tool to quickly enumerate AWS S3 buckets to look for loot. | automation scanner | |
| badkarma | 85.2c46334 | Advanced network reconnaissance toolkit. | scanner networking recon | |
| badministration | 16.69e4ec2 | A tool which interfaces with management or administration applications from an offensive standpoint. | webapp scanner recon fingerprint | |
| barmie | 1.01 | Java RMI enumeration and attack tool. | scanner | |
| basedomainname | 0.1 | Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. | recon scanner | |
| bbscan | 43.af852f3 | A tiny Batch weB vulnerability Scanner. | webapp scanner fuzzer | |
| belati | 72.49577a1 | The Traditional Swiss Army Knife for OSINT. | scanner recon webapp | |
| billcipher | 28.3d3322a | Information Gathering tool for a Website or IP address. | recon scanner | |
| bing-lfi-rfi | 0.1 | This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. | webapp scanner fuzzer | |
| bingoo | 3.698132f | A Linux bash based Bing and Google Dorking Tool. | scanner | |
| birp | 65.b2e108a | A tool that will assist in the security assessment of mainframe applications served over TN3270. | scanner recon fuzzer | |
| blackbox-scanner | 4:1.7a25220 | Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. | scanner recon cracker | |
| bleah | 53.6a2fd3a | A BLE scanner for "smart" devices hacking. | scanner wireless bluetooth | |
| blindy | 12.59de8f2 | Simple script to automate brutforcing blind sql injection vulnerabilities. | scanner | |
| bluebox-ng | 1:1.1.0 | A GPL VoIP/UC vulnerability scanner. | voip scanner fuzzer | |
| bluelog | 1.1.2 | A Bluetooth scanner and sniffer written to do a single task, log devices that are in discoverable mode. | bluetooth scanner | |
| bluescan | 1.0.6 | A Bluetooth Device Scanner. | bluetooth scanner | |
| bluto | 1:139.0055524 | Recon, Subdomain Bruting, Zone Transfers. | scanner recon | |
| braa | 0.82 | A mass snmp scanner | scanner | |
| brakeman | 3453.72b85bd07 | A static analysis security vulnerability scanner for Ruby on Rails applications | code-audit exploitation scanner | |
| bss | 0.8 | Bluetooth stack smasher / fuzzer | bluetooth fuzzer scanner | |
| btscanner | 2.1 | Bluetooth device scanner. | bluetooth scanner | |
| burpsuite | 1:2.1.04 | An integrated platform for attacking web applications (free edition). | fuzzer proxy scanner webapp | |
| cameradar | 139.0984607 | Hacks its way into RTSP videosurveillance cameras. | scanner | |
| camscan | 1.0057215 | A tool which will analyze the CAM table of Cisco switches to look for anamolies. | scanner networking defensive | |
| canari | 3.3.10 | A transform framework for maltego | forensic recon scanner | |
| cangibrina | 123.6de0165 | Dashboard Finder. | scanner webapp | |
| cansina | 2:25.b5d8ddb | A python-based Web Content Discovery Tool. | webapp scanner | |
| cantoolz | 1:424.bc4c2bf | Framework for black-box CAN network analysis https://asintsov.blogspot.de/. | automobile recon fuzzer scanner | |
| casefile | 1.0.1 | The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information | forensic recon scanner | |
| cecster | 5.15544cb | A tool to perform security testing against the HDMI CEC (Consumer Electronics Control) and HEC (HDMI Ethernet Channel) protocols. | scanner fuzzer | |
| changeme | 261.431f4f1 | A default credential scanner. | scanner | |
| chaosmap | 1.3 | An information gathering tool and dns / whois / web server scanner | forensic scanner recon | |
| check-weak-dh-ssh | 0.1 | Debian OpenSSL weak client Diffie-Hellman Exchange checker. | scanner crypto | |
| checksec | 2.1.0 | Tool designed to test which standard Linux OS and PaX security features are being used | automation scanner | |
| cheetah-suite | 21.2364713 | Complete penetration testing suite (port scanning, brute force attacks, services discovery, common vulnerabilities searching, reporting etc.) | scanner fingerprint cracker | |
| chipsec | 3:1.4.3.r18.gdb4186f | Framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. | hardware binary forensic scanner fuzzer | |
| chiron | 48.524abe1 | An all-in-one IPv6 Penetration Testing Framework. | scanner networking exploitation proxy | |
| cipherscan | 415.ff8eac4 | A very simple way to find out which SSL ciphersuites are supported by a target. | scanner crypto | |
| cisco-auditing-tool | 1 | Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts. | cracker fuzzer scanner | |
| cisco-scanner | 0.2 | Multithreaded Cisco HTTP vulnerability scanner. Tested on Linux, OpenBSD and Solaris. | cracker scanner | |
| cisco-torch | 0.4b | Cisco Torch mass scanning, fingerprinting, and exploitation tool. | exploitation fingerprint scanner | |
| ciscos | 1.3 | Сканирует сети классов A, B и C в поисках роутеров cisco с открытым портом telnet и неизменённым заводским паролем от cisco. | scanner | |
| clair | 2.0.9 | Vulnerability Static Analysis for Containers. | scanner | |
| climber | 30.5530a78 | Check UNIX/Linux systems for privilege escalation. | scanner | |
| cloudflare-enum | 10.412387f | Cloudflare DNS Enumeration Tool for Pentesters. | scanner | |
| cloudmare | 40.1cc4773 | A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. | recon scanner | |
| cloudsploit | 391.fac412d | AWS security scanning checks. | scanner automation | |
| cloudunflare | 14.b91a8a7 | Reconnaissance Real IP address for Cloudflare Bypass. | recon scanner | |
| cms-few | 0.1 | Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python. | webapp scanner | |
| cmsfuzz | 5.6be5a98 | Fuzzer for wordpress, cold fusion, drupal, joomla, and phpnuke. | webapp scanner fuzzer | |
| cmsmap | 1:8.59dd0e2 | A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. | scanner automation webapp exploitation | |
| cmsscanner | 0.7.1 | CMS Scanner Framework. | webapp scanner recon fingerprint | |
| comission | 189.1cbdcf7 | WhiteBox CMS analysis. | webapp scanner | |
| complemento | 0.7.6 | A collection of tools for pentester: LetDown is a powerful tcp flooder ReverseRaider is a domain scanner that use wordlist scanning or reverse resolution scanning Httsquash is an http server scanner, banner grabber and data retriever | fingerprint scanner | |
| configpush | 0.8.5 | This is a tool to span /8-sized networks quickly sending snmpset requests with default or otherwise specified community string to Cisco devices. | scanner | |
| conscan | 1.2 | A blackbox vulnerability scanner for the Concre5 CMS. | fuzzer scanner webapp | |
| cookie-cadger | 1.08 | An auditing tool for Wi-Fi or wired Ethernet connections. | fuzzer scanner | |
| corscanner | 57.01bfdba | Fast CORS misconfiguration vulnerabilities scanner. | webapp scanner | |
| corstest | 7.d8ddce2 | A simple CORS misconfigurations checker. | scanner webapp | |
| cpfinder | 0.1 | This is a simple script that looks for administrative web interfaces. | scanner webapp | |
| crackmapexec | 438.a258bcf | A swiss army knife for pentesting Windows/Active Directory environments. | scanner exploitation | |
| creepy | 1:137.9f60449 | A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. | scanner social recon | |
| ct-exposer | 22.5af35c3 | An OSINT tool that discovers sub-domains by searching Certificate Transparency logs | scanner recon | |
| cvechecker | 3.9 | The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. | scanner | |
| cybercrowl | 111.f7cac52 | A Python Web path scanner tool. | webapp scanner | |
| cyberscan | 75.ca85794 | A Network Pentesting Tool | networking scanner | |
| d-tect | 13.9555c25 | Pentesting the Modern Web. | scanner recon webapp | |
| dark-dork-searcher | 1.0 | Dark-Dork Searcher. | windows scanner | |
| darkbing | 0.1 | A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection. | scanner fuzzer webapp | |
| darkscrape | 58.0efe2a3 | OSINT Tool For Scraping Dark Websites. | webapp scanner recon | |
| datasploit | 1:367.a270d50 | A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. | recon scanner | |
| davscan | 30.701f967 | Fingerprints servers, finds exploits, scans WebDAV. | webapp scanner fingerprint recon | |
| davtest | 1.0 | Tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target | scanner | |
| dawnscanner | 1:v1.6.9.r6.gac3eba5 | A static analysis security scanner for ruby written web applications. | webapp scanner | |
| dbusmap | 13.1870475 | This is a simple utility for enumerating D-Bus endpoints, an nmap for D-Bus. | scanner | |
| dcrawl | 7.3273c35 | Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. | scanner webapp | |
| deblaze | 0.3 | A remote method enumeration tool for flex servers | scanner | |
| delldrac | 0.1a | DellDRAC and Dell Chassis Discovery and Brute Forcer. | scanner cracker | |
| dhcpig | 2:92.9fd8df5 | Enhanced DHCPv4 and DHCPv6 exhaustion and fuzzing script written in python using scapy network library. | scanner fuzzer dos | |
| dirb | 2.22 | A web content scanner, brute forceing for hidden files. | scanner webapp | |
| dirble | 1:1.4.2 | Fast directory scanning and scraping tool. | webapp scanner | |
| dirbuster | 1.0_RC1 | An application designed to brute force directories and files names on web/application servers | scanner webapp | |
| dirbuster-ng | 9.0c34920 | C CLI implementation of the Java dirbuster tool. | webapp scanner | |
| dirhunt | 214.c015930 | Find web directories without bruteforce. | webapp scanner | |
| dirscanner | 0.1 | This is a python script that scans webservers looking for administrative directories, php shells, and more. | scanner webapp | |
| dirscraper | 16.e752450 | OSINT Scanning tool which discovers and maps directories found in javascript files hosted on a website. | webapp scanner | |
| dirsearch | 316.d8b81cf | HTTP(S) directory/file brute forcer. | webapp scanner | |
| dirstalk | 1.3.0 | Modern alternative to dirbuster/dirb. | scanner webapp | |
| dmitry | 1.3a | Deepmagic Information Gathering Tool. Gathers information about hosts. It is able to gather possible subdomains, email addresses, and uptime information and run tcp port scans, whois lookups, and more. | scanner | |
| dnmap | 0.6 | The distributed nmap framework | scanner | |
| dns2geoip | 0.1 | A simple python script that brute forces DNS and subsequently geolocates the found subdomains. | scanner recon | |
| dnsa | 0.5 | DNSA is a dns security swiss army knife | scanner | |
| dnsbf | 0.3 | Search for available domain names in an IP range. | scanner | |
| dnsbrute | 2.b1dc84a | Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. | recon scanner | |
| dnsenum | 1.2.4.2 | Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. | recon scanner | |
| dnsgoblin | 1:0.1 | Nasty creature constantly searching for DNS servers. It uses standard dns queries and waits for the replies. | scanner | |
| dnspredict | 0.0.2 | DNS prediction. | scanner | |
| dnsspider | 1.1 | A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. | recon scanner | |
| dnstwist | 247.396fd59 | Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. | scanner recon | |
| dnswalk | 2.0.2 | A DNS debugger. | recon scanner | |
| dockerscan | 58.b7fce60 | Docker security analysis & hacking tools. | scanner | |
| dorkbot | 96.5f1cbbe | Command-line tool to scan Google search results for vulnerabilities. | scanner | |
| dorkme | 56.73305d6 | Tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities. | scanner | |
| dpscan | 0.1 | Drupal Vulnerabilty Scanner. | scanner webapp fuzzer | |
| driftnet | 1:v1.2.1.r0.gd2314f8 | Listens to network traffic and picks out images from TCP streams it observes. | scanner sniffer | |
| dripper | v1.r1.gc9bb0c9 | A fast, asynchronous DNS scanner; it can be used for enumerating subdomains and enumerating boxes via reverse DNS. | scanner | |
| droopescan | 1.41.3 | A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. | scanner webapp | |
| drozer | 2.4.4 | A security testing framework for Android - Precompiled binary from official repository. | mobile scanner fuzzer | |
| drupal-module-enum | 11.525543c | Enumerate on drupal modules. | webapp scanner | |
| drupalscan | 0.5.2 | Simple non-intrusive Drupal scanner. | webapp scanner | |
| drupwn | 1:55.fce465f | Drupal enumeration & exploitation tool. | webapp exploitation scanner | |
| dsfs | 36.8e9f8e9 | A fully functional File inclusion vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dsjs | 28.ab4ffd6 | A fully functional JavaScript library vulnerability scanner written in under 100 lines of code. | webapp scanner | |
| dsss | 120.a51f39c | A fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dsxs | 128.d79cc26 | A fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. | webapp scanner | |
| dvcs-ripper | 52.0672a34 | Rip web accessible (distributed) version control systems: SVN/GIT/... | scanner | |
| easyda | 7.0867f9b | Easy Windows Domain Access Script. | automation scanner recon | |
| eazy | 0.1 | This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. | scanner webapp | |
| eigrp-tools | 0.1 | This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. | sniffer networking recon scanner | |
| enteletaor | 65.d1fbda5 | Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. | exploitation scanner recon | |
| enum-shares | 7.97cba5a | Tool that enumerates shared folders across the network and under a custom user account. | scanner | |
| enum4linux | 0.8.9 | A tool for enumerating information from Windows and Samba systems. | recon scanner | |
| enumiax | 1.0 | An IAX enumerator. | scanner | |
| eternal-scanner | 90.510be17 | An internet scanner for exploit CVE-2017-0144 (Eternal Blue). | scanner exploitation | |
| faraday | 8258.cf593dea | A new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analyze of the generated data during the process of a security audit. | scanner exploitation fuzzer fingerprint automation misc | |
| fernmelder | 6.c6d4ebe | Asynchronous mass DNS scanner. | scanner recon | |
| fgscanner | 11.893372c | An advanced, opensource URL scanner. | scanner | |
| fhttp | 1.3 | This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. | webapp scanner fuzzer fingerprint dos | |
| fi6s | 156.6f9c301 | IPv6 network scanner designed to be fast. | scanner | |
| fierce | 0.9.9 | A DNS reconnaissance tool for locating non-contiguous IP space. A DNS scanner. | scanner | |
| find-dns | 0.1 | A tool that scans networks looking for DNS servers. | scanner | |
| findomain | 368.c67e8b1 | A tool that use Certificate Transparency logs to find subdomains. | scanner recon | |
| firewalk | 5.0 | An active reconnaissance network security tool | fuzzer scanner | |
| flashscanner | 11.6815b02 | Flash XSS Scanner. | scanner webapp | |
| flawfinder | 2.0.10 | Searches through source code for potential security flaws. | code-audit scanner | |
| flunym0us | 2.0 | A Vulnerability Scanner for Wordpress and Moodle. | scanner webapp | |
| forkingportscanner | 1 | Simple and fast forking port scanner written in perl. Can only scan one host at a time, the forking is done on the specified port range. Or on the default range of 1-65535. Has the ability to scan UDP or TCP, defaults to tcp. | scanner | |
| fping | 4.2 | A utility to ping multiple hosts at once | networking recon scanner | |
| fs-nyarl | 1.0 | A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit. | scanner networking forensic spoof exploitation sniffer | |
| fsnoop | 3.4 | A tool to monitor file operations on GNU/Linux systems by using the Inotify mechanism. Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules (also called "payload modules" or "paymods"). | scanner | |
| ftp-scanner | 0.2.5 | Multithreaded ftp scanner/brute forcer. Tested on Linux, OpenBSD and Solaris. | cracker scanner | |
| ftp-spider | 1.0 | FTP investigation tool - Scans ftp server for the following: reveal entire directory tree structures, detect anonymous access, detect directories with write permissions, find user specified data within repository. | scanner cracker | |
| ftpmap | 52.cbeabbe | Scans remote FTP servers to identify what software and what versions they are running. | fingerprint scanner | |
| ftpscout | 12.cf1dff1 | Scans ftps for anonymous access. | scanner | |
| gatecrasher | 2.3ad5225 | Network auditing and analysis tool developed in Python. | recon scanner | |
| gcpbucketbrute | 13.eefb716 | A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. | scanner | |
| gethsploit | 3.144778b | Finding Ethereum nodes which are vulnerable to RPC-attacks. | scanner | |
| gggooglescan | 0.4 | A Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. | scanner | |
| ghost-phisher | 1.62 | GUI suite for phishing and penetration attacks | scanner | |
| gitrob | 7.7be4c53 | Scan Github For Sensitive Files. | scanner | |
| gittools | 50.8fcd119 | A repository with 3 tools for pwn'ing websites with .git repositories available'. | webapp scanner | |
| gloom | 95.607162b | Linux Penetration Testing Framework. | scanner exploitation recon fuzzer social | |
| gobuster | 1:291.d41729a | Directory/file & DNS busting tool written in Go. | webapp scanner | |
| googlesub | 14.a7a3cc7 | A python script to find domains by using google dorks. | scanner | |
| goohak | 26.ee593c7 | Automatically Launch Google Hacking Queries Against A Target Domain. | recon automation scanner | |
| gpredict | 1571.2d80c94 | A real-time satellite tracking and orbit prediction application. | radio scanner | |
| grabbb | 0.0.7 | Clean, functional, and fast banner scanner. | scanner | |
| greenbone-security-assistant | 8.0.1 | Greenbone Security Assistant (gsa) - OpenVAS web frontend | scanner fuzzer exploitation | |
| grepforrfi | 0.1 | Simple script for parsing web logs for RFIs and Webshells v1.2 | scanner | |
| gtp-scan | 0.7 | A small python script that scans for GTP (GPRS tunneling protocol) speaking hosts. | scanner networking mobile | |
| gvmd | 8.0.1 | greenbone-vulnerability-manager | scanner fuzzer exploitation | |
| gwcheck | 0.1 | A simple program that checks if a host in an ethernet network is a gateway to Internet. | networking scanner | |
| h2buster | 74.9d55678 | A threaded, recursive, web directory brute-force scanner over HTTP/2. | scanner webapp | |
| h2t | 36.9183a30 | Scans a website and suggests security headers to apply. | webapp scanner defensive | |
| habu | 280.0a5c707 | Python Network Hacking Toolkit. | scanner spoof dos cracker dos | |
| hackredis | 3.fbae1bc | A simple tool to scan and exploit redis servers. | exploitation scanner | |
| hakku | 384.bbb434d | Simple framework that has been made for penetration testing tools. | scanner recon webapp exploitation fingerprint | |
| halberd | 0.2.4 | Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. | scanner webapp | |
| hasere | 1.0 | Discover the vhosts using google and bing. | recon scanner | |
| hbad | 1.0 | This tool allows you to test clients on the heartbleed bug. | scanner | |
| heartleech | 116.3ab1d60 | Scans for systems vulnerable to the heartbleed bug, and then download them. | exploitation scanner | |
| hexorbase | 2:6 | A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. It is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). | fuzzer scanner | |
| hoppy | 1.8.1 | A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. | scanner recon | |
| host-extract | 1:8.0134ad7 | Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. | scanner webapp | |
| hostbox-ssh | 0.1.1 | A ssh password/account scanner. | cracker scanner | |
| hsecscan | 64.3089ac2 | A security scanner for HTTP response headers. | scanner | |
| htcap | 1:130.a32da8b | A web application analysis tool for detecting communications between javascript and the server. | webapp scanner | |
| http-enum | 0.4 | A tool to enumerate the enabled HTTP methods supported on a webserver. | scanner | |
| httpforge | 11.02.01 | A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. | webapp scanner fuzzer recon | |
| httprobe | 21.6f1f48e | Take a list of domains and probe for working HTTP and HTTPS servers | scanner | |
| httpsscanner | 1.2 | A tool to test the strength of a SSL web server. | scanner crypto | |
| hwk | 0.4 | Collection of packet crafting and wireless network flooding tools | dos fuzzer scanner wireless | |
| iaxscan | 0.02 | A Python based scanner for detecting live IAX/2 hosts and then enumerating (by bruteforce) users on those hosts. | scanner cracker | |
| icmpquery | 1.0 | Send and receive ICMP queries for address mask and current time. | scanner | |
| idswakeup | 1.0 | A collection of tools that allows to test network intrusion detection systems. | recon networking scanner | |
| iis-shortname-scanner | 5.4ad4937 | An IIS shortname Scanner. | scanner | |
| ike-scan | 1.9 | A tool that uses IKE protocol to discover, fingerprint and test IPSec VPN servers | scanner | |
| ikeprobe | 2:0.1 | Determine vulnerabilities in the PSK implementation of the VPN server. | windows scanner cracker | |
| ilo4-toolbox | 33.a08e718 | Toolbox for HPE iLO4 analysis. | scanner automation backdoor | |
| infip | 0.1 | A python script that checks output from netstat against RBLs from Spamhaus. | scanner misc | |
| inguma | 0.1.1 | A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. | cracker disassembler exploitation fuzzer scanner | |
| inurlbr | 33.30a3abc | Advanced search in the search engines - Inurl scanner, dorker, exploiter. | scanner webapp automation | |
| ipscan | 3.6.2 | Angry IP scanner is a very fast IP address and port scanner. | scanner | |
| iptv | 136.de37822 | Search and brute force illegal iptv server. | scanner cracker | |
| ipv6toolkit | 2.0 | SI6 Networks' IPv6 Toolkit | scanner | |
| ircsnapshot | 94.cb02a85 | Tool to gather information from IRC servers. | recon scanner | |
| isme | 0.12 | Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. | voip recon scanner | |
| jaadas | 0.1 | Joint Advanced Defect assEsment for android applications. | scanner | |
| jok3r | 447.0761996 | Network and Web Pentest Framework. | webapp scanner fuzzer networking | |
| joomlascan | 1.2 | Joomla scanner scans for known vulnerable remote file inclusion paths and files. | webapp scanner | |
| joomlavs | 254.eea7500 | A black box, Ruby powered, Joomla vulnerability scanner. | webapp scanner fuzzer | |
| jsql | 0.81 | A lightweight application used to find database information from a distant server. | scanner | |
| kadimus | 113.b036a7f | LFI Scan & Exploit Tool. | webapp exploitation scanner | |
| kalibrate-rtl | 13.0b0e711 | Fork of http://thre.at/kalibrate/ for use with rtl-sdr devices. | mobile scanner | |
| katana | 1.0.0.1 | A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). | exploitation dos cracker scanner recon | |
| knock | 1:275.e2c98df | Subdomain scanner. | scanner recon | |
| knxmap | 243.2d6f622 | KNXnet/IP scanning and auditing tool for KNX home automation installations. | scanner | |
| konan | 12.88ed173 | Advanced Web Application Dir Scanner. | webapp scanner | |
| krbrelayx | 12.412b10b | Kerberos unconstrained delegation abuse toolkit. | scanner fuzzer spoof networking | |
| kube-hunter | 597.14c4992 | Hunt for security weaknesses in Kubernetes clusters. | scanner | |
| kubolt | 22.0be200d | Utility for scanning public kubernetes clusters. | webapp scanner | |
| laf | 12.7a456b3 | Login Area Finder: scans host/s for login panels. | scanner webapp | |
| ldapdomaindump | 0.9.1 | Active Directory information dumper via LDAP. | scanner networking | |
| ldapenum | 1:0.1 | Enumerate domain controllers using LDAP. | recon scanner | |
| leaklooker | 5.0d2b9fc | Find open databases with Shodan. | scanner | |
| letmefuckit-scanner | 3.f3be22b | Scanner and Exploit Magento. | scanner webapp | |
| leviathan | 35.a1a1d8c | A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. | scanner cracker webapp fuzzer exploitation | |
| lfi-scanner | 4.0 | This is a simple perl script that enumerates local file inclusion attempts when given a specific target. | scanner fuzzer webapp | |
| lfisuite | 85.470e01f | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. | scanner webapp exploitation | |
| lightbulb | 67.e0ddf00 | Python framework for auditing web applications firewalls. | webapp scanner | |
| linenum | 64.54402e9 | Scripted Local Linux Enumeration & Privilege Escalation Checks | scanner recon | |
| linikatz | 12.50289ac | Tool to attack Active Directory on UNIX. | automation scanner | |
| littleblackbox | 0.1.3 | Penetration testing tool, search in a collection of thousands of private SSL keys extracted from various embedded devices. | scanner fuzzer crypto | |
| locasploit | 117.fa48151 | Local enumeration and exploitation framework. | scanner exploitation | |
| loki-scanner | 1056.f46fc11 | Simple IOC and Incident Response Scanner. | forensic scanner | |
| lotophagi | 0.1 | a relatively compact Perl script designed to scan remote hosts for default (or common) Lotus NSF and BOX databases. | scanner | |
| lte-cell-scanner | 57.5fa3df8 | LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). | scanner mobile recon | |
| lunar | 605.1e8b66a | A UNIX security auditing tool based on several security frameworks. | scanner defensive | |
| lynis | 2.7.5 | Security and system auditing tool to harden Unix/Linux systems | scanner | |
| magescan | 1.12.9 | Scan a Magento site for information. | webapp scanner | |
| maligno | 2.5 | An open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. | scanner fuzzer exploitation | |
| maltego | 4.2.7.12570 | An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. | forensic recon scanner | |
| maryam | 2:462.473f218 | Tool to scan Web application and networks and easily and complete the information gathering process. | scanner webapp recon | |
| massbleed | 18.df4a2b0 | Automated Pentest Recon Scanner. | recon automation scanner | |
| masscan | 1.0.5 | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes | scanner | |
| meg | 85.46649de | Fetch many paths for many hosts - without killing the hosts. | webapp scanner | |
| metasploit | 5.0.60 | Advanced open-source platform for developing, testing, and using exploit code | exploitation fuzzer scanner recon networking | |
| mingsweeper | 1.00 | A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. | windows recon scanner | |
| miranda-upnp | 1.3 | A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices | exploitation scanner | |
| modscan | 0.1 | A new tool designed to map a SCADA MODBUS TCP based network. | scanner recon | |
| mongoaudit | 219.bc7d75d | A powerful MongoDB auditing and pentesting tool . | scanner fuzzer | |
| mooscan | 1:10.82963b0 | A scanner for Moodle LMS. | webapp scanner | |
| morxtraversal | 1.0 | Path Traversal checking tool. | webapp scanner | |
| mptcp-abuse | 6.b0eeb27 | A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. | networking recon scanner | |
| mssqlscan | 0.8.4 | A small multi-threaded tool that scans for Microsoft SQL Servers. | scanner | |
| multiscanner | 1559.86e0145 | Modular file scanning/analysis framework. | scanner automation | |
| mwebfp | 16.a800b98 | Mass Web Fingerprinter. | fingerprint webapp scanner | |
| nbname | 1.0 | Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! | windows sniffer recon dos scanner | |
| nbtenum | 3.3 | A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. | windows scanner recon | |
| nbtool | 1:2.bf90c76 | Some tools for NetBIOS and DNS investigation, attacks, and communication. | networking recon scanner | |
| nbtscan | 1.5.1 | NBTscan is a program for scanning IP networks for NetBIOS name information. | scanner recon | |
| netbios-share-scanner | 1.0 | This tool could be used to check windows workstations and servers if they have accessible shared resources. | scanner | |
| netreconn | 1.78 | A collection of network scan/recon tools that are relatively small compared to their larger cousins. | networking recon scanner | |
| netscan | 1.0 | Tcp/Udp/Tor port scanner with: synpacket, connect TCP/UDP and socks5 (tor connection). | scanner networking | |
| netscan2 | 1:58.a1db723 | Active / passive network scanner. | scanner recon | |
| nextnet | 3.c8dc7a6 | Pivot point discovery tool. | networking scanner | |
| nikto | 2.1.6 | A web server scanner which performs comprehensive tests against web servers for multiple items | scanner webapp fuzzer | |
| nili | 39.285220a | Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing. | scanner reversing fuzzer | |
| nmap | 7.80 | Utility for network discovery and security auditing | scanner | |
| nmbscan | 1.2.6 | Tool to scan the shares of a SMB/NetBIOS network, using the NMB/SMB/NetBIOS protocols. | scanner | |
| nosqlattack | 94.93c9bde | Python tool to automate exploit MongoDB server IP on Internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. | automation scanner | |
| nsdtool | 0.1 | A netgear switch discovery tool. It contains some extra features like bruteoforce and setting a new password. | networking scanner | |
| nsec3map | 20.1263537 | A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. | scanner recon | |
| nsia | 1.0.6 | A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. | scanner webapp defensive | |
| nsoq | 1.9.5 | A Network Security Tool for packet manipulation that allows a large number of options. | networking scanner fuzzer | |
| ntlm-challenger | 1.1080ae0 | Parse NTLM over HTTP challenge messages. | scanner | |
| nullinux | 113.757d17b | Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. | recon scanner | |
| o-saft | 3665.5546db8 | A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. | scanner recon | |
| ocs | 0.2 | Compact mass scanner for Cisco routers with default telnet/enable passwords. | scanner cracker | |
| okadminfinder | 71.8c1869c | Tool to find admin panels / admin login pages. | webapp scanner | |
| onesixtyone | 0.7 | An SNMP scanner that sends multiple SNMP requests to multiple IP addresses | cracker scanner | |
| onetwopunch | v1.0.0.r2.gd4ab4e8 | Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans. | scanner | |
| onionscan | 130.da42865 | Scan Onion Services for Security Issues. | scanner defensive | |
| opendoor | 393.c5e271f | OWASP Directory Access scanner. | webapp scanner | |
| openscap | 1.3.1.r120.g5015ade89 | Open Source Security Compliance Solution. | automation defensive scanner | |
| openvas | 6.0.1 | The OpenVAS scanning Daemon | scanner fuzzer exploitation | |
| openvas-cli | 1.4.5 | The OpenVAS Command-Line Interface | scanner fuzzer exploitation | |
| openvas-libraries | 9.0.2 | The OpenVAS libraries | scanner fuzzer exploitation | |
| openvas-manager | 7.0.3 | A layer between the OpenVAS Scanner and various client applications | scanner fuzzer exploitation | |
| openvas-scanner | 5.1.3 | The OpenVAS scanning Daemon | scanner fuzzer exploitation | |
| owasp-bywaf | 26.e730d1b | A web application penetration testing framework (WAPTF). | webapp scanner | |
| owtf | 2100.cd2e91ad | The Offensive (Web) Testing Framework. | webapp automation scanner fuzzer | |
| paketto | 1.10 | Advanced TCP/IP Toolkit. | scanner | |
| panhunt | 59.3991e5e | Searches for credit card numbers (PANs) in directories. | scanner | |
| pappy-proxy | 77.e1bb049 | An intercepting proxy for web application testing. | webapp proxy scanner fuzzer recon | |
| parameth | 56.8da6f27 | This tool can be used to brute discover GET and POST parameters. | webapp scanner | |
| paranoic | 1.7 | A simple vulnerability scanner written in Perl. | scanner scanner webapp | |
| passhunt | 5.332f374 | Search drives for documents containing passwords. | scanner | |
| pbscan | 10.566c3d7 | Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage. | scanner | |
| pcredz | 48.346ed4d | A tool that extracts credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, and more from a pcap file or from a live interface. | scanner | |
| pentbox | 1.8 | A security suite that packs security and stability testing oriented tools for networks and systems. | fuzzer scanner | |
| pentestly | 1798.93d1b39 | Python and Powershell internal penetration testing framework. | scanner recon automation | |
| plcscan | 0.1 | This is a tool written in Python that will scan for PLC devices over s7comm or modbus protocols. | scanner networking | |
| pmap | 1.10 | Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). | windows recon scanner fingerprint | |
| pnscan | 1.11 | A parallel network scanner that can be used to survey TCP network services. | scanner | |
| poison | 1.5.41 | A fast, asynchronous syn and udp scanner. | scanner | |
| postenum | 88.bbc62df | Clean, nice and easy tool for basic/advanced privilege escalation techniques. | recon scanner exploitation | |
| pown | 93.59e9626 | Security testing and exploitation toolkit built on top of Node.js and NPM. | webapp recon scanner social proxy | |
| ppscan | 0.3 | Yet another port scanner with HTTP and FTP tunneling support. | scanner | |
| prads | 1128.407cf7c | Is a "Passive Real-time Asset Detection System". | scanner networking | |
| praeda | 48.1dc2220 | An automated data/information harvesting tool designed to gather critical information from various embedded devices. | scanner | |
| pret | 81.4f3820a | Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. | exploitation fuzzer recon scanner | |
| propecia | 2 | A fast class scanner that scans for a specified open port with banner grabbing | fingerprint scanner | |
| prowler | 793.2e18192 | Tool for AWS security assessment, auditing and hardening. | defensive scanner | |
| proxmark | 2362.d3bcdbda | A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. | radio recon scanner | |
| proxycheck | 0.1 | This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver. | scanner proxy | |
| proxyp | 2013 | Small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses. | proxy scanner | |
| proxyscan | 0.3 | A security penetration testing tool to scan for hosts and ports through a Web proxy server. | scanner | |
| ptf | 1187.79a48cf | The Penetration Testers Framework is a way for modular support for up-to-date tools. | exploitation scanner recon automation | |
| pureblood | 37.2c5ce07 | A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. | automation webapp scanner fuzzer | |
| pyersinia | 49.73f4056 | Network attack tool like yersinia but written in Python. | networking fuzzer dos voip scanner exploitation | |
| pyfiscan | 2365.6461c6e | Free web-application vulnerability and version scanner. | webapp scanner | |
| pyssltest | 9.d7703f0 | A python multithreaded script to make use of Qualys ssllabs api to test SSL flaws. | scanner cryptography | |
| pytbull | 2.1 | A python based flexible IDS/IPS testing framework shipped with more than 300 tests. | scanner fuzzer | |
| pythem | 454.e4fcb8a | Python penetration testing framework. | scanner sniffer recon cracker webapp | |
| python-api-dnsdumpster | 59.eda15d6 | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
| python2-api-dnsdumpster | 59.eda15d6 | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
| python2-ldapdomaindump | 0.9.1 | Active Directory information dumper via LDAP. | scanner networking | |
| python2-webtech | 1.2.7 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
| qark | 301.ba1b265 | Tool to look for several security related Android application vulnerabilities. | mobile fuzzer scanner exploitation | |
| quickrecon | 0.3.2 | A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. | recon scanner | |
| raccoon | 183.985797f | A high performance offensive security tool for reconnaissance and vulnerability scanning. | recon scanner | |
| ranger-scanner | 149.3aae5dd | A tool to support security professionals to access and interact with remote Microsoft Windows based systems. | scanner recon | |
| rapidscan | 156.b1d7630 | The Multi-Tool Web Vulnerability Scanner. | webapp scanner recon fingerprint fuzzer exploitation | |
| ratproxy | 1.58 | A passive web application security assessment tool | fuzzer proxy scanner webapp | |
| rawr | 74.544dd75 | Rapid Assessment of Web Resources. A web enumerator. | scanner webapp | |
| reconscan | 37.d321842 | Network reconnaissance and vulnerability assessment tools. | recon scanner | |
| recsech | 115.1acd608 | Tool for doing Footprinting and Reconnaissance on the target web. | recon scanner webapp fingerprinting | |
| red-hawk | 29.12b5dfa | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. | recon scanner webapp | |
| redfang | 2.5 | Finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the devices' Bluetooth addresses and calling read_remote_name(). | bluetooth scanner | |
| regeorg | 30.1ca54c2 | The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn. | automation cracker proxy scanner | |
| relay-scanner | 1.7 | An SMTP relay scanner. | scanner | |
| responder | 2:336.9cfa3cd | A LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. | scanner fuzzer spoof networking | |
| responder-multirelay | 336.9cfa3cd | A LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2 (multirelay version), | scanner fuzzer spoof networking | |
| revipd | 5.2aaacfb | A simple reverse IP domain scanner. | recon scanner | |
| rext | 63.5f0f626 | Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices. | exploitation scanner | |
| ripdc | 0.3 | A script which maps domains related to an given ip address or domainname. | recon scanner | |
| rlogin-scanner | 0.2 | Multithreaded rlogin scanner. Tested on Linux, OpenBSD and Solaris. | cracker scanner | |
| routerhunter | 21.4da257c | Tool used to find vulnerable routers and devices on the Internet and perform tests. | scanner networking | |
| rpctools | 1.0 | Contains three separate tools for obtaining information from a system that is running RPC services | windows recon scanner | |
| rpdscan | 2.a71b0f3 | Remmina Password Decoder and scanner. | cracker scanner | |
| rtlizer | 35.5614163 | Simple spectrum analyzer. | scanner radio | |
| rtlsdr-scanner | 1013.3c032de | A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library. | scanner | |
| rustbuster | 295.18cd96e | DirBuster for Rust. | webapp scanner | |
| s3scanner | 262.28f6ab4 | Scan for open S3 buckets and dump. | scanner | |
| sambascan | 0.5.0 | Allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. | scanner | |
| sandmap | 577.7e2c10f | Nmap on steroids! Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles. | scanner automation | |
| sandy | 6.531ab16 | An open-source Samsung phone encryption assessment framework | scanner crypto mobile | |
| sb0x | 19.04f40fe | A simple and Lightweight framework for Penetration testing. | scanner fuzzer cracker backdoor recon | |
| scamper | 20181219 | A tool that actively probes the Internet in order to analyze topology and performance. | scanner recon networking | |
| scanless | 69.0f5fe0c | Utility for using websites that can perform port scans on your behalf. | scanner | |
| scanqli | 26.40a028d | SQLi scanner to detect SQL vulns. | webapp scanner | |
| scanssh | 2.1 | Fast SSH server and open proxy scanner. | scanner | |
| scap-security-guide | 0.1.45 | Security compliance content in SCAP, Bash, Ansible, and other formats. | automation defensive scanner | |
| scap-workbench | 1.2.0 | SCAP Scanner And Tailoring Graphical User Interface. | automation defensive scanner | |
| scout2 | 1182.5d86d46 | Security auditing tool for AWS environments. | scanner fuzzer | |
| scoutsuite | 4197.76c59ad5 | Multi-Cloud Security Auditing Tool. | scanner | |
| scrape-dns | 58.3df392f | Searches for interesting cached DNS entries. | scanner | |
| scrapy | 1.7.4 | A fast high-level scraping and web crawling framework. | webapp recon scanner | |
| sctpscan | 34.4d44706 | A network scanner for discovery and security. | recon scanner | |
| sdn-toolkit | 1.21 | Discover, Identify, and Manipulate SDN-Based Networks | networking scanner recon | |
| sdnpwn | 58.b1db5b9 | An SDN penetration testing toolkit. | scanner networking | |
| seat | 0.3 | Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. | scanner recon | |
| secscan | 1.5 | Web Apps Scanner and Much more utilities. | webapp scanner | |
| shareenum | 46.3bfa81d | Tool to enumerate shares from Windows hosts. | scanner | |
| sharesniffer | 51.dbf05b5 | Network share sniffer and auto-mounter for crawling remote file systems. | scanner automation | |
| shocker | 63.0380a73 | A tool to find and exploit servers vulnerable to Shellshock. | exploitation scanner | |
| shortfuzzy | 0.1 | A web fuzzing script written in perl. | webapp fuzzer scanner | |
| silk | 3.19.0 | A collection of traffic analysis tools developed by the CERT NetSA to facilitate security analysis of large networks. | networking scanner | |
| simple-lan-scan | 1.0 | A simple python script that leverages scapy for discovering live hosts on a network. | scanner recon networking | |
| sipscan | 1:0.1 | A sip scanner. | windows scanner voip | |
| sipshock | 7.6ab5591 | A scanner for SIP proxies vulnerable to Shellshock. | scanner voip | |
| sitadel | 119.0f67870 | Web Application Security Scanner. | webapp scanner | |
| skipfish | 2.10b | A fully automated, active web application security reconnaissance tool | fuzzer scanner webapp | |
| slurp | 90.6a4eaaf | S3 bucket enumerator | scanner | |
| slurp-scanner | 90.6a4eaaf | Evaluate the security of S3 buckets. | scanner | |
| smartphone-pentest-framework | 104.fc45347 | Repository for the Smartphone Pentest Framework (SPF). | mobile scanner fuzzer | |
| smbcrunch | 12.313400e | 3 tools that work together to simplify reconaissance of Windows File Shares. | recon scanner | |
| smbexec | 2:59.a54fc14 | A rapid psexec style attack with samba tools. | scanner recon fuzzer exploitation | |
| smbmap | 92.b667382 | A handy SMB enumeration tool. | scanner recon | |
| smbspider | 10.7db9323 | A lightweight python utility for searching SMB/CIFS/Samba file shares. | scanner | |
| smod | 53.7eb8423 | A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. | scanner fuzzer recon dos | |
| smtp-test | 4.1936e5c | Automated testing of SMTP servers for penetration testing. | scanner | |
| smtp-user-enum | 1.2 | Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. | recon scanner | |
| smtp-vrfy | 1.0 | An SMTP Protocol Hacker. | scanner | |
| smtptx | 1.0 | A very simple tool used for sending simple email and do some basic email testing from a pentester perspective. | scanner fuzzer | |
| sn00p | 0.8 | A modular tool written in bourne shell and designed to chain and automate security tools and tests. | automation scanner recon fingerprint networking fuzzer exploitation | |
| sn1per | 1:368.68ef61a | Automated Pentest Recon Scanner. | recon automation scanner cracker | |
| snallygaster | 65.eb1ab88 | Tool to scan for secret files on HTTP servers. | webapp scanner | |
| snmpattack | 1.8 | SNMP scanner and attacking tool. | networking scanner | |
| snmpenum | 1.7 | snmp enumerator | scanner | |
| snmpscan | 0.1 | A free, multi-processes SNMP scanner. | scanner | |
| snoopbrute | 17.589fbe6 | Multithreaded DNS recursive host brute-force tool. | scanner recon | |
| snscan | 1.05 | A Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. | windows scanner | |
| snyk | 1.216.5 | CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. | code-audit scanner | |
| spade | 114 | A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. | windows scanner recon | |
| spaghetti | 4:9.df39a11 | Web Application Security Scanner. | webapp scanner | |
| sparta | 21.b0a4514 | Python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. | scanner cracker fingerprint networking | |
| spiga | 2:623.8bc1ddc | Configurable web resource scanner. | webapp scanner | |
| spipscan | 1:69.4ad3235 | SPIP (CMS) scanner for penetration testing purpose written in Python. | webapp scanner | |
| sploitego | 153.d9568dc | Maltego Penetration Testing Transforms. | fuzzer scanner | |
| sqlivulscan | 249.cc8e657 | This will give you the SQLi Vulnerable Website Just by Adding the Dork. | scanner webapp | |
| ssdp-scanner | 1.0 | SSDP amplification scanner written in Python. Makes use of Scapy. | scanner networking | |
| ssh-audit | 165.22b671e | SSH server auditing (banner, key exchange, encryption, mac, compression, compatbility, etc). | scanner | |
| ssh-user-enum | 7.ae453c1 | SSH User Enumeration Script in Python Using The Timing Attack. | scanner | |
| sshscan | 1:1.0 | A horizontal SSH scanner that scans large swaths of IPv4 space for a single SSH user and pass. | cracker scanner | |
| ssl-hostname-resolver | 1 | CN (Common Name) grabber on X.509 Certificates over HTTPS. | recon scanner | |
| sslcaudit | 524.f218b9b | Utility to perform security audits of SSL/TLS clients. | scanner crypto | |
| ssllabs-scan | 247.e27de93 | Command-line client for the SSL Labs APIs | scanner crypto | |
| sslmap | 0.2.0 | A lightweight TLS/SSL cipher suite scanner. | scanner crypto | |
| sslscan | 1.10.2 | A fast tools to scan SSL services, such as HTTPS to determine the ciphers that are supported | scanner crypto | |
| sticky-keys-hunter | 15.c816fc9 | Script to test an RDP host for sticky keys and utilman backdoor. | scanner | |
| stig-viewer | 2.8 | XCCDF formatted SRGs and STIGs files viewer for SCAP validation tools. | scanner | |
| storm-ring | 0.1 | This simple tool is useful to test a PABX with "allow guest" parameter set to "yes" (in this scenario an anonymous caller could place a call). | voip scanner | |
| striker | 85.87c184d | An offensive information and vulnerability scanner. | scanner recon webapp | |
| strutscan | 4.8712c12 | Apache Struts2 vulnerability scanner written in Perl. | scanner | |
| subbrute | 1.2.1 | A DNS meta-query spider that enumerates DNS records and subdomains | scanner | |
| subdomainer | 1.2 | A tool designed for obtaining subdomain names from public sources. | recon scanner | |
| sublist3r | 133.0812d81 | A Fast subdomains enumeration tool for penetration testers. | recon scanner | |
| subover | 71.3d258e2 | A Powerful Subdomain Takeover Tool. | scanner recon | |
| subscraper | 30.65ae007 | Tool that performs subdomain enumeration through various techniques. | recon scanner | |
| superscan | 4.1 | Powerful TCP port scanner, pinger, resolver. | windows scanner recon | |
| svn-extractor | 39.39941be | A simple script to extract all web resources by means of .SVN folder exposed over network. | scanner | |
| swarm | 1:41.1713c1e | A distributed penetration testing tool. | scanner recon cracker exploitation webapp | |
| synscan | 5.02 | fast asynchronous half-open TCP portscanner | scanner | |
| tachyon-scanner | 454.bca3452 | Fast Multi-Threaded Web Discovery Tool. | scanner | |
| tactical-exploitation | 79.b1be62b | Modern tactical exploitation toolkit. | scanner exploitation recon sniffer | |
| taipan | 2.7 | Web application security scanner. | scanner webapp | |
| testssl | 1:2.9.5 | Testing TLS/SSL encryption. | crypto scanner | |
| testssl.sh | 2.9.5.8 | Testing TLS/SSL encryption | crypto scanner | |
| thc-ipv6 | 3.6 | Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 | networking recon dos spoof scanner | |
| thc-smartbrute | 1.0 | This tool finds undocumented and secret commands implemented in a smartcard. | cracker scanner | |
| tiger | 3.2.3 | A security scanner, that checks computer for known problems. Can also use tripwire, aide and chkrootkit. | automation scanner | |
| tlsenum | 78.787c88b | A command line tool to enumerate TLS cipher-suites supported by a server. | crypto scanner | |
| tlspretense | 1:v0.6.2.r22.g0a5faf4 | SSL/TLS client testing framework | crypto scanner | |
| tlssled | 1.3 | A Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. | automation scanner | |
| topera | 19.3e230fd | An IPv6 security analysis toolkit, with the particularity that their attacks can't be detected by Snort. | scanner networking | |
| torcrawl | 56.0b51037 | Crawl and extract (regular or onion) webpages through TOR network. | webapp scanner | |
| traxss | 81.48dee2e | Automated XSS Vulnerability Scanner. | scanner automation | |
| trivy | 229.438680f | A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. | scanner | |
| typo-enumerator | 81.b01084b | Enumerate Typo3 version and extensions. | webapp scanner | |
| ubiquiti-probing | 5.c28f4c1 | A Ubiquiti device discovery tool. | recon scanner | |
| udsim | 25.df19f07 | A graphical simulator that can emulate different modules in a vehicle and respond to UDS request. | scanner fuzzer automobile | |
| umap | 25.3ad8121 | The USB host security assessment tool. | scanner fuzzer | |
| unicornscan | 0.4.7 | A new information gathering and correlation engine. | scanner | |
| uniscan | 6.3 | A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. | fuzzer scanner webapp | |
| unix-privesc-check | 1.4 | Tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases). | automation scanner | |
| upnp-pentest-toolkit | 1.1 | UPnP Pentest Toolkit for Windows. | windows scanner recon fuzzer | |
| upnpscan | 0.4 | Scans the LAN or a given address range for UPnP capable devices. | scanner | |
| uptux | 33.85ccfd0 | Linux privilege escalation checks (systemd, dbus, socket fun, etc). | scanner | |
| urldigger | 02c | A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code | webapp scanner | |
| uw-loveimap | 0.1 | Multi threaded imap bounce scanner. | scanner | |
| uw-udpscan | 0.1 | Multi threaded udp scanner. | scanner | |
| uw-zone | 0.1 | Multi threaded, randomized IP zoner. | scanner | |
| v3n0m | 318.285c1a7 | A tool to automate mass SQLi d0rk scans and Metasploit Vulns. | scanner | |
| vais | 17.5c35c3a | SWF Vulnerability & Information Scanner. | scanner | |
| vane | 1899.48f9ab5 | A vulnerability scanner which checks the security of WordPress installations using a black box approach. | scanner webapp fuzzer | |
| vanguard | 0.1 | A comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. | webapp scanner | |
| vbrute | 1.11dda8b | Virtual hosts brute forcer. | recon scanner | |
| vbscan | 1:39.2b1ce48 | A black box vBulletin vulnerability scanner written in perl. | webapp fuzzer scanner | |
| vcsmap | 47.3889964 | A plugin-based tool to scan public version control systems for sensitive information. | scanner | |
| vhostscan | 331.0a7137d | A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. | scanner | |
| videosnarf | 0.63 | A new security assessment tool for pcap analysis | scanner | |
| viproy-voipkit | 1:81.427f26e | VoIP Pen-Test Kit for Metasploit Framework | exploitation fuzzer scanner | |
| visql | 49.3082e30 | Scan SQL vulnerability on target site and sites of on server. | scanner webapp | |
| vsaudit | 21.2cbc47b | VOIP Security Audit Framework. | voip scanner fuzzer | |
| vscan | 10.da4e47e | HTTPS / Vulnerability scanner. | scanner | |
| vsvbp | 6.241a7ab | Black box tool for Vulnerability detection in web applications. | webapp scanner | |
| vulmap | 75.cb228e6 | Vulmap Online Local Vulnerability Scanners Project | scanner fingerprint recon | |
| vulnerabilities-spider | 1.426e70f | A tool to scan for web vulnerabilities. | webapp scanner | |
| vulnx | 286.9ddc7f6 | Cms and vulnerabilites detector & An intelligent bot auto shell injector. | webapp scanner fingerprint recon | |
| vuls | 948.69214e0 | Vulnerability scanner for Linux/FreeBSD, agentless, written in Go. | scanner | |
| vulscan | 2.0 | A module which enhances nmap to a vulnerability scanner | scanner fuzzer | |
| w13scan | 294.0e4668f | Passive Security Scanner. | webapp scanner fuzzer | |
| w3af | 1.6.49 | Web Application Attack and Audit Framework. | fuzzer scanner webapp | |
| waffit | 202.d28dc3d | Identify and fingerprint Web Application Firewall (WAF) products protecting a website. | scanner webapp | |
| wafw00f | 445.a95a942 | Identify and fingerprint Web Application Firewall (WAF) products protecting a website. | scanner webapp | |
| waldo | 29.ee4f960 | A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. | recon scanner | |
| wapiti | 3.0.2 | A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... | fuzzer scanner webapp | |
| wascan | 1:27.bd25246 | Web Application Scanner. | webapp scanner | |
| webanalyze | 57.ab86050 | Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. | webapp recon scanner fingerprint | |
| webborer | 165.184c862 | A directory-enumeration tool written in Go. | webapp scanner | |
| webenum | 21.24b43b4 | Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers. | scanner webapp | |
| webhunter | 12.918b606 | Tool for scanning web applications and networks and easily completing the process of collecting knowledge. | scanner webapp | |
| webpwn3r | 35.3fb27bb | A python based Web Applications Security Scanner. | scanner webapp | |
| webrute | 3.3 | Web server directory brute forcer. | scanner webapp | |
| webscarab | 20120422.001828 | Framework for analysing applications that communicate using the HTTP and HTTPS protocols | fuzzer proxy scanner webapp | |
| webshag | 1.10 | A multi-threaded, multi-platform web server audit tool. | fuzzer scanner webapp | |
| websploit | 3.0.0 | An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks | exploitation fuzzer scanner social | |
| webtech | 1.2.7 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
| webxploiter | 56.c03fe6b | An OWASP Top 10 Security scanner. | webapp exploitation fuzzer scanner | |
| whatwaf | 333.2746ca1 | Detect and bypass web application firewalls and protection systems. | webapp scanner | |
| whitewidow | 605.4f27bfe | SQL Vulnerability Scanner. | scanner | |
| wifiscanmap | 135.9adcd08 | Another wifi mapping tool. | wireless scanner | |
| wig | 574.d5ddd91 | WebApp Information Gatherer. | webapp scanner recon | |
| winfo | 2.0 | Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. | windows recon scanner | |
| witchxtool | 1.1 | A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. | webapp scanner exploitation fuzzer | |
| wnmap | 0.1 | A shell script written with the purpose to automate and chain scans via nmap. You can run nmap with a custom mode written by user and create directories for every mode with the xml/nmap files inside. | automation scanner | |
| wolpertinger | 2.58ef8e2 | A distributed portscanner. | scanner | |
| wordpresscan | 67.7485ef1 | WPScan rewritten in Python + some WPSeku ideas. | scanner webapp | |
| wpintel | 6.741c0c9 | Chrome extension designed for WordPress Vulnerability Scanning and information gathering. | webapp scanner fingerprint | |
| wpscan | 1:3.7.5 | Black box WordPress vulnerability scanner | webapp fuzzer scanner | |
| wpseku | 2:35.69a71ed | Simple Wordpress Security Scanner. | webapp scanner | |
| wpsik | 8.8d3856b | WPS scan and pwn tool. | wireless scanner | |
| wups | 1.4 | An UDP port scanner for Windows. | windows scanner | |
| x-scan | 3.3 | A general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. | windows scanner | |
| xattacker | 89.fb2f38f | Website Vulnerability Scanner & Auto Exploiter. | webapp scanner blackarck-exploitation | |
| xcname | 11.9c475a1 | A tool for enumerating expired domains in CNAME records. | scanner | |
| xpire-crossdomain-scanner | 1.0cb8d3b | Scans crossdomain.xml policies for expired domain names. | scanner | |
| xsrfprobe | 442.d2e0f54 | The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. | webapp scanner | |
| xsscon | 31.a285547 | Simple XSS Scanner tool. | webapp scanner | |
| xsspy | 58.b941d10 | Web Application XSS Scanner. | webapp scanner | |
| xsss | 0.40b | A brute force cross site scripting scanner. | webapp fuzzer scanner | |
| xssscan | 1:17.7f1ea90 | Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS. | webapp scanner fuzzer | |
| xsstracer | 5.f2ed21a | Python script that checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection. | scanner | |
| xsstrike | 444.45e2d47 | An advanced XSS detection and exploitation suite. | webapp scanner | |
| xssya | 1:13.cd62817 | A Cross Site Scripting Scanner & Vulnerability Confirmation. | webapp scanner | |
| xwaf | 154.31c5944 | Automatic WAF bypass tool. | webapp scanner | |
| yaaf | 7.4d6273a | Yet Another Admin Finder. | webapp scanner | |
| yasat | 848 | Yet Another Stupid Audit Tool. | scanner recon fingerprint | |
| yasuo | 121.994dcb1 | A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. | webapp scanner | |
| yawast | 952.121ea62 | The YAWAST Antecedent Web Application Security Toolkit. | webapp scanner fuzzer | |
| ycrawler | 0.1 | A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. | webapp scanner proxy | |
| yersinia | 0.8.2 | A network tool designed to take advantage of some weakness in different network protocols. | networking scanner | |
| zackattack | 5.1f96c14 | A new tool set to do NTLM Authentication relaying unlike any other tool currently out there. | networking scanner cracker | |
| zeus | 111.97db152 | AWS Auditing & Hardening Tool. | defensive scanner | |
| zmap | 2.1.1 | Fast network scanner designed for Internet-wide network surveys | scanner |