Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More

Jfscan – A Super Fast And Customisable Port Scanner, Based On Masscan And NMap

  Killing features Scan with nmap fast! Allows you to scan targets with Masscan and run Nmap on discovered ports with possibility of custom options. Nmap on steroids. * Allows to scan targets in multiple formats. Can output results in domain:port format. Works in stdin/stdout mode, so you can pipe results to other tools. TheRead More

Skanuvaty – Dangerously Fast DNS/network/port Scanner

Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we’ll find everything about it. Features: Finds subdomains from root domain Finds IPs for subdomains Checks what ports are open on those IPs (Notice: not yet implemented) Outputs a handy .json file with all the data for further investigation. Runs as fast as your computer/network/DNSRead More

Request_Smuggler – Http Request Smuggling Vulnerability Scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE: request_smuggler [OPTIONS] –url <url>FLAGS: -h, –help Prints help information -V, –version Prints version informationOPTIONS: –amount-of-payloads <amount-of-payloads> low/medium/all [default: low] -t, –attack-types <attack-types> [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: “ClTeTime”Read More

WSVuls – Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More

GONET-Scanner – Golang Network Scanner With Arp Discovery And Own Parser

ScreenShots Install chmod +x install.sh./install.sh [as root] Usage ARP Discovery -ar CIDR -s: Scan ports in all hosts discovered -ap: Scan to 65535 Ports -pr MINPORT MAXPORT: Define Port Range to Scan -1000: Scan Top 1000 ports (like nmap) -t: Set Timeout (in milliseconds) [EXAMPLES] go run scannerport.go -ap <IP>: Allports TCP Scan go runRead More

Boko – Application Hijack Scanner For macOS

boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system forRead More

Droopescan – A Plugin-Based Scanner That Aids Security Researchers In Identifying Issues With Several CMSs, Mainly Drupal And Silverstripe

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused byRead More