Shulou(Shulou.com)06/01 Report--

Subdomain name enumeration class https://github.com/lijiejie/subDomainsBrute (classic subdomain name enumeration script) https://github.com/ring04h/wydomain (subdomain name dictionary exhaustion) https://github.com/le4f/dnsmaper (subdomain name enumeration and map tagging) https://github.com/0xbug/orangescan (online subdomain name information collection tool) https://github.com/TheRook/subbrute (query subdomain name based on DNS record ) https://github.com/We5ter/GoogleSSLdomainFinder (subdomain name query script based on Google SSL transparent certificate) https://github.com/mandatoryprogrammer/cloudflare_enum (script for enumerating subdomain names using CloudFlare) https://github.com/18F/domain-scan (A domain scanner) https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker (collecting target subdomain name information in multiple ways) Database vulnerability scanning class https: / / github.com/0xbug/SQLiScanner (a passive SQL injection vulnerability scanning tool based on SQLMAP and Charles) https://github.com/stamparm/DSSS (sql injection vulnerability scanner implemented in 99 lines of code) https://github.com/LoRexxar/Feigong (freely changing MySQL injection script for various situations) https://github.com/youngyangyang04/NoSQLAttack (a * tool for mongoDB) https://github.com/Neohapsis / bbqsql (SQL blind injection utilization framework) https://github.com/NetSPI/PowerUpSQL (Powershell scripting framework for SQLSERVER) weak passwords or information leak scanning https://github.com/lijiejie/htpwdScan (a simple HTTP brute force cracking, Hit Library * script) https://github.com/lijiejie/BBScan (a mini information disclosure batch scan script) https://github.com/lijiejie/GitHack (.git folder leak utilization tool) https://github.com/wilson9x1/fenghuangscanner_v3 (port and weak password detection) https://github.com/ysrc/F-Scrack (script for weak password detection for various services) https://github.com / Mebus/cupp (generate weak password detection dictionary script according to user habits) https://github.com/RicterZ/genpAss (weak password generator with Chinese characteristics) https://github.com/netxfly/crack_ssh (ssh\ redis\ mongodb weak password cracking tool written by go) Internet of things device scanning https://github.com/rapid7/IoTSeeker (default password scanning detection tool for Internet of things) https://github .com/shodan-labs/iotdb (scanning IoT devices using nmap) xss scanner https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer) https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing) https://github.com/0x584A/fuzzXssPHP (PHP version of reflective xss scan) https://github.com/chuhades/xss_scan (bulk scan xss python script) Enterprise Network self-Test https:/ / github.com/sowish/LNScan (detailed internal network information scanner) https://github.com/ysrc/xunfeng (network asset identification engine Vulnerability detection engine) https://github.com/SkyLined/LocalNetworkScanner (local network scanner implemented by javascript) https://github.com/laramies/theHarvester (enterprise search engine includes sensitive asset information monitoring scripts: employee mailbox, subdomain name, Hosts) https://github.com/x0day/Multisearch-v2 (bing, google, 360,360, zoomeye and other search engines aggregate search Can be used to find sensitive asset information included by search engines) webshell detection https://github.com/We5ter/Scanners-Box/tree/master/Find_webshell/ (php backdoor detection, the script is relatively simple Therefore, there are problems of high false positives and inefficiency) https://github.com/yassineaddi/BackdoorMan (A toolkit find malicious, hidden and suspicious PHP scripts and shells ina chosen destination) intranet * https://github.com/0xwindows/VulScritp (Intranet * script, including banner scan, port scan) General vulnerabilities such as phpmyadmin, jenkins, etc.) https://github.com/lcatro/network_backdoor_scanner (intranet detection framework based on network traffic) https://github.com/fdiskyou/hunter (call Windows API to enumerate user login information) middleware scanning, Fingerprint recognition class https://github.com/ring04h/wyportmap (target port scan + system service fingerprint identification) https://github.com/ring04h/weakfilescan (dynamic multithreaded sensitive information leak detection tool) https://github.com/EnableSecurity/wafw00f (WAF product fingerprint identification) https://github.com/rbsec/sslscan (ssl type identification) https://github.com/urbanadventurer/whatweb (web fingerprint identification) https:/ / github.com/tanjiti/FingerPrint (web Application fingerprint Identification) https://github.com/nanshihui/Scan-T (Web Crawler fingerprint Identification) https://github.com/OffensivePython/Nscan (a fast Network scanner inspired by Masscan and Zmap) https://github.com/ywolf/F-NAScan (Network Asset Information scanning ICMP Survival Detection, Port scan Port fingerprint service identification) https://github.com/ywolf/F-MiddlewareScan (middleware scanning) https://github.com/maurosoria/dirsearch (Web path scanner) https://github.com/x0day/bannerscan (C segment Banner and path scanning) https://github.com/RASSec/RASscan (port service scanning) https://github.com/3xp10it/bypass_waf (waf automatic burst) https://github.com/3xp10it/mytools/blob/master / xcdn.py (get the real ip behind cdn) https://github.com/Xyntax/BingC (C segment / sideline query based on Bing search engine Multithreading Support for API) https://github.com/Xyntax/DirBrute (multithreaded WEB directory blasting tool) https://github.com/zer0h/httpscan (a crawler-like Web host discovery gadget) https://github.com/lietdai/doom (ip port vulnerability scanner for distributed task distribution implemented on thorn) dedicated scanner https://github.com/blackye/Jenkins (Jenkins vulnerability detection, User crawl burst) https://github.com/code-scan/dzscan (discuz scan) https://github.com/chuhades/CMS-Exploit-Framework (CMS*** Framework) https://github.com/lijiejie/IIS_shortname_Scanner (an IIS shortname Scanner) https://github.com/We5ter/Scanners-Box/tree/master/FlashScanner.pl (flashxss scan) https://github.com/coffeehb/SSTIF (a Fuzzing server-side template injection vulnerability Semi-automated tools) Wireless Network https://github.com/savio-code/fern-wifi-cracker/ (Wireless Security Audit tool) https://github.com/m4n3dw0lf/PytheM (Python Network / * Test tool) https://github.com/P0cL4bs/WiFi-Pumpkin (Wireless Security * Test Suite) Integrated https://github.com/az0ne/AZScanner (automatic vulnerability Scanner) Subdomain name blasting, port scanning, directory blasting, common framework vulnerability detection) https://github.com/blackye/lalascan (self-developed distributed web vulnerability scanning framework Aggregate owasp top10 vulnerability scanning and boundary asset discovery capabilities) https://github.com/blackye/BkScanner (BkScanner distributed, Plug-in web vulnerability Scanner) https://github.com/ysrc/GourdScanV2 (passive vulnerability scanning) https://github.com/alpha1e0/pentestdb (WEB*** Test Database) https://github.com/netxfly/passive_scan (web vulnerability Scanner based on http Agent) https://github.com/1N3/Sn1per (Automated Scanner) Including middleware scanning and device fingerprint identification) https://github.com/RASSec/pentestEr_Fully-automatic-scanner (directional fully automated * * testing tool) https://github.com/3xp10it/3xp10it (3xp10it automated * * testing framework) https://github.com/Lcys/lcyscan (python plug-in vulnerability scanner) https://github.com/Xyntax/POC-T (* * test plug-in concurrency framework ) Struts vulnerability scanning http://pan.baidu.com/s/1qXR9XSC (struts series scanner for K8)

Original link: http://www.test404.com/post-1298.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.