Scanners-Box：開(kāi)源掃描器大全 2017-05-2。

Scanners-Box是一個(gè)集合github平臺(tái)上的安全行業(yè)從業(yè)人員自研開(kāi)源掃描器的倉(cāng)庫(kù)，包括子域名枚舉、數(shù)據(jù)庫(kù)漏洞掃描、弱口令或信息泄漏掃描、端口掃描、指紋識(shí)別以及其他大型掃描器或模塊化掃描器; 該倉(cāng)庫(kù)只收錄各位網(wǎng)友自己編寫(xiě)的一般性開(kāi)源掃描器，類似nmap、w3af、brakeman等知名掃描工具不收錄 。

子域名枚舉

https://github.com/lijiejie/subDomainsBrute (經(jīng)典的子域名爆破枚舉腳本) https://github.com/ring04h/wydomain (子域名字典窮舉) https://github.com/le4f/dnsmaper (子域名枚舉與地圖標(biāo)記) https://github.com/0xbug/orangescan (在線子域名信息收集工具) https://github.com/TheRook/subbrute (根據(jù)DNS記錄查詢子域名) https://github.com/We5ter/GSDF (基于谷歌SSL透明證書(shū)的子域名查詢腳本) https://github.com/mandatoryprogrammer/cloudflare_enum (使用CloudFlare進(jìn)行子域名枚舉的腳本) https://github.com/18F/domain-scan (A domain scanner) https://github.com/guelfoweb/knock (Knock Subdomain Scan) https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker (多方式收集目標(biāo)子域名信息) https://github.com/code-scan/BroDomain (兄弟域名查詢) https://github.com/chuhades/dnsbrute (基于dns查詢的子域名枚舉)

數(shù)據(jù)庫(kù)掃描

https://github.com/0xbug/SQLiScanner (一款基于SQLMAP和Charles的被動(dòng)SQL注入漏洞掃描工具) https://github.com/stamparm/DSSS (99行代碼實(shí)現(xiàn)的sql注入漏洞掃描器) https://github.com/LoRexxar/Feigong (針對(duì)各種情況自由變化的MySQL注入腳本) https://github.com/youngyangyang04/NoSQLAttack (一款針對(duì)mongoDB的攻擊工具) https://github.com/Neohapsis/bbqsql (SQL盲注利用框架) https://github.com/NetSPI/PowerUpSQL (攻擊SQLSERVER的Powershell腳本框架) https://github.com/WhitewidowScanner/whitewidow (又一款數(shù)據(jù)庫(kù)掃描器) https://github.com/stampery/mongoaudit (MongoDB審計(jì)及滲透工具) https://github.com/torque59/Nosql-Exploitation-Framework (NoSQL掃描/爆破工具)

弱口令或信息泄漏掃描

https://github.com/lijiejie/htpwdScan (一個(gè)簡(jiǎn)單的HTTP暴力破解、撞庫(kù)攻擊腳本) https://github.com/lijiejie/BBScan (一個(gè)迷你的信息泄漏批量掃描腳本) https://github.com/lijiejie/GitHack (.git文件夾泄漏利用工具) https://github.com/wilson9x1/fenghuangscanner_v3 (端口及弱口令檢測(cè)) https://github.com/ysrc/F-Scrack (對(duì)各類服務(wù)進(jìn)行弱口令檢測(cè)的腳本) https://github.com/Mebus/cupp (根據(jù)用戶習(xí)慣生成弱口令探測(cè)字典腳本) https://github.com/RicterZ/genpAss (中國(guó)特色的弱口令生成器) https://github.com/netxfly/crack_ssh (go寫(xiě)的協(xié)程版的ssh\redis\mongodb弱口令破解工具) https://github.com/n0tr00t/Sreg (通過(guò)輸入email、phone、username的返回用戶注冊(cè)的所有互聯(lián)網(wǎng)護(hù)照信息) https://github.com/repoog/GitPrey (GitHub敏感信息掃描工具) https://github.com/dxa4481/truffleHog (GitHub敏感信息掃描工具,包括檢測(cè)commit等) https://github.com/LandGrey/pydictor (暴力破解字典建立工具)

物聯(lián)網(wǎng)設(shè)備掃描

https://github.com/rapid7/IoTSeeker (物聯(lián)網(wǎng)設(shè)備默認(rèn)密碼掃描檢測(cè)工具) https://github.com/shodan-labs/iotdb (使用nmap掃描IoT設(shè)備) https://github.com/jh00nbr/Routerhunter-2.0 (路由器設(shè)備漏洞掃描利用) https://github.com/scu-igroup/telnet-scanner (telnet服務(wù)密碼撞庫(kù))

XSS掃描

https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer) https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing) https://github.com/0x584A/fuzzXssPHP (PHP版本的反射型xss掃描) https://github.com/chuhades/xss_scan (批量掃描xss的python腳本) https://github.com/BlackHole1/autoFindXssAndCsrf (自動(dòng)化檢測(cè)頁(yè)面是否存在XSS和CSRF漏洞的瀏覽器插件) https://github.com/UltimateHackers/XSSight (自動(dòng)化XSS掃描)

企業(yè)網(wǎng)絡(luò)自檢

https://github.com/sowish/LNScan (詳細(xì)的內(nèi)部網(wǎng)絡(luò)信息掃描器) https://github.com/SkyLined/LocalNetworkScanner (javascript實(shí)現(xiàn)的本地網(wǎng)絡(luò)掃描器) https://github.com/ysrc/xunfeng (網(wǎng)絡(luò)資產(chǎn)識(shí)別引擎，漏洞檢測(cè)引擎) https://github.com/laramies/theHarvester (企業(yè)被搜索引擎收錄敏感資產(chǎn)信息監(jiān)控腳本：?jiǎn)T工郵箱、子域名、Hosts) https://github.com/x0day/Multisearch-v2 (bing、google、360、zoomeye等搜索引擎聚合搜索，可用于發(fā)現(xiàn)企業(yè)被搜索引擎收錄的敏感資產(chǎn)信息)

webshell檢測(cè)以及病毒分析工具

https://github.com/We5ter/Scanners-Box/tree/master/webshell/ (簡(jiǎn)單的php后門(mén)檢測(cè)工具以及webshell樣本庫(kù)) https://github.com/ym2011/ScanBackdoor (Webshell掃描工具) https://github.com/yassineaddi/BackdoorMan (A toolkit find malicious, hidden and suspicious PHP scripts and shells in a chosen destination) https://github.com/he1m4n6a/findWebshell (又一款webshell檢測(cè)工具) https://github.com/Tencent/HaboMalHunter (哈勃分析系統(tǒng)，linux系統(tǒng)病毒分析及安全檢測(cè)) https://github.com/PlagueScanner/PlagueScanner (使用python實(shí)現(xiàn)的集成ClamAV、ESET、Bitdefender的反病毒引擎) https://github.com/nbs-system/php-malware-finder (一款高效率PHP-webshell掃描工具) https://github.com/emposha/PHP-Shell-Detector/ (測(cè)試效率高達(dá)99%的webshell檢測(cè)工具)

內(nèi)網(wǎng)滲透

https://github.com/0xwindows/VulScritp (企業(yè)內(nèi)網(wǎng)滲透腳本，包括banner掃描、端口掃描;phpmyadmin、jenkins等通用漏洞利用等) https://github.com/lcatro/network_backdoor_scanner (基于網(wǎng)絡(luò)流量的內(nèi)網(wǎng)探測(cè)框架) https://github.com/fdiskyou/hunter (調(diào)用 Windows API 枚舉用戶登錄信息) https://github.com/BlackHole1/WebRtcXSS (自動(dòng)化利用XSS入侵內(nèi)網(wǎng))

端口掃描、指紋識(shí)別以及中間件掃描

https://github.com/ring04h/wyportmap (目標(biāo)端口掃描+系統(tǒng)服務(wù)指紋識(shí)別) https://github.com/ring04h/weakfilescan (動(dòng)態(tài)多線程敏感信息泄露檢測(cè)工具) https://github.com/EnableSecurity/wafw00f (WAF產(chǎn)品指紋識(shí)別) https://github.com/rbsec/sslscan (ssl類型識(shí)別) https://github.com/urbanadventurer/whatweb (web指紋識(shí)別) https://github.com/tanjiti/FingerPrint (web應(yīng)用指紋識(shí)別) https://github.com/nanshihui/Scan-T (網(wǎng)絡(luò)爬蟲(chóng)式指紋識(shí)別) https://github.com/OffensivePython/Nscan (a fast Network scanner inspired by Masscan and Zmap) https://github.com/ywolf/F-NAScan (網(wǎng)絡(luò)資產(chǎn)信息掃描, ICMP存活探測(cè),端口掃描，端口指紋服務(wù)識(shí)別) https://github.com/ywolf/F-MiddlewareScan (中間件掃描) https://github.com/maurosoria/dirsearch (Web path scanner) https://github.com/x0day/bannerscan (C段Banner與路徑掃描) https://github.com/RASSec/RASscan (端口服務(wù)掃描) https://github.com/3xp10it/bypass_waf (waf自動(dòng)暴破) https://github.com/3xp10it/xcdn (嘗試找出cdn背后的真實(shí)ip) https://github.com/Xyntax/BingC (基于Bing搜索引擎的C段/旁站查詢，多線程，支持API) https://github.com/Xyntax/DirBrute (多線程WEB目錄爆破工具) https://github.com/zer0h/httpscan (一個(gè)爬蟲(chóng)式的網(wǎng)段Web主機(jī)發(fā)現(xiàn)小工具) https://github.com/lietdai/doom (thorn上實(shí)現(xiàn)的分布式任務(wù)分發(fā)的ip端口漏洞掃描器) https://github.com/chichou/grab.js (類似 zgrab 的快速 TCP 指紋抓取解析工具，支持更多協(xié)議) https://github.com/Nitr4x/whichCDN (CDN識(shí)別、檢測(cè)) https://github.com/secfree/bcrpscan (基于爬蟲(chóng)的web路徑掃描器) https://github.com/mozilla/ssh_scan (服務(wù)器ssh配置信息掃描)

專用掃描器

https://github.com/blackye/Jenkins (Jenkins漏洞探測(cè)、用戶抓取爆破) https://github.com/code-scan/dzscan (discuz掃描) https://github.com/chuhades/CMS-Exploit-Framework (CMS攻擊框架) https://github.com/lijiejie/IIS_shortname_Scanner (an IIS shortname Scanner) https://github.com/riusksk/FlashScanner (flashxss掃描) https://github.com/coffeehb/SSTIF (一個(gè)Fuzzing服務(wù)器端模板注入漏洞的半自動(dòng)化工具) https://github.com/epinna/tplmap (服務(wù)器端模板注入漏洞檢測(cè)與利用工具) https://github.com/cr0hn/dockerscan (docker掃描工具)

無(wú)線網(wǎng)絡(luò)滲透、掃描

https://github.com/savio-code/fern-wifi-cracker/ (無(wú)線安全審計(jì)工具) https://github.com/m4n3dw0lf/PytheM (Python網(wǎng)絡(luò)/滲透測(cè)試工具) https://github.com/P0cL4bs/WiFi-Pumpkin (無(wú)線安全滲透測(cè)試套件)

代碼靜態(tài)掃描、代碼運(yùn)行棧跟蹤

https://github.com/wufeifei/cobra (白盒代碼安全審計(jì)系統(tǒng)) https://github.com/OneSourceCat/phpvulhunter (靜態(tài)php代碼審計(jì)) https://github.com/Qihoo360/phptrace (跟蹤、分析PHP運(yùn)行情況的工具) https://github.com/ajinabraham/NodeJsScan (NodeJS應(yīng)用代碼審計(jì))

模塊化掃描、綜合掃描器

https://github.com/az0ne/AZScanner (自動(dòng)漏洞掃描器，子域名爆破，端口掃描，目錄爆破，常用框架漏洞檢測(cè)) https://github.com/blackye/lalascan (自主開(kāi)發(fā)的分布式web漏洞掃描框架，集合owasp top10漏洞掃描和邊界資產(chǎn)發(fā)現(xiàn)能力) https://github.com/blackye/BkScanner (BkScanner 分布式、插件化web漏洞掃描器) https://github.com/ysrc/GourdScanV2 (被動(dòng)式漏洞掃描) https://github.com/alpha1e0/pentestdb (WEB滲透測(cè)試數(shù)據(jù)庫(kù)) https://github.com/netxfly/passive_scan (基于http代理的web漏洞掃描器) https://github.com/1N3/Sn1per (自動(dòng)化掃描器，包括中間件掃描以及設(shè)備指紋識(shí)別) https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自動(dòng)化滲透測(cè)試工具) https://github.com/3xp10it/3xp10it (自動(dòng)化滲透測(cè)試框架) https://github.com/Lcys/lcyscan (掃描效果未驗(yàn)證) https://github.com/Xyntax/POC-T (滲透測(cè)試插件化并發(fā)框架) https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns) https://github.com/Skycrab/leakScan (web端的在線漏洞掃描) https://github.com/zhangzhenfeng/AnyScan (開(kāi)發(fā)中…)

APT

https://github.com/Neo23x0/Loki (一款A(yù)PT入侵痕跡掃描器)

收集目的

本倉(cāng)庫(kù)收集的初衷是為向各類企業(yè)安全從業(yè)人員提供在企業(yè)信息安全防護(hù)體系建設(shè)過(guò)程中可以參考的開(kāi)源安全掃描工具，以期望企業(yè)能夠利用這些掃描器對(duì)自身業(yè)務(wù)進(jìn)行自檢，從而提高自身業(yè)務(wù)安全性

項(xiàng)目維護(hù)

Wester(sina weibo@西風(fēng)微雨_Wester) && Martin (sina weibo@Mart1n_ZHOU)