amass
nuclei
Our great sponsors
amass | nuclei | |
---|---|---|
19 | 17 | |
11,158 | 17,148 | |
2.9% | 3.2% | |
7.5 | 9.8 | |
7 days ago | 1 day ago | |
Go | Go | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
amass
-
amass VS dmut - a user suggested alternative
2 projects | 29 Nov 2023
-
findomain VS amass - a user suggested alternative
2 projects | 24 Nov 2023
- In-depth attack surface mapping and asset discovery
- 10. 使用工具帮你进行开源情报收集
-
Looking for Recommendations for New Vulnerability & PHI/PII Scanner
OWASP Zap, OWASP Amass, OpenVAS Scanner
-
Can authenticated internet-facing web app be discovered if not indexed by search engines?
My main source is Certificate Transparency, which is kind of a database of TLS certs created so far. But use external tools like Subfinder or Amass.
-
Millions of .git folders exposed publicly by mistake
Scan our domains and infrastructure to reveal if we have exposed.git repositories and other critical infrastructure. You can scan your domains and subdomains with many tools such as Amass or dirsearch to name a couple.
-
Tools for subdomain brute forcing
Amass = https://github.com/OWASP/Amass
- RustScan/RustScan: 🤖 The Modern Port Scanner 🤖
- OWASP/Amass: In-depth Attack Surface Mapping and Asset Discovery
nuclei
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
Nuclei
- Show HN: Oneleet – Penetration Testing for SoC 2 and beyond
-
Looking for short-term, resource intensive tasks to throw at a cloud server
If you own any web properties, you can use https://github.com/projectdiscovery/nuclei running in a beefy VM to scan them for vulnerabilities. It will scale to use all available resources if you give it a big box.
-
Pentesting Tools I Use Everyday
Learn more about nuclei here: https://nuclei.projectdiscovery.io/
-
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
Read about how I was able to find 136 Sub-domain Takeover vulnerabilities on a Single Target using the Nuclei tool 👉👉👉Click Here - How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
-
How to develope a Network Vuln Scanner
I’d look at flan and nmap and nuclei for inspiration.
-
Thoughts on Vuln scanning public facing websites/hosts during an incident?
Had an idea to leverage the community vuln scanner Nuclei (https://nuclei.projectdiscovery.io/) to just run a quick scan against the public facing hostname/IP. The job isn't supposed to be "hey you're vulnerable to xyz, but to aid in the discovering initial access. I believe this would be considered "good faith" and you're not technically be doing anything nefarious, but wanted to get the communities thoughts on this.
- Nuclei – Community Powered Vulnerability Scanner
-
Log4J Network Scanning/Detection on a 100k+ Node Network
Check out Nuclei (https://github.com/projectdiscovery/nuclei)
What are some alternatives?
subfinder - Fast passive subdomain enumeration tool.
jaeles - The Swiss Army knife for automated Web Application Testing
assetfinder - Find domains and subdomains related to a given domain
ZAP - The ZAP core project
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
SQLMap - Automatic SQL injection and database takeover tool
theHarvester - E-mails, subdomains and names Harvester - OSINT
ffuf - Fast web fuzzer written in Go
spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
RustScan - 🤖 The Modern Port Scanner 🤖
Network-segmentation-cheat-sheet - Best practices for segmentation of the corporate network of any company
osmedeus - A Workflow Engine for Offensive Security