masscan_as_a_service
arachni
masscan_as_a_service | arachni | |
---|---|---|
3 | 2 | |
22 | 3,647 | |
- | 0.6% | |
0.0 | 1.5 | |
over 1 year ago | 12 months ago | |
Python | Ruby | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
masscan_as_a_service
-
Git scraping: track changes over time by scraping to a Git repository
I use this approach for monitoring open ports in our infrastructure -- running masscan, commiting results to git repo. If there are changes, open the merge request for review. During the review, one would investigate the actual server, why there was change in open ports.
https://github.com/bobek/masscan_as_a_service
-
Self-Host Vulnerability Scanner
We typically use a variant of https://github.com/bobek/masscan_as_a_service
-
Masscan: Scan the entire Internet in under 5 minutes
Massacan is awesome. One of the usecases is to periodically scan your own servers to see if you have not accidentally opened some new ports in firewalls.
https://github.com/bobek/masscan_as_a_service
arachni
- Self-Host Vulnerability Scanner
-
Why are there so many Rails related posts here?
This is something that kind of annoys me; there's even a /r/rails sub-reddit specifically for Ruby on Rails stuff. Understandably Rails helped put Ruby on the map. Before Rails, Ruby was just another fringe language. Rails became massively popular, helped many startups quickly build their Web 2.0 sites, and become successful companies (ex: GitHub, LinkedIn, AirBnB, etc). Like others have said, "Rails is where the money is at". However, this posses a problem for the Ruby community: whenever Rails becomes less popular, so does Ruby. I wish the Ruby ecosystem wasn't so heavily centralized around Rails, and that we diversified our uses of Ruby a bit. There's of course Sinatra, dry-rb, Hanami, Dragon Ruby, SciRuby, and a dozen security tools written in Ruby such as Metasploit, BeFF, Arachni, and Ronin.
What are some alternatives?
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
ronin - Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories.
zdns - Fast CLI DNS Lookup Tool
distribution - Probability distributions for Ruby.
github-actions - Infromation and tips regarding GitHub Actions
BeEF - The Browser Exploitation Framework Project
bbcrss - Scrapes the headlines from BBC News indexes every five minutes
Metasploit - Metasploit Framework
xssmap - Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
ronin-vulns - Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Hanami - The web, with simplicity.