masscan_as_a_service
xssmap
masscan_as_a_service | xssmap | |
---|---|---|
3 | 1 | |
23 | 145 | |
- | 0.7% | |
0.0 | 10.0 | |
over 2 years ago | about 2 years ago | |
Python | Python | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
masscan_as_a_service
-
Git scraping: track changes over time by scraping to a Git repository
I use this approach for monitoring open ports in our infrastructure -- running masscan, commiting results to git repo. If there are changes, open the merge request for review. During the review, one would investigate the actual server, why there was change in open ports.
https://github.com/bobek/masscan_as_a_service
-
Self-Host Vulnerability Scanner
We typically use a variant of https://github.com/bobek/masscan_as_a_service
-
Masscan: Scan the entire Internet in under 5 minutes
Massacan is awesome. One of the usecases is to periodically scan your own servers to see if you have not accidentally opened some new ports in firewalls.
https://github.com/bobek/masscan_as_a_service
xssmap
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
What are some alternatives?
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
dheater - D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
zdns - Fast DNS Lookup Library and CLI Tool
oxo - OXO is a security scanning orchestrator for the modern age.
netscan - A fast TCP port scanner
embark - EMBArk - The firmware security scanning environment
github-actions - Infromation and tips regarding GitHub Actions
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
bbcrss - Scrapes the headlines from BBC News indexes every five minutes
bandit - Bandit is a tool designed to find common security issues in Python code.
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.