nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL. (by projectdiscovery)
amass
In-depth attack surface mapping and asset discovery (by owasp-amass)
| nuclei | amass | |
|---|---|---|
| 17 | 19 | |
| 17,293 | 11,206 | |
| 2.2% | 1.2% | |
| 9.8 | 6.9 | |
| 1 day ago | 20 days ago | |
| Go | Go | |
| MIT License | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nuclei
Posts with mentions or reviews of nuclei.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-22.
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
Nuclei
- Show HN: Oneleet – Penetration Testing for SoC 2 and beyond
-
Looking for short-term, resource intensive tasks to throw at a cloud server
If you own any web properties, you can use https://github.com/projectdiscovery/nuclei running in a beefy VM to scan them for vulnerabilities. It will scale to use all available resources if you give it a big box.
-
Pentesting Tools I Use Everyday
Learn more about nuclei here: https://nuclei.projectdiscovery.io/
-
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
Read about how I was able to find 136 Sub-domain Takeover vulnerabilities on a Single Target using the Nuclei tool 👉👉👉Click Here - How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
-
How to develope a Network Vuln Scanner
I’d look at flan and nmap and nuclei for inspiration.
-
Thoughts on Vuln scanning public facing websites/hosts during an incident?
Had an idea to leverage the community vuln scanner Nuclei (https://nuclei.projectdiscovery.io/) to just run a quick scan against the public facing hostname/IP. The job isn't supposed to be "hey you're vulnerable to xyz, but to aid in the discovering initial access. I believe this would be considered "good faith" and you're not technically be doing anything nefarious, but wanted to get the communities thoughts on this.
- Nuclei – Community Powered Vulnerability Scanner
-
Log4J Network Scanning/Detection on a 100k+ Node Network
Check out Nuclei (https://github.com/projectdiscovery/nuclei)
amass
Posts with mentions or reviews of amass.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-11-29.
-
amass VS dmut - a user suggested alternative
2 projects | 29 Nov 2023
-
findomain VS amass - a user suggested alternative
2 projects | 24 Nov 2023
- In-depth attack surface mapping and asset discovery
- 10. 使用工具帮你进行开源情报收集
-
Looking for Recommendations for New Vulnerability & PHI/PII Scanner
OWASP Zap, OWASP Amass, OpenVAS Scanner
-
Can authenticated internet-facing web app be discovered if not indexed by search engines?
My main source is Certificate Transparency, which is kind of a database of TLS certs created so far. But use external tools like Subfinder or Amass.
-
Millions of .git folders exposed publicly by mistake
Scan our domains and infrastructure to reveal if we have exposed.git repositories and other critical infrastructure. You can scan your domains and subdomains with many tools such as Amass or dirsearch to name a couple.
-
Tools for subdomain brute forcing
Amass = https://github.com/OWASP/Amass
- RustScan/RustScan: 🤖 The Modern Port Scanner 🤖
- OWASP/Amass: In-depth Attack Surface Mapping and Asset Discovery
What are some alternatives?
When comparing nuclei and amass you can also consider the following projects:
jaeles - The Swiss Army knife for automated Web Application Testing
subfinder - Fast passive subdomain enumeration tool.
ZAP - The ZAP core project
assetfinder - Find domains and subdomains related to a given domain
SQLMap - Automatic SQL injection and database takeover tool
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
ffuf - Fast web fuzzer written in Go
theHarvester - E-mails, subdomains and names Harvester - OSINT
RustScan - 🤖 The Modern Port Scanner 🤖
spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
osmedeus - A Workflow Engine for Offensive Security
Network-segmentation-cheat-sheet - Best practices for segmentation of the corporate network of any company