tsunami-security-scanner VS RustScan

https://github.com/google/tsunami-security-scanner (I bet it would be easy to write a plugin for https://github.com/projectdiscovery/nuclei as well.)

To see if there are injection points statically, I work on a tool (https://github.com/returntocorp/semgrep) that someone else already wrote a check with: https://twitter.com/lapt0r/status/1469096944047779845 or look for the mitigation with `semgrep -e '$LOGGER.formatMsgNoLookups(true)' --lang java`. For the mitigation, the string should be unique enough that just ripgrep works well too.

Thanks to you I just reenabled Tsunami https://github.com/google/tsunami-security-scanner. Also had software called something like vuln (blue logo with a yellow eye in the middle) running. but the hard disk of the server died --sadly and I can't remember how it was called.-- https://vuls.io/

Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

I will be giving CEH Practical exam in the next month and I can't find whether Rustscan is allowed or not. I have read EC-Council is very particular about the tools used so I want to be sure whether to implement in my prepartion or not.

I’m not sure why I decided to create it, I think I tried to use RustScan for a simple task last week, but it was too convoluted for my needs, as well as the fact that it requires nmap to be installed. Thus havn was born, nothing else needed, and only directly using two dependencies, Tokio and Clap, although I think If I really wanted to, I could remove the Clap dependency, but it’s just so handy and easy to use.

Did you read https://github.com/RustScan/RustScan, find the link to https://github.com/RustScan/RustScan/wiki/Installation-Guide and came across "Docker is the recommended way of installing RustScan"?

I like RustScan https://github.com/RustScan/RustScan . For one thing, it’s fast!