xssmap
masscan_as_a_service
xssmap | masscan_as_a_service | |
---|---|---|
1 | 3 | |
144 | 23 | |
2.1% | - | |
10.0 | 0.0 | |
almost 2 years ago | about 2 years ago | |
Python | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xssmap
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
masscan_as_a_service
-
Git scraping: track changes over time by scraping to a Git repository
I use this approach for monitoring open ports in our infrastructure -- running masscan, commiting results to git repo. If there are changes, open the merge request for review. During the review, one would investigate the actual server, why there was change in open ports.
https://github.com/bobek/masscan_as_a_service
-
Self-Host Vulnerability Scanner
We typically use a variant of https://github.com/bobek/masscan_as_a_service
-
Masscan: Scan the entire Internet in under 5 minutes
Massacan is awesome. One of the usecases is to periodically scan your own servers to see if you have not accidentally opened some new ports in firewalls.
https://github.com/bobek/masscan_as_a_service
What are some alternatives?
dheater - D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
embark - EMBArk - The firmware security scanning environment
zdns - Fast DNS Lookup Library and CLI Tool
oxo - OXO is a security scanning orchestrator for the modern age.
netscan - A fast TCP port scanner
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
github-actions - Infromation and tips regarding GitHub Actions
bandit - Bandit is a tool designed to find common security issues in Python code.
bbcrss - Scrapes the headlines from BBC News indexes every five minutes
hun_law_rs - Tool for parsing hungarian laws (Rust version)
gesetze-im-internet - Archive of German legal acts (weekly archive of gesetze-im-internet.de)