xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities (by secdec)
masscan_as_a_service
masscan as a service (by bobek)
| xssmap | masscan_as_a_service | |
|---|---|---|
| 1 | 3 | |
| 150 | 29 | |
| 1.3% | - | |
| 10.0 | 3.5 | |
| over 2 years ago | 27 days ago | |
| Python | Python | |
| Apache License 2.0 | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xssmap
Posts with mentions or reviews of xssmap.
We have used some of these posts to build our list of alternatives
and similar projects.
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
masscan_as_a_service
Posts with mentions or reviews of masscan_as_a_service.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-08-10.
-
Git scraping: track changes over time by scraping to a Git repository
I use this approach for monitoring open ports in our infrastructure -- running masscan, commiting results to git repo. If there are changes, open the merge request for review. During the review, one would investigate the actual server, why there was change in open ports.
https://github.com/bobek/masscan_as_a_service
-
Self-Host Vulnerability Scanner
We typically use a variant of https://github.com/bobek/masscan_as_a_service
-
Masscan: Scan the entire Internet in under 5 minutes
Massacan is awesome. One of the usecases is to periodically scan your own servers to see if you have not accidentally opened some new ports in firewalls.
https://github.com/bobek/masscan_as_a_service
What are some alternatives?
When comparing xssmap and masscan_as_a_service you can also consider the following projects:
dheater - D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
oxo - OXO is a security scanning orchestrator for the modern age.
arachni - Web Application Security Scanner Framework
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
bbcrss - Scrapes the headlines from BBC News indexes every five minutes