Top 23 Scanner Open-Source Projects
Exploitation Framework for Embedded DevicesProject mention: Router login crack without password list | reddit.com/r/hacking | 2021-04-18
try routersploit out for exploits thag don’t have to do with wordlists and stuff, rly good tool
Web path scannerProject mention: Release dirsearch v0.4.2 - Web Path Scanner | reddit.com/r/netsec | 2021-09-12
Optimize your datasets for ML. Goodbye, boilerplate code - the fastest dataset optimization and management tool for computer vision.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.Project mention: How do I stop Spotify tracking my location and suggesting playlists based on where I am? | reddit.com/r/spotify | 2021-08-18
That is why I found the Parler breach so amusing... I heard those Nazis used glorified Wordpress - there's automated scanning tools for wordpress nowadays!!
Information gathering & OSINT framework for phone numbersProject mention: Arnaque leboncoin aux cartes graphiques | reddit.com/r/france | 2021-08-29
Fast and customizable vulnerability scanner based on simple YAML based DSL.Project mention: How to install nuclei in any linux ☠️ | dev.to | 2021-08-02
I always install my tools in /opt folder in linux . Its not neccessary you can clone the repo anywhere . git clone https://github.com/projectdiscovery/nuclei.git
Attack Surface Management Platform | Sn1perSecurity LLCProject mention: WebMap : A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing | reddit.com/r/HowToHack | 2021-01-04
This is awesome you have made your own tool a feat I have yet to do. If you are looking for pen-test automation you should check out Sn1per I love this tool.
Security scanner for your Terraform codeProject mention: Terraform IaC Scanning with Trivy | dev.to | 2021-10-16
Trivy checks Terraform IaC using TFSEC. You can take a look at all the checks that Trivy performs under the included checks documentation. In the previous example above Trivy detected a risk called: Potentially sensitive data stored in block attribute, which notified us that our code was potentially exposing sensitive data.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Next generation web scannerProject mention: The most important step in hacking - Enumeration | dev.to | 2021-07-12
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.Project mention: ReNgine | news.ycombinator.com | 2021-08-28
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonationProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
Document Scanning Made Easy for iOSProject mention: Barcode Scanner app on Google Play infects 10M users with one update | news.ycombinator.com | 2021-02-07
I noticed the package name com.qrcodescanner.barcodescanner. and went to https://qrcodescanner.com/ which advertises another very popular barcode scanner wescan.
they also offer an sdk of their own for including a barcode scanner into your app. https://github.com/WeTransfer/WeScan
I'm not really sure they are connected (package names don't verify domain names AFAIK). Just curious.
Loki - Simple IOC and Incident Response Scanner (by Neo23x0)Project mention: Which rootkit scanner to use in a could environment ? | reddit.com/r/sysadmin | 2021-10-14
Nextron Thor Scanner
All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testersProject mention: Tuhinshubhra/RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers | reddit.com/r/GithubSecurityTools | 2021-08-01
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.Project mention: oscp and ctf bash script fro recon help | reddit.com/r/cybersecurity | 2020-12-24
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
📸 The Camera library that sees the vision.Project mention: Is it possible to make RN run Java code, swift code, or Python for deep learning applications with Pytorch? | reddit.com/r/reactnative | 2021-08-29
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntingProject mention: Colección de herramientas para Hacking Web | reddit.com/r/u_esgeeks | 2021-01-19
Signature base for my scanner toolsProject mention: Yara rule to detect ProxyToken exploitation | reddit.com/r/blueteamsec | 2021-08-30
Simple, safe and intuitive Scala I/O
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare networkProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
BitTorrent P2P multi-platform search engine for Desktop and Web servers with integrated torrent client.Project mention: Rats on The Boat - BitTorrent search engine v1.6.0 | reddit.com/r/Piracy | 2021-06-10
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentestingProject mention: Looking for an API like builtwith.com (let's you know what technology is behind website), but one that's opensource, or at least is more startup friendly .... | reddit.com/r/api | 2021-07-12
That said, keep in mind that not everything is going to find its way indexed in Google. If it's subdomains you're after, you can use tools like Sublist3r or Sudomy to pull data from multiple sources (not just DNS).
What are some of the best open-source Scanner projects? This list will help you:
Are you hiring? Post a new remote job listing for free.