Fuxi-Scanner - Network Security Vulnerability Scanner

  •        18

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions. Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

https://fuxi-scanner.com
https://github.com/jeffzh3ng/Fuxi-Scanner

Tags
Implementation
License
Platform

   




Related Projects

Scanners-Box - The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑

  •    

Scanners Box is a collection of open source scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. For other Well-known scanning tools, such as: awvs,nmap,w3af will not be included in the scope of collection. The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

vulscan - Advanced vulnerability scanning with Nmap NSE

  •    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.


raptor - Web-based Source Code Vulnerability Scanner

  •    Javascript

Raptor is a web-based (web-serivce + UI) github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available only to the user who initiated the scan. This tool is an attempt to help the community and start-up companies to emphasize on secure-coding. This tool may or may not match the features/quality of commercial alternatives, nothing is guaranteed and you have been warned. This tool is targeted to be used by security code-reviewers and/or developers with secure-coding experience to find vulnerability entry-points during code-audits or peer reviews. Please DO NOT trust the tool's output blindly. This is best-used if you plug Raptor into your CI/CD pipeline.

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

IronWASP - Iron Web application Advanced Security testing Platform

  •    CSharp

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

arachni - Web Application Security Scanner Framework

  •    Ruby

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة

  •    Perl

● Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Extern commands execution. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress and Joomla sites. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● Interactive and Normal interface. ● And more...

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

Nogotofail - Network Security Testing Tool

  •    Python

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Beef - Browser Exploitation Framework

  •    Javascript

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

commix - Automated All-in-One OS command injection and exploitation tool.

  •    Python

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header. Usage of commix for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

vbscan - OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

  •    Perl

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them . If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

OWASP Joomla Vulnerability Scanner Project

  •    Perl

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.