#scanner

nuclei-burp-plugin on offsec.tools
Sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

mapcidr on offsec.tools
Sponsor
mapcidr

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

Naabu on offsec.tools
Sponsor
Naabu

A fast port scanner written in go with a focus on reliability and simplicity.

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

svn-extractor on offsec.tools
Featured
svn-extractor

Simple script to extract all web resources by means of .SVN folder exposed over network.

droopescan on offsec.tools
droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs.

Trivy on offsec.tools
Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...

Cake Fuzzer on offsec.tools
Cake Fuzzer

Cutting-edge project designed to automate the continuous discovery of vulnerabilities in webapps.

BurpGPT on offsec.tools
BurpGPT

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.

Rapidscan on offsec.tools
Rapidscan

The multi tool web vulnerability scanner.

plution on offsec.tools
plution

Prototype pollution scanner using headless chrome.

Jira-Lens on offsec.tools
Jira-Lens

Fast and customizable vulnerability scanner for Jira.

WINspect on offsec.tools
WINspect

Powershell-based Windows security auditing toolbox.

fuxploider on offsec.tools
fuxploider

File upload vulnerability scanner and exploitation tool.

hping on offsec.tools
hping

Network tool able to send custom TCP/IP packets.

Mr.SIP on offsec.tools
Mr.SIP

SIP-based audit and attack tool.

egressbuster on offsec.tools
egressbuster

Check egress filtering and identify if ports are allowed to automatically spawn a shell.

PS2 on offsec.tools
PS2

A port scanner written purely in PowerShell.

SQLiDetector on offsec.tools
SQLiDetector

Helps you to detect SQL injection "Error based" by sending multiple requests.

co2 on offsec.tools
co2

A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

additional-scanner-checks on offsec.tools
additional-scanner-checks

Collection of scanner checks missing in Burp.

archerysec on offsec.tools
archerysec

Automate your application security orchestration and correlation (ASOC).

wpfinger on offsec.tools
wpfinger

wpfinger is a red-team WordPress scanning tool.

BugBountyScanner on offsec.tools
BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

Kscan on offsec.tools
Kscan

Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.

UDPX on offsec.tools
UDPX

Fast and lightweight UDP scanner that supports the discovery of many services.

Crlfi on offsec.tools
Crlfi

CRLF bug scanner for WebPentesters and Bugbounty Hunters.

qscan on offsec.tools
qscan

Quick network scanner library.

Kubestroyer on offsec.tools
Kubestroyer

Exploit Kubernetes clusters misconfigurations and be the swiss army knife of your pentests.

IAMagic on offsec.tools
IAMagic

Advanced AWS access credentials scanner.

GPT_Vuln-Analyzer on offsec.tools
GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

nmapAutomater on offsec.tools
nmapAutomater

Automate the process of enumeration & recon that is run every time.

vcsmap on offsec.tools
vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

ssh-auditor on offsec.tools
ssh-auditor

The best way to scan for weak ssh passwords on your network.

aem-detector on offsec.tools
aem-detector

Discover Adobe Experience Manager (AEM) Content Management System (CMS) websites.

TerminatorZ on offsec.tools
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

Unicornscan on offsec.tools
Unicornscan

An asynchronous TCP and UDP port scanner.

ike-scan on offsec.tools
ike-scan

Discover and fingerprint IKE hosts.

amap on offsec.tools
amap

Identify applications even if they are running on a different port than normal.

Grendel-Scan on offsec.tools
Grendel-Scan

A tool for automated security scanning of web applications.

ratproxy on offsec.tools
ratproxy

A semi-automated largely passive web application security audit tool.

wikto on offsec.tools
wikto

Nikto for Windows with some extra features.

WebInspect on offsec.tools
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

Invicti on offsec.tools
Invicti

Web Application Security For Enterprise.

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

RedTeam_toolkit on offsec.tools
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

smb-scanner on offsec.tools
smb-scanner

Samba scanning tool.

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

Skanuvaty on offsec.tools
Skanuvaty

Dangerously fast DNS/network/port scanner.

autoSSRF on offsec.tools
autoSSRF

Smart context-based SSRF vulnerability scanner.

CMSeek on offsec.tools
CMSeek

CMS Detection and Exploitation suite that supports over 180 other CMSs.

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

Qualys Cloud Platform on offsec.tools
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

SSTImap on offsec.tools
SSTImap

Automatic SSTI detection tool with interactive interface.

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

LanGuard on offsec.tools
LanGuard

Patch management, vulnerability scanning, and network auditing.

Nexpose on offsec.tools
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

WebScarab on offsec.tools
WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

Paros Proxy on offsec.tools
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Nessus on offsec.tools
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

Ronin on offsec.tools
Ronin

A free and open source Ruby toolkit for security research and development.

Vuls on offsec.tools
Vuls

Agent-less vulnerability scanner.

jok3r on offsec.tools
jok3r

Network and Web Pentest Automation Framework.

Legion on offsec.tools
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

ATOR on offsec.tools
ATOR

Authentication Token Obtain and Replace Extender.

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

Angry IP Scanner on offsec.tools
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

TLD Scanner on offsec.tools
TLD Scanner

Scan all possible TLD's for a given domain name.

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

FOCA on offsec.tools
FOCA

Tool to find metadata and hidden information in the documents.

OpenVAS on offsec.tools
OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

Java Deserialization Scanner on offsec.tools
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Simple Basic Malware Scanner on offsec.tools
Simple Basic Malware Scanner

Simple Malware Scanner based on file hash scan.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Burp WP on offsec.tools
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Dastardly Scan Action on offsec.tools
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

scan-check-builder on offsec.tools
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Distribute Damage on offsec.tools
Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan on offsec.tools
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

ActiveScan++ on offsec.tools
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

EMBA on offsec.tools
EMBA

The security analyzer for firmware of embedded devices.

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

Arachni on offsec.tools
Arachni

Web Application Security Scanner Framework.

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

WPSpider on offsec.tools
WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.

WPRecon on offsec.tools
WPRecon

Tool for the recognition of vulnerabilities and blackbox information for Wordpress.

pyfiscan on offsec.tools
pyfiscan

Free web-application vulnerability and version scanner.

changeme on offsec.tools
changeme

A default credential scanner.

XSSwagger on offsec.tools
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

Extended XSS Searcher and Finder on offsec.tools
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

XSSCon on offsec.tools
XSSCon

Simple XSS Scanner tool.

See-SURF on offsec.tools
See-SURF

Detect Vulnerable SSRF parameters.

metahttp on offsec.tools
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

SQLiv on offsec.tools
SQLiv

Massive SQL injection vulnerability scanner.

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Evil SQL Client on offsec.tools
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

SQLiScanner on offsec.tools
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

InQL on offsec.tools
InQL

Burp Extension for GraphQL Security Testing.

BurpBounty on offsec.tools
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

Retire.js on offsec.tools
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

webanalyze on offsec.tools
webanalyze

Uncovers technologies used on websites to automate mass scanning.

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

Wireshark on offsec.tools
Wireshark

Network sniffer that captures and analyzes packets off the wire.

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

reconFTW on offsec.tools
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

sns on offsec.tools
sns

IIS shortname scanner written in Go.

Nginxpwner on offsec.tools
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

Nmap on offsec.tools
Nmap

The network mapper.

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

Metasploit on offsec.tools
Metasploit

The world’s most used penetration testing framework.

Venom on offsec.tools
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

w3af on offsec.tools
w3af

Web Application Attack and Audit Framework.

Osmedeus on offsec.tools
Osmedeus

A Workflow Engine for Offensive Security

Jaeles on offsec.tools
Jaeles

The Swiss Army knife for automated Web Application Testing

Nikto on offsec.tools
Nikto

Nikto web server scanner.

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

Sn1per on offsec.tools
Sn1per

Attack Surface Management Platform.

WhatWeb on offsec.tools
WhatWeb

Next generation web scanner.

Masscan on offsec.tools
Masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

detectify-cves on offsec.tools
detectify-cves

Find CVEs that don't have a Detectify modules.

xray on offsec.tools
xray

Security assessment tool that supports common web security issue scanning and custom PoC.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

Aquatone on offsec.tools
Aquatone

A Tool for Domain Flyovers.

WPScan on offsec.tools
WPScan

WPScan WordPress Security Scanner