#scanner
Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
mapcidr
Small utility program to perform multiple operations for a given subnet/CIDR ranges.
AWS security checks
This Burp Suite provides additional Scanner checks for AWS security issues.
Seatbelt
Performs security oriented safety checks relevant from offensive/defensive security perspectives.
WebCopilot
Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.
droopescan
A plugin-based scanner that aids security researchers in identifying issues with several CMSs.
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...
Cake Fuzzer
Cutting-edge project designed to automate the continuous discovery of vulnerabilities in webapps.
egressbuster
Check egress filtering and identify if ports are allowed to automatically spawn a shell.
BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.
Kscan
Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.
svn-extractor
Simple script to extract all web resources by means of .SVN folder exposed over network.
Kubestroyer
Exploit Kubernetes clusters misconfigurations and be the swiss army knife of your pentests.
GPT_Vuln-Analyzer
A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.
WebInspect
An automated dynamic testing solution that provides comprehensive vulnerability detection.
RedTeam_toolkit
Open source Django offensive webapp which is keeping the best tools used in the redteaming.
Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.
Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.
Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.
scan-check-builder
Burp Suite extension which helps to improve the active and passive scanner by yourself.
WPSpider
A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.
XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.
XSSer
Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
Evil SQL Client
Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.
Extended SSRF search
Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.
reconFTW
Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.
Rengine
Automated reconnaissance framework for webapps, highly configurable streamlined recon process.
Masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.