mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-10-01 01:05:56 -04:00
Merge pull request #145 from meitar/vuln-scanners
Reorganize Vulnerability Scanners section, add subheadings.
This commit is contained in:
Samar Dhwoj Acharya
GitHub
commit
51949983f7
36
README.md
36
README.md
@ -20,6 +20,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
- [Basic Penetration Testing Tools](#basic-penetration-testing-tools)
|
||||
- [Docker for Penetration Testing](#docker-for-penetration-testing)
|
||||
- [Vulnerability Scanners](#vulnerability-scanners)
|
||||
- [Static Analyzers](#static-analyzers)
|
||||
- [Web Scanners](#web-scanners)
|
||||
- [Network Tools](#network-tools)
|
||||
- [Wireless Network Tools](#wireless-network-tools)
|
||||
- [SSL Analysis Tools](#ssl-analysis-tools)
|
||||
@ -135,20 +137,28 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/)
|
||||
|
||||
### Vulnerability Scanners
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management & risk management software.
|
||||
* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment.
|
||||
* [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner.
|
||||
* [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager.
|
||||
* [Secapps](https://secapps.com/) - Integrated web application security testing environment.
|
||||
* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
|
||||
* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner.
|
||||
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS.
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework.
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
||||
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
|
||||
* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system.
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
|
||||
|
||||
#### Static Analyzers
|
||||
* [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
|
||||
* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
|
||||
* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
|
||||
* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework.
|
||||
|
||||
#### Web Scanners
|
||||
* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
|
||||
* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications.
|
||||
* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
|
||||
* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer.
|
||||
* [SecApps](https://secapps.com/) - In-browser web application security testing suite.
|
||||
* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
|
||||
|
||||
#### Network Tools
|
||||
* [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
|
||||
* [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits.
|
||||
@ -205,15 +215,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
||||
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner.
|
||||
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
|
||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
||||
@ -221,8 +228,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner.
|
||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||
|
||||
### Hex Editors
|
||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user