Scanning and Recon: Difference between revisions

These tools will scan web applications for vulnerabilities and misconfigurations, remember that they will cause a lot of traffic making lots of requests.

NOTE: This is not an exhaustive list.

Vulnerability scanners

• https://github.com/pry0cc/axiom. Twitter Thread [Free]
• https://github.com/OWASP/Amass [Free]
• https://github.com/six2dez/reconftw. Free scan config (no API) [Free]
• https://github.com/lanmaster53/recon-ng [Free]
• https://github.com/jaeles-project/jaeles [Free]
• https://github.com/1N3/Sn1per [Free]
• https://github.com/projectdiscovery/nuclei
• https://github.com/wpscanteam/wpscan [Free and paid]
• https://github.com/OWASP/joomscan [Free]
• https://github.com/immunIT/drupwn [Free]
• https://github.com/Tuhinshubhra/RED_HAWK [Free]
• https://github.com/root-tanishq/userefuzz [Free]
• https://github.com/epi052/feroxbuster [Free]
• https://sourceforge.net/projects/grendel [Free]
• https://www.cirt.net/nikto2 [Free]
• https://github.com/greenbone/openvas-scanner [Free]
• https://wapiti.sourceforge.io [Free]
• http://w3af.org [Free]
• https://github.com/aboul3la/Sublist3r [Free]
• https://nmap.org/book/man-nse.html [Free]
• https://github.com/osmedeus/osmedeus-base [Free and Paid]
• https://github.com/v3n0m-Scanner/V3n0M-Scanner [Free]
• https://github.com/sqlmapproject/sqlmap [Free]

Port scanners

• https://github.com/nmap/nmap [Free]
• https://github.com/projectdiscovery/naabu [Free]
• https://github.com/robertdavidgraham/masscan [Free]
• https://github.com/zmap/zmap [Free]
• https://github.com/RustScan/RustScan [Free]

Technology scanners

NOTE: using browser add-ons will change your browser fingerprint and reduce anonymity.

• https://www.wappalyzer.com/ [Free]
• https://www.whatruns.com/ [Free]
• https://github.com/urbanadventurer/whatweb [Free]
• https://github.com/praetorian-inc/fingerprintx