Scanning and Recon: Difference between revisions
m (→Port scanners) |
m (→Port scanners) |
||
| Line 32: | Line 32: | ||
=== Port scanners === | === Port scanners === | ||
When performing a port scan pay special attention to non standard ports. | When performing a port scan pay special attention to non-standard ports. | ||
* https://github.com/nmap/nmap | * https://github.com/nmap/nmap | ||
Revision as of 00:45, 5 April 2023
These tools will scan web applications for vulnerabilities and misconfigurations, remember that they will cause a lot of traffic making lots of requests.
NOTE: This is not an exhaustive list.
Vulnerability scanners
To quickly cover a lot ground it's a good idea to scan your target using vulnerability scanners as they might be able to discover a vulnerability or misconfiguration that you can't find. To avoid WAFs make sure to use a list of random user-agent strings and a residential proxy list if possible and maybe encode some payloads.
- https://github.com/pry0cc/axiom. Twitter Thread
- https://github.com/OWASP/Amass
- https://github.com/six2dez/reconftw. Free scan config (no API)
- https://github.com/lanmaster53/recon-ng
- https://github.com/jaeles-project/jaeles
- https://github.com/1N3/Sn1per
- https://github.com/projectdiscovery/nuclei
- https://github.com/wpscanteam/wpscan [Free and paid]
- https://github.com/OWASP/joomscan
- https://github.com/immunIT/drupwn
- https://github.com/Tuhinshubhra/RED_HAWK
- https://github.com/root-tanishq/userefuzz
- https://github.com/epi052/feroxbuster
- https://sourceforge.net/projects/grendel
- https://www.cirt.net/nikto2
- https://github.com/greenbone/openvas-scanner
- https://wapiti.sourceforge.io
- http://w3af.org
- https://github.com/aboul3la/Sublist3r
- https://nmap.org/book/man-nse.html
- https://github.com/osmedeus/osmedeus-base [Free and Paid]
- https://github.com/v3n0m-Scanner/V3n0M-Scanner
- https://github.com/sqlmapproject/sqlmap
- https://github.com/r0oth3x49/ghauri
Port scanners
When performing a port scan pay special attention to non-standard ports.
- https://github.com/nmap/nmap
- https://github.com/projectdiscovery/naabu
- https://github.com/robertdavidgraham/masscan
- https://github.com/zmap/zmap
- https://github.com/RustScan/RustScan
Technology scanners
NOTE: using browser add-ons will change your browser fingerprint and reduce anonymity.
When performing a penetration test we will want to know what technology is running on the target and what version it's running as so that later we can start looking for possible working public exploits.
- https://www.wappalyzer.com/
- https://www.whatruns.com/
- https://github.com/urbanadventurer/whatweb
- https://github.com/praetorian-inc/fingerprintx