Scanning and Recon: Difference between revisions

These tools will scan web applications for vulnerabilities and misconfigurations, remember that they will cause a lot of traffic making lots of requests.

NOTE: This is not an exhaustive list.

Vulnerability scanners

To quickly cover a lot ground it's a good idea to scan your target using vulnerability scanners as they might be able to discover a vulnerability or misconfiguration that you can't find. To avoid WAFs make sure to use a list of random user-agent strings and a residential proxy list if possible and maybe encode some payloads.

• https://github.com/pry0cc/axiom. Twitter Thread
• https://github.com/OWASP/Amass
• https://github.com/six2dez/reconftw. Free scan config (no API)
• https://github.com/lanmaster53/recon-ng
• https://github.com/Dionach/CMSmap
• https://github.com/edoardottt/cariddi
• https://github.com/jaeles-project/jaeles
• https://github.com/1N3/Sn1per
• https://github.com/projectdiscovery/nuclei
• https://github.com/wpscanteam/wpscan [Free and paid]
• https://github.com/OWASP/joomscan
• https://github.com/fgeek/pyfiscan
• https://github.com/immunIT/drupwn
• https://github.com/rapid7/metasploit-framework
• https://github.com/Tuhinshubhra/RED_HAWK
• https://github.com/root-tanishq/userefuzz
• https://github.com/epi052/feroxbuster
• https://sourceforge.net/projects/grendel
• https://www.cirt.net/nikto2
• https://github.com/greenbone/openvas-scanner
• https://wapiti.sourceforge.io
• http://w3af.org
• https://github.com/aboul3la/Sublist3r
• https://nmap.org/book/man-nse.html
• https://github.com/osmedeus/osmedeus-base [Free and Paid]
• https://github.com/v3n0m-Scanner/V3n0M-Scanner

Port scanners

When performing a port scan pay special attention to non-standard ports.

• https://github.com/nmap/nmap
• https://github.com/projectdiscovery/naabu
• https://github.com/robertdavidgraham/masscan
• https://github.com/zmap/zmap
• https://github.com/RustScan/RustScan

Technology scanners

NOTE: using browser add-ons will change your browser fingerprint and reduce anonymity.

When performing a penetration test we will want to know what technology is running on the target and what version it's running as so that later we can start looking for possible working public exploits.

• https://www.wappalyzer.com/
• https://www.whatruns.com/
• https://github.com/urbanadventurer/whatweb
• https://github.com/praetorian-inc/fingerprintx

Google Hacking

• https://github.com/Proviesec/google-dorks
• https://www.exploit-db.com/google-hacking-database

Exploitation

Public exploits

• https://www.kali.org/tools/exploitdb/#searchsploit

SQL injection (SQLi)

• https://github.com/sqlmapproject/sqlmap
• https://github.com/r0oth3x49/ghauri

Cross-site scripting (XSS)

• https://github.com/s0md3v/XSStrike

Command Injection

• https://github.com/commixproject/commix