Scanning and Recon
Jump to navigation
Jump to search
These tools will scan web applications for vulnerabilities and misconfigurations, remember that they will cause a lot of traffic making lots of requests.
NOTE: This is not an exhaustive list.
Vulnerability scanners
- https://github.com/pry0cc/axiom. Twitter Thread
- https://github.com/OWASP/Amass
- https://github.com/six2dez/reconftw. Free scan config (no API)
- https://github.com/lanmaster53/recon-ng
- https://github.com/jaeles-project/jaeles
- https://github.com/1N3/Sn1per
- https://github.com/projectdiscovery/nuclei
- https://github.com/wpscanteam/wpscan [Free and paid]
- https://github.com/OWASP/joomscan
- https://github.com/immunIT/drupwn
- https://github.com/Tuhinshubhra/RED_HAWK
- https://github.com/root-tanishq/userefuzz
- https://github.com/epi052/feroxbuster
- https://sourceforge.net/projects/grendel
- https://www.cirt.net/nikto2
- https://github.com/greenbone/openvas-scanner
- https://wapiti.sourceforge.io
- http://w3af.org
- https://github.com/aboul3la/Sublist3r
- https://nmap.org/book/man-nse.html
- https://github.com/osmedeus/osmedeus-base [Free and Paid]
- https://github.com/v3n0m-Scanner/V3n0M-Scanner
- https://github.com/sqlmapproject/sqlmap
- https://github.com/r0oth3x49/ghauri
Port scanners
- https://github.com/nmap/nmap
- https://github.com/projectdiscovery/naabu
- https://github.com/robertdavidgraham/masscan
- https://github.com/zmap/zmap
- https://github.com/RustScan/RustScan
Technology scanners
NOTE: using browser add-ons will change your browser fingerprint and reduce anonymity.
- https://www.wappalyzer.com/
- https://www.whatruns.com/
- https://github.com/urbanadventurer/whatweb
- https://github.com/praetorian-inc/fingerprintx