A powerful and open-source toolkit for hackers and security automation
Introduction
Scanners Box also known as scanbox, is a powerful hacker toolkit, which has collected more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc. But for other Well-known scanning tools, such as nmap, w3af, brakeman, arachni, nikto, metasploit, aircrack-ng will not be included in the scope of collection.
Contents
- Large Language Model Security
- Smart Contracts Security
- Red Team vs Blue Team
- Mobile App Packages Analysis
- Binary Executables Analysis
- Privacy Compliance
- Subdomain Enumeration or Takeover
- Database SQL Injection Vulnerability or Brute Force
- Weak Usernames or Passwords Enumeration For Web
- Authorization Brute Force or Vulnerability Scan For IoT
- Mutiple types of Cross-site scripting Detection
- Enterprise sensitive information Leak Scan
- Malicious Scripts Detection
- Vulnerability Assessment for Middleware
- Special Targets Scan
- Dynamic or Static Code Analysis
- Modular Design Scanners or Vulnerability Detecting Framework
- Advanced Persistent Threat Detect
Large Language Model Security
- https://github.com/leondz/garak - LLM vulnerability scanner for hallucination, data leakage, promp injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses
- https://github.com/protectai/rebuff - Designed to protect AI applications from prompt injection (PI) attacks
- https://github.com/mnns/LLMFuzzer - Fuzzing Framework for Large Language Models
Smart Contracts Security
- https://github.com/ConsenSys/mythril - Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera etc.
- https://github.com/enzymefinance/oyente - An Analysis Tool for Smart Contracts
- https://github.com/eth-sri/securify2 - Official security scanner for Ethereum smart contracts supported by the Ethereum Foundation
- https://github.com/smartdec/smartcheck - Static analysis tool that detects vulnerabilities and bugs in Solidity programs
- https://github.com/ivicanikolicsg/MAIAN - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts
Red Team vs Blue Team
Supply Chain Analysis(SCA)
- https://github.com/murphysecurity/murphysec - Open source tool for software supply chain security
Container and Cluster
- https://github.com/cdk-team/CDK - A tool to gather information inside container/cluster and exploit them
- https://github.com/cr0hn/dockerscan - Docker security analysis & hacking tools
- https://github.com/armosec/kubescape - The first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
- https://github.com/chaitin/veinmind-tools - Container security scanner for backdoor, malicious, weak pass and sensitive and the like.
- https://github.com/deepfence/ThreatMapper - Scan for in-production vulnerabilities and exposed secrets, and identify attack paths to reach them remotely
- https://github.com/deepfence/SecretScanner - Scan containers and host filesystems for unprotected keys, API tokens and passwords
- https://github.com/cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions
- https://github.com/kvesta/vesta - A static analysis of vulnerabilities, Docker and Kubernetes cluster configuration detect toolkit
- https://github.com/anchore/grype - A vulnerability scanner for container images and filesystems
Services fingerprint detection
- https://github.com/EdgeSecurityTeam/EHole - Core system fingerprint detection tool for Red team
Man-In-The-Middle
- https://github.com/niloofarkheirkhah/nili - Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing
The framework
- https://github.com/m4n3dw0lf/PytheM - Multi-purpose network pentest framework
- https://github.com/FunnyWolf/Viper - Graphical, Modularization and weaponization intranet penetration tool
- https://github.com/P1-Team/AlliN - Mostly used for asset collection before penetration and lateral movement of intranet
- https://github.com/k8gege/LadonGo - Pentest framework for Windows/Linux/Mac intranet networks
- https://github.com/shmilylty/netspy - Quickly scan the reachable network segmentation of the intranet
- https://github.com/byt3bl33d3r/CrackMapExec - Swiss army knife for pentesting Windows/Active Directory environments
- https://github.com/u21h2/nacs - Event-driven intranet pentest scanner
- https://github.com/h4wkst3r/SCMKit - Source Code Management Attack Toolkit,such as GitHub Enterprise, GitLab Enterprise and Bitbucket Server
- https://github.com/lijiejie/MisConfig_HTTP_Proxy_Scanner - Helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers
- https://github.com/chainreactors/gogo - A highly controllable and scalable automation engine for red teams
Wireless Pentest
- https://github.com/savio-code/fern-wifi-cracker - Testing and discovering flaws in ones own network
- https://github.com/P0cL4bs/WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
- https://github.com/MisterBianco/BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing
- https://github.com/besimaltnok/PiFinger - Searches for wifi-pineapple traces and calculate wireless network security score
- https://github.com/derv82/wifite2 - A complete re-write of Wifite,Automated Wireless Attack Tool
- https://github.com/D3Ext/WEF - Wi-Fi Exploitation Framework for 2.4 and 5 Ghz both attacks
- https://github.com/pinecone-wifi/pinecone - A WLAN red team framework
ENJOY & HAPPY LEARNING! 
Appreciate the share & feedback! donβt be cheap!
!