The efficiency of any Internet site is determined by the speed of reaction to the dynamically developing environment of web technologies. Modern technologies for creating web content in real time have given the professional webmaster the most powerful tools for managing information flows on the Internet. It is quite natural that such a market has not remained without the attention of hackers who seek to cause damage or take possession of confidential information. In such conditions, the urgent task is to minimize the vulnerabilities of web servers and sites in order to avoid information leakage. Vulnerability scanners are software or hardware tools for diagnosing and monitoring network computers, which allows scanning networks, computers and programs to detect possible problems in the security system, assess and eliminate vulnerabilities. Vulnerability scanners allow you to check various applications in the system for the presence of “holes” that can be exploited by attackers.
Low-level tools, such as a port scanner, can also be used to detect and analyze possible applications and protocols running on a system. A method of recognizing, categorizing, and characterizing security holes (called ‘Vulnerabilities’) among network infrastructure, computers, hardware system and software etc. is known as Vulnerability Analysis. Few examples of such vulnerabilities are misconfiguration of network infrastructure components, operating system defect or error, any ambiguity in the commodity product, etc. If vulnerabilities are discovered as part of any vulnerability assessment, then there is a need for vulnerability disclosure. Typically, such disclosures are made by separate groups, such as the Computer Emergency Preparedness Team (CERT) or the organization that discovered the vulnerability.
FlashScanner – flash XSS scanner.
cmsPoc – CMS exploit structure.
dzscan – disk scanner.
Badmod – Automatic quick detection and use of CMS. Very useful tool.
Regex-DoS – RegEx denial of service scanner for the Node.js package.
BBScan is a fast and lightweight vulnerability scanner for information disclosure.
A content management system (CMS) manages the creation and modification of digital content.
SVScanner is a scanner vulnerability and large-scale exploit.
Vulmap is a local, open source, online vulnerability scanner project.
This tool can and should be used for very crude detection of GET, POST and other parameters.
struts-scan is an open source web application framework used to develop Java web applications.
The latest version of the IIS Short Filename Scanner (8.3) discloses the vulnerability using the tilde (~).
BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.
A simple WordPress scanner written in Python based on the work of WPScan (Ruby version), some features inspired by WPSeku.
Linux vulnerability scanner based on Vulners Audit API and Salt Open with Slack notifications. Very good scanner.
A unique tool for using local file inclusions using PHP Input, PHP Filter and Data URI methods. Very useful tool
The latest version of the IIS ShortScanner (8.3) discloses the vulnerability using the tilde (~).
Hidden .onion services using nmap using Tor, in a minimal Alpine Docker container.
Open source penetration testing that automates the process of detecting flaws in file upload forms.
OWASP VBScan is an open source project in the perl programming language for VBulletin CMS vulnerability detection and analysis.
Software system with open source code in Java, designed to ensure the process of continuous integration of programs. software.
Djangohunter is a tool designed to detect misconfigured Django applications that expose sensitive information.
The tool detects the version of WordPress and finds the vulnerabilities that are vulnerable in the version, the tools also detect the plugins and themes installed on the website.
The CMS Exploit Framework is a CMS exploit framework that facilitates the acquisition, development, and targeting of CMS exploit plugins to target applications.
OWASP Joomla is an open source project designed to automate the task of detecting vulnerabilities and ensuring reliability in Joomla CMS deployments. Very useful tool
CloudSploit by Aqua is an open source project designed to detect security risks in cloud infrastructure accounts.
J2EEScan is a plugin for Burp Suite Proxy. The purpose of this plugin is to improve test coverage during penetration tests of web applications.
This is a small Python script that checks remote web servers for Clickjacking, cross-frame scripting, cross-site tracking, and host header injection.