The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑 in Chinese 中文

Project Description

Scanners Boxis a collection of open source scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. For other Well-known scanning tools, such as: awvs,nmap,w3af will not be included in the scope of collection.

Subdomain Scanners or Enumeration Tools

Database Vulnerability Scanners or Enumeration Tools

Weak Passwords/Users Scanners or Enumeration Tools

IoT Detecting Tools or Scanners

Reflect or DOM-Based XSS Scanners

Enterprise Assets Management or Leaks Gather Tools

Webshell Detection or Malware Analysis Tools

Intranet Penetration Tools or Scanners

Middleware Scanners or Fingerprint Tools

Special Scanners(Just for some special Components)

Wireless Network Scanners

Local Network(Local Area Network) Scanners

Code Review Tools or Scanners

Modular Design Scanners or Vulnerability Detecting Framework

Some Tools relate with APT

Some Security Tools relate with ICS & Large network

Collection Purposes

The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.


Wester(Twitter @Zhiyang Zeng ) &  Martin (Twitter @Martin Chow )

Symbolic Description

[↑]means update scanner description

[+]means add scanner

[-]means remove scanner

[move]means change scanner category

[ac]means add someone to Acknowledgments

[other]means other actions


Do not use for illegal purposes.

How to contribute?

We welcome everyone to contribute,you can open an issue for this if you have some new idea about this project or you have found some valuable scanner,and then I will add your name to Acknowledgments.


Please specify reproduced from , and please do not republish this article for profit.


  • @0c0c0f
  • @藏形匿影(
  • @Mottoin team
  • @BlackHole
  • @CodeColorist
  • @3xp10it
  • @re4lity
  • @s0md3v
  • @boy-hack
  • @marsII
  • @tom0li
  • @hksanduo

© Sixtant Security Lab 2016-2017