Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Overview


Nuclei

Fast and customisable vulnerability scanner based on simple YAML based DSL.

HowInstallFor Security EngineersFor DevelopersDocumentationCreditsLicenseJoin Discord


Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.

We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers. It is preloaded with ready to use templates using -update-templates flag.

How it works

nuclei-flow

Install Nuclei

▶ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

More installation methods can be found here.

Download Templates

You can download and update the nuclei templates using update-templates flag of nuclei that downloads all the available nuclei-templates from Github project, a community curated list of templates that are ready to use.

▶ nuclei -update-templates

Nuclei is designed to used with custom templates according to the target and workflow, you can write your own checks for your specific workflow and needs, please refer to nuclei templating guide to write your own custom templates.

Running Nuclei

Scanning for CVEs on given list of URLs.

▶ nuclei -l target_urls.txt -t cves/

More detailed examples of running nuclei can be found here.

For Security Engineers

Nuclei offers great number of features that are helpful for security engineers to customise workflow in their organisation. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create their suite of custom checks with Nuclei.

  • Varieties of protocols supported: TCP, DNS, HTTP, File, etc
  • Achieve complex vulnerability steps with workflows and dynamic requests.
  • Easy to integrate into CI/CD, designed to be easily integrated into regression cycle to actively check the fix and re-appearance of vulnerability.

Learn More

For bugbounty hunters:

Nuclei allows you to customise your testing approach with your own suite of checks and easily run across your bug bounty programs. Moroever, Nuclei can be easily integrated into any continuous scanning workflow.

  • Designed to be easily integrated into other tool workflow.
  • Can process thousands of hosts in few minutes.
  • Easily automate your custom testing approach with our simple YAML DSL.

Please check our other open-source projects that might fit into your bug bounty workflow: github.com/projectdiscovery, we also host daily refresh of DNS data at Chaos.

For pentesters:

Nuclei immensely improve how you approach security assessment by augmenting the manual repetitve processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.

Pen-testers get the full power of our public templates and customization capabilities to speed-up their assessment process, and specifically with the regression cycle where you can easily verify the fix.

  • Easily create your compliance, standards suite (e.g. OWASP Top 10) checklist.
  • With capabilities like fuzz and workflows, complex manual steps and repetitive assessment can be easily automated with Nuclei.
  • Easy to re-test vulnerability-fix by just re-running the template.

For Developers and Organisations

Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occuring in future.

  • CI/CD: Engineers are already utilising Nuclei within their CI/CD pipeline, it allows them to constantly monitor their staging and production environments with customised templates.
  • Continuous Regression Cycle: With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle.

We have a discussion thread around this, there are already some bug bounty programs giving incentives to hackers on writing nuclei templates with every submission, that helps them to eliminate the vulnerability across all their assets, as well as to eliminate future risk in reappearing on productions. If you're interested in implementing it in your organisation, feel free to reach out to us. We will be more than happy to help you in the getting started process, or you can also post into the discussion thread for any help.

regression-cycle-with-nuclei

Learn More

Resources

Credits

Thanks to all the amazing community contributors for sending PRs. Do also check out the below similar open-source projects that may fit in your workflow:

FFuF, Qsfuzz, Inception, Snallygaster, Gofingerprint, Sn1per, Google tsunami, Jaeles, ChopChop

License

Nuclei is distributed under MIT License

Join Discord Check Nuclei Documentation

Issues
  • [issue] runtime error

    [issue] runtime error

    Describe the bug I updated my nuclei install to version 2.4.1 and now it errors out every time i try to run it. Be advised I think upgrade over brew install and i am running Darwin HQSML-1689616 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. This is related to #888

    Nuclei version Please share the version of the nuclei you are running with nuclei -version See above and below

    Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

                         __     _
       ____  __  _______/ /__  (_)
      / __ \/ / / / ___/ / _ \/ /
     / / / / /_/ / /__/ /  __/ /
    /_/ /_/\__,_/\___/_/\___/_/   2.4.1
    
    		projectdiscovery.io
    
    [ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
    [INF] Using Nuclei Engine 2.4.1
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x49052fb]
    
    goroutine 1 [running]:
    github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc0000e6000, 0x0, 0x0)
    	github.com/projectdiscovery/nuclei/v2/internal/runner/runner.go:345 +0xd5b
    main.main()
    	command-line-arguments/main.go:30 +0x87
    
    Status: Completed Type: Bug 
    opened by gbiagomba 37
  • [issue] panic: runtime error: invalid memory address or nil pointer dereference

    [issue] panic: runtime error: invalid memory address or nil pointer dereference

    Describe the bug I was running a test to see if I could run most of the templates with a single call to a url. This is the custom workflow I ran by echoing in a single url to nuclei.

    id: unguided
    info:
      name: Workflow to run most of the templates
      author: Jeffrey Shran
    
    variables:
      cves: cves/
      default_credentials: default-credentials/
      dns: dns/
      files: files/
      generic_detections: generic-detections/
      panels: panels/
      security_misconfiguration: security-misconfiguration/
      subdomain_takeover: subdomain-takeover/
      technologies: technologies/
      tokens: tokens/
      vulnerabilities: vulnerabilities/
    
    logic:
      |
      cves()
      default_credentials()
      dns()
      files()
      generic_detections()
      panels()
      security_misconfiguration()
      subdomain_takeover()
      technologies()
      tokens()
      vulnerabilities()
    

    The command I ran is as follows:

    echo "https://example.com" | nuclei -c 200 -t ~/unguided.yaml -o example_com.nuclei.unguided

    Nuclei runs for 30-45 seconds then produces the error in the screenshot below.

    Nuclei version Current Version: 2.1.0

    Screenshot of the error or bug image

    Status: Completed 
    opened by JeffreyShran 19
  • Nuclei stops to query additional paths when first path/URL is not reachable in case of ports

    Nuclei stops to query additional paths when first path/URL is not reachable in case of ports

    Hello,

    I am not sure if I should not post this issue on the Nuclei github directly.

    I am trying to perform a template which just match a file. The specificity here is that i add a check on another port :

     - "{{BaseURL}}/myfile.txt"
     - "{{BaseURL}}:8080/myfile.txt"
    

    (The text context is the following: The file is available on port 8080. Server don't answer on port 80, the base URL)

    Problem is that this doesn't work, Nuclei seems to stop the check as the server is not responding :

    [INF] [MyTemplate] Loaded template File Detection Template (@Ohlala) [info]
    [WRN] Could not execute step: could not make http request: GET http://###REDACTED#####/myfile.txt giving up after 2 attempts: Get "http://REDACTED/myfile.txt": dial tcp REDACTED:80: connect: connection refused
    

    However, when using a proxy there is no problem and i got the match with the 8080 port.

    Any idea ?

    Type: Bug 
    opened by acarnage 17
  • Reporting to Github issues fails if the issue-label field is not set

    Reporting to Github issues fails if the issue-label field is not set

    Describe the bug For the following reporting configuration, nuclei fails to report with error 422 Validation Failed [{Resource:Label Field:name Code:missing_field Message:}]

    allow-list:
        severity: info, low, medium, high, critical
    github: 
        username: "0xcrypto"
        owner: "bb-research"
        token: "REDACTED"
        project-name: "hackberry_xyz"
    

    Nuclei version v2.5.2

    Screenshot of the error or bug image

    good first issue Status: Completed Type: Bug Hacktoberfest 
    opened by 0xcrypto 15
  • Headless Browsing Login on Websites not Working

    Headless Browsing Login on Websites not Working

    Describe the bug Headless Browsing login flow on websites not working

    Nuclei version Nuclei v 2.5.2

    Screenshot of the error or bug Has anyone tried authenticating into a modern website via Nuclei headless browsing? I've been trying to log into Trello but the login flow which should lead me here after inputting my email(tested on regular browser): Screen Shot 2021-10-07 at 2 09 53 PM

    in Nuclei headless seems to instead lead me back to this page: Screen Shot 2021-10-07 at 2 11 13 PM

    Status: Completed Type: Bug 
    opened by ctao5660 15
  • Enumeration progressbar

    Enumeration progressbar

    This is an initial implementation for a progress tracking system that informs the user of the enumeration state by providing visual feedback via progress bars.

    This is by no means a "pull-request" in the sense "please pull this into your repo else i'm mad", but this is meant to be here for tracking and discussion purposes, please feel free to make it to pieces :)

    These changes provides the following:

    • a single progress bar when a single template is specified

      • this will track the total number of requests, for the specified template, for all the specified hosts Screenshot 2020-07-11 at 23 33 00
    • two progress bars when a template directory is specified

      • progress bar 1 will track the total number of requests, for all the specified templates, for all the specified hosts
      • progress bar 2 will track the total number of requests, for the current template, for all the specified hosts Screenshot 2020-07-11 at 23 33 16

    There were some things to consider in doing this, so i had to make some choices in order to have an initial implementation working, i'll depict the main points here.

    progress bar library

    There are quite a bit of libraries for this, but to my understanding the best one is probably https://github.com/vbauerster/mpb, supporting multiple progress bars out-of-the-box.

    enumeration support

    Only HTTP requests support has been implemented, once this is good and stable i can start working on both the DNS requests and the Workflow integration.

    stdout/stderr output

    At this time, both stdout and stderr are buffered and they are both shown at the end of the enumeration phase.

    Progress bars always write to stderr.

    I've started working on this with the idea to provide the same original behavior, showing both during the enumeration process. This quite worked, but not all the times, especially when fast stdout is written to the screen, mangled output is not what you want in most cases.

    -no-progressbar flag proposal

    At this time there is no way to switch off the progress bar, but it may be sensible to let users choose to not have visual feedback at all and process stdout as usual instead: for this i propose to add a -no-progressbar flag to actually disable the visual progress feedback.

    refactoring

    In order to know the total number of hosts and requests per template beforehand, i had to refactor the code a bit: this may not be ideal or the "projectdiscovery" way, please let me know!

    Priority: Medium 
    opened by manuelbua 14
  • Output file being deleted when Nuclei finishes

    Output file being deleted when Nuclei finishes

    Describe the bug I am specifying an output file for Nuclei, and can see it being created. When Nuclei finishes the output file is being deleted.

    Nuclei version 2.1.0

    Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

    As you can see in the following the /tmp/nuclei.txt file in the bottom panel is created, populated with data, then deleted when Nuclei finishes. I first thought this was related to a particular template however the issue appears transient.

    ezgif-3-f91e896de89d

    opened by joefizz 12
  • [issue] Scan never finishes

    [issue] Scan never finishes

    Describe the bug After running the scanner for a while it stalls with only 4 remaining hosts, for more than one hour.

    Nuclei version v2.3.2

    Screenshot of the error or bug Screenshot from 2021-03-27 15-51-47

    Status: Completed Type: Bug 
    opened by pdelteil 12
  • Update installation instructions

    Update installation instructions

    In https://github.com/projectdiscovery/nuclei/commit/60005290b1f5f024f9e3e6688297fc03097d3ba1 v2 was removed from the path. This PR fixes the install instructions

    Status: Completed 
    opened by FireFart 12
  • Initial adoption of golangci-lint for continuous integration

    Initial adoption of golangci-lint for continuous integration

    golangci-lint-action It's the official GitHub action for golangci-lint from it's authors. The action runs golangci-lint and reports issues from linters.

    golangci-lint is a fast Go linters runner. It runs linters in parallel, uses caching, supports yaml config, has integrations with all major IDE and has dozens of linters included.

    Including this action into the workflow would increment the project code quality and could prevent possible future leaks and/or failures setting a minimum of checks and rules, I think it could be very favorable.

    A list of available linters on the official documentation

    There are several linters that I have disabled because for now it is a lot of work to correct the errors, for example

    • funlen: Detection of long functions.
    • gocyclo: Calculates cyclomatic complexities.
    • gosec: Inspects source code for security problems.
    • lll: Line length linter, used to enforce line length in files.

    and I have added some directives to skip the checks with (nolint) because they need a small refactor but I think it's fine for now, we can improve it in the future.

    Enabled linters:

    • bodyclose
    • deadcode
    • dogsled
    • dupl
    • errcheck
    • exhaustive
    • gochecknoinits
    • goconst
    • gocritic
    • gofmt
    • goimports
    • golint
    • gomnd
    • goprintffuncname
    • gosimple
    • govet
    • ineffassign
    • interfacer
    • maligned
    • misspell
    • nakedret
    • noctx
    • nolintlint
    • rowserrcheck
    • scopelint
    • staticcheck
    • structcheck
    • stylecheck
    • typecheck
    • unconvert
    • unparam
    • unused
    • varcheck
    • whitespace

    Fixes memory leak processing custom workflows with multiple URL from stdin reported on #242

    I hope this will be helpful.

    Status: Completed 
    opened by vzamanillo 12
  • Improving path handling on windows

    Improving path handling on windows

    Proposed changes

    This PR improves the template/payloads path resolution on Windows

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [ ] I have added necessary documentation (if appropriate)

    Notes:

    • Workflows are still broken due to relative path definition (see https://github.com/projectdiscovery/nuclei/issues/1339 and https://github.com/projectdiscovery/nuclei/issues/1338)
    Status: Review Needed Type: Bug 
    opened by Mzack9999 0
  • Templates on windows unzipping in the root folder

    Templates on windows unzipping in the root folder

    Nuclei version:

    v2.5.4

    Current Behavior:

    image

    Expected Behavior:

    Templates are installed following the same directory structure

    Steps To Reproduce:

    nuclei.exe -ut
    

    Anything else:

    Priority: High Type: Bug 
    opened by ehsandeep 0
  • Payloads are not loading on windows system

    Payloads are not loading on windows system

    Nuclei version:

    v2.5.4

    Current Behavior:

    image

    Expected Behavior:

    Payloads are loading correctly.

    Steps To Reproduce:

    nuclei.exe -tags fuzz -v
    
    Priority: High Status: Review Needed Type: Bug 
    opened by ehsandeep 0
  • chore(deps): bump golang from 1.17.3-alpine to 1.17.4-alpine

    chore(deps): bump golang from 1.17.3-alpine to 1.17.4-alpine

    Bumps golang from 1.17.3-alpine to 1.17.4-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 0
  • workflow templates do not require severity info

    workflow templates do not require severity info

    Nuclei version:

    2.5.4
    

    Current Behavior:

    When running the workflow template, the following message is displayed

    [WRN] The '' severity does not have an color associated!
    

    Expected Behavior:

    workflow templates do not require severity info

    Steps To Reproduce:

    nuclei -u http://127.0.0.1:8000 -w nuclei-templates/workflows -duc -v -vv
    

    image

    Type: Bug 
    opened by No-Github 0
  • Unit and/or integration tests for template/payload loading

    Unit and/or integration tests for template/payload loading

    To be verified:

    • template, workflow, payload file and target (scannable) file resolutions are in sync (including the order of resolution paths)

    The resolution order:

    1. absolute path (does not have to be under the template directory)
    2. relative path (resolves against the overridden or default template directory, in this order) 2.1. decide whether we accept path separator prefixed relative paths (e.g. /cve/xyz.yaml vs cve/xyz.yaml)
    3. relative path (compared to the current working directory) 3.1. decide if templates relative to the CWD should start with a ./ if they are stored under a nested directory or not (see 2.1 as well)

    If the default template directory is overridden, the logic above should honor it. Question: in case of an overridden template directory, if the file is not found, should we also check the default directory path?

    TODO:

    • [ ] unit and/or integration tests to cover the above mentioned scenarios
    • [x] GitHub action that validates all the public templates, and fails if there are validation errors, signalling that something gone wrong

    Originally posted by @forgedhallpass in https://github.com/projectdiscovery/nuclei/issues/1319#issuecomment-984753422

    Priority: Low Type: Maintenance 
    opened by ehsandeep 0
  • Adding support for implicit validation during marshal/unmarshal

    Adding support for implicit validation during marshal/unmarshal

    Proposed changes

    This PR adds support for implicit recursive struct validation via https://github.com/go-playground/validator tags decorators.

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [ ] I have added necessary documentation (if appropriate)

    Note:

    • Check if templates referencing other templates can cause a circular loop (it doesn't seem the case, since also the marshal/unmarshal operation reach a finite state)
    Status: Review Needed Type: Enhancement 
    opened by Mzack9999 0
  • Installation Error

    Installation Error

    I'm unable to install nuclei. I'm getting the following error.

    github.com/syndtr/goleveldb/leveldb/filter go/pkg/mod/github.com/syndtr/[email protected]/leveldb/filter/bloom.go:86:13: internal compiler error: '(*bloomFilterGenerator).Generate': panic during lower while compiling (*bloomFilterGenerator).Generate:

    runtime error: index out of range [1] with length 0

    I'm using the latest version of go - go1.17.3

    Screenshot_2021-12-03_10_36_38

    Status: Review Needed 
    opened by sreeharisj23 0
  • Deleting the templates directory and doing a template update returns incorrect response

    Deleting the templates directory and doing a template update returns incorrect response

    Steps to reproduce:

    • nuclei -update-directory /tmp/nuclei-templates -update-templates
    • rm -rf /tmp/nuclei-templates
    • nuclei -update-directory /tmp/nuclei-templates -update-templates

    Expected: Nuclei realizes that the templates are not present and does an update Actual: "Your nuclei-templates are up to date: vX.Y.Z"

    image

    Priority: Medium Type: Bug 
    opened by forgedhallpass 0
  • Fix and extend template viewing capabilities (-tl)

    Fix and extend template viewing capabilities (-tl)

    I want to be able to search for templates based on keywords/tags before running them So that I can make targeted template executions in an easy manner

    The -tl flag does not work as expected. See the attached screenshots.

    This functionality is imagined to work similar to nmap's --script-help option (see https://nmap.org/book/nse-usage.html#nse-script-help)

    Related issue: https://github.com/projectdiscovery/nuclei/issues/203

    TODO:

    • [ ] Investigate/hide empty folders or introduce tree view
    • [ ] Add filtering support

    Empty folders: image

    Priority: Low Type: Enhancement 
    opened by forgedhallpass 0
Releases(v2.5.4)
Owner
ProjectDiscovery
Security Through Intelligent Automation
ProjectDiscovery
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

pry0cc 2.4k Dec 7, 2021
Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.

Description The Pointer was developed for hunting and mapping Cobalt Strike servers exposed to the Internet. The tool includes the complete methodolog

Pavel Shabarkin 23 Nov 16, 2021
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 133 Dec 3, 2021
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

dw1 618 Dec 6, 2021
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox ?? ?? DalFox is a fast, powerful parameter analysis and XSS scanner, bas

HAHWUL 1.4k Dec 3, 2021
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Re 6 Nov 6, 2021
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 1 Nov 3, 2021
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

American Express 457 Nov 27, 2021
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

Anchore, Inc. 1.1k Nov 28, 2021
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 16 Dec 7, 2021
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Future Corp 8.8k Dec 6, 2021
The Go Vulnerability Database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Go 309 Nov 29, 2021
Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

4ra1n 85 Nov 20, 2021
🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators

TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta

Ariary 16 Nov 28, 2021
Gryffin is a large scale web security scanning platform.

Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w

Yahoo 2.1k Dec 1, 2021
A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

jtimperio 37 Dec 1, 2021
A Large killer focused on intranet scanning

FscanX 其实FscanX的灵感来源于fscan和LodanGo这两个开源项目,首先不得不说fscan和LadonGo两个都是非常优秀的内网扫描器。并且其独自的特色也让其在内网扫描器领域独占鳌头。其中LadonGo的插件式让其在扫描时更加专注,而fscan的傻瓜式则让其对内网的信息搜集更加高效。

SaiRson 180 Nov 22, 2021