Exploitation Framework for Embedded Devices

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Web path scanner

Automated pentest framework for offensive security experts

w3af: web application attack and audit framework, the open source web vulnerability scanner.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A list of web application security

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Web Application Security Scanner Framework

Next generation web scanner

Scan, index, and archive all of your paper documents (acquired by Mayan EDMS)

scanner detecting the use of JavaScript libraries with known vulnerabilities

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Personal document manager (Linux/Windows) -- Moved to Gnome's Gitlab

Document Scanning Made Easy for iOS

Advanced information gathering & OSINT framework for phone numbers

A high performance offensive security tool for reconnaissance and vulnerability scanning

WAScan - Web Application Scanner

大型内网渗透扫描器&Cobalt Strike，Ladon6.6内置74个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Loki - Simple IOC and Incident Response Scanner

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A php.ini scanner for best security practices

Automated NoSQL database enumeration and web application exploitation tool.

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

🔥 ZXing的精简版，优化扫码和生成二维码/条形码，内置闪光灯等功能。扫描风格支持：微信的线条样式，支付宝的网格样式。几句代码轻松拥有扫码功能 ，ZXingLite让集成更简单。（扫码识别速度快如微信）

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Simple, safe and intuitive Scala I/O

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network