123 lines
1.9 KiB
Plaintext
123 lines
1.9 KiB
Plaintext
# This file lists what we think the most widely used
|
|
# security scanners identifyable via their user agents.
|
|
#
|
|
# The list is curated by hand. Attempts to machine-generate
|
|
# a larger list leads to a lot of false positives and edge
|
|
# cases where certain scanners / bots are welcome in certain
|
|
# situations. We consider this a baseline of unwanted scanners.
|
|
|
|
|
|
# http://www.arachni-scanner.com/
|
|
arachni
|
|
|
|
betabot
|
|
|
|
bewica-security-scan
|
|
|
|
# Backup File Artifacts Checker
|
|
# https://github.com/mazen160/bfac
|
|
BFAC
|
|
|
|
# Commix
|
|
# https://github.com/commixproject/commix
|
|
commix
|
|
|
|
# Detectify website vulnerability scanner
|
|
# https://detectify.com/
|
|
Detectify
|
|
|
|
# hidden page scanner
|
|
# (deprecated) https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
|
|
dirbuster
|
|
|
|
fimap
|
|
|
|
# vuln scanner
|
|
# https://github.com/ffuf/ffuf
|
|
fuzz faster
|
|
|
|
# Scanner that looks for existing or hidden web objects
|
|
# https://github.com/OJ/gobuster
|
|
gobuster
|
|
|
|
# sql injection
|
|
havij
|
|
|
|
hexometer
|
|
|
|
jbrofuzz
|
|
|
|
jorgee
|
|
|
|
libwhisker
|
|
|
|
# port scanner
|
|
# https://github.com/robertdavidgraham/masscan
|
|
masscan
|
|
|
|
morfeus
|
|
|
|
# The Mysterious Mozlila User Agent bot
|
|
# https://trunc.org/learning/the-mozlila-user-agent-bot
|
|
Mozlila
|
|
|
|
# Typo of Mozilla/5.0 user-agent
|
|
Mozilla/5.g
|
|
|
|
# Nessus
|
|
# http://www.tenable.com/products/nessus-vulnerability-scanner
|
|
nessus
|
|
|
|
netlab360
|
|
|
|
netsparker
|
|
|
|
# vuln scanner
|
|
# https://cirt.net/Nikto2
|
|
nikto
|
|
|
|
nmap
|
|
|
|
# https://github.com/projectdiscovery/nuclei
|
|
nuclei
|
|
|
|
# http://www.openvas.org/
|
|
openvas
|
|
|
|
sitelockspider
|
|
|
|
# SQL Injections
|
|
# http://sqlmap.org/
|
|
sqlmap
|
|
|
|
# https://www.cyber.nj.gov/threat-profiles/trojan-variants/sysscan
|
|
sysscan
|
|
|
|
# https://github.com/google/tsunami-security-scanner
|
|
TsunamiSecurityScanner
|
|
|
|
w3af.org
|
|
|
|
# http://www.robotstxt.org/db/webbandit.html
|
|
webbandit
|
|
|
|
# (deprecated) http://www.scrt.ch/en/attack/downloads/webshag
|
|
webshag
|
|
|
|
# https://github.com/xmendez/wfuzz
|
|
wfuzz
|
|
|
|
whatweb
|
|
|
|
wprecon
|
|
|
|
# wordpress vuln scanner
|
|
# https://wpscan.org/
|
|
wpscan
|
|
|
|
# ZGrab scanner (Mozilla/5.0 zgrab/0.x)
|
|
# https://zmap.io
|
|
zgrab
|
|
|
|
zmeu
|