Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Alternatives To Scan4all
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
11 hours ago9April 08, 20221bsd-3-clauseGo
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
2 months ago65gpl-2.0Python
Automated host blocking from SSH brute force attacks
a month ago1gpl-3.0Shell
wbruter was the first tool wich has been released as open source wich can guarantee 100% that your pin code will be cracked aslong as usb debugging has been enable. wbruter also includes some other brute methods like dictionary attacks for gmail, ftp, rar, zip and some other file extensions.
3 years ago2JavaScript
Low interaction honeypot that displays real time attacks
Known_hosts Hashcat229
4 years agoPython
A guide and tool for cracking ssh known_hosts files with hashcat
21 days ago2apache-2.0Python
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Kali Linux Tools Interface141
2 years ago2mitPHP
Graphical Web interface developed to facilitate the use of security information tools.
7 years ago1agpl-3.0Python
SSH User Enumeration Script in Python Using The Timing Attack
Ids Evasion59
2 years agoPython
Evading Snort Intrusion Detection System.
Ssh Putty Login Bruteforcer51
3 years agootherPowerShell
Turn PuTTY into an SSH login bruteforcing tool.
Alternatives To Scan4all
Select To Compare

Alternative Project Comparisons

Tweet Follow on Twitter GitHub Followers

README_ Compile/Install/Run Parameter Description How to use Scenario POC List Custom Scan Best Practices



  • What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligentred team tools Code-level optimization, parameter optimization, and individual modules, such as vscan filefuzz, have been rewritten for these integrated projects. In principle, do not repeat the wheel, unless there are bugs, problems
  • Cross-platform: based on golang implementation, lightweight, highly customizable, open source, supports Linux, windows, mac os, etc.
  • Support [23] password blasting, support custom dictionary, open by "priorityNmap": true
    • RDP
    • VNC
    • SSH
    • Socks5
    • rsh-spx
    • Mysql
    • MsSql
    • Oracle
    • Postgresql
    • Redis
    • FTP
    • Mongodb
    • SMB, also detect MS17-010 (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148), SmbGhost (CVE- 2020-0796)
    • Telnet
    • Snmp
    • Wap-wsp (Elasticsearch)
    • RouterOs
    • HTTP BasicAuth(Authorization), contains WebdavSVNApache Subversion crack
    • Weblogic, enable nuclei through enableNuclei=true at the same time, support T3, IIOP and other detection
    • Tomcat
    • Jboss
    • Winrm(wsman)
    • POP3/POP3S
  • By default, http password intelligent blasting is enabled, and it will be automatically activated when an HTTP password is required, without manual intervention
  • Detect whether there is nmap in the system, and enable nmap for fast scanning through priorityNmap=true, which is enabled by default, and the optimized nmap parameters are faster than masscan Disadvantages of using nmap: Is the network bad, because the traffic network packet is too large, which may lead to incomplete results Using nmap additionally requires setting the root password to an environment variable
  export PPSSWWDD=yourRootPswd 

More references: config/ By default, naabu is used to complete port scanning -stats=true to view the scanning progress Can I not scan Ports?

noScan=true ./scan4all -l list.txt -v
# nmap result default noScan=true 
./scan4all -l nmapRssuilt.xml -v
  • Fast 15000+ POC detection capabilities, PoCs include:
    • nuclei POC

    Nuclei Templates Top 10 statistics

cve 1430 daffainfo 631 cves 1407 info 1474 http 3858
panel 655 dhiyaneshdk 584 exposed-panels 662 high 1009 file 76
edb 563 pikpikcu 329 vulnerabilities 509 medium 818 network 51
lfi 509 pdteam 269 technologies 282 critical 478 dns 17
xss 491 geeknik 187 exposures 275 low 225
wordpress 419 dwisiswant0 169 misconfiguration 237 unknown 11
exposure 407 0x_akoko 165 token-spray 230
cve2021 352 princechaddha 151 workflows 189
rce 337 ritikchaddha 137 default-logins 103
wp-plugin 316 pussycat0x 133 file 76

281 directories, 3922 files.

  • vscan POC
    • vscan POC includes: xray 2.0 300+ POC, go POC, etc.
  • scan4all POC
  • Support 7000+ web fingerprint scanning, identification:

    • httpx fingerprint
      • vscan fingerprint
      • vscan fingerprint: including eHoleFinger, localFinger, etc.
    • scan4all fingerprint
  • Support 146 protocols and 90000+ rule port scanning

    • Depends on protocols and fingerprints supported by nmap
  • Fast HTTP sensitive file detection, can customize dictionary

  • Landing page detection

  • Supports multiple types of input - STDIN/HOST/IP/CIDR/URL/TXT

  • Supports multiple output types - JSON/TXT/CSV/STDOUT

  • Highly integratable: Configurable unified storage of results to Elasticsearch [strongly recommended]

  • Smart SSL Analysis:

    • In-depth analysis, automatically correlate the scanning of domain names in SSL information, such as *, and complete subdomain traversal according to the configuration, and the result will automatically add the target to the scanning list
    • Support to enable * subdomain traversal function in smart SSL information, export EnableSubfinder=true, or adjust in the configuration file
  • Automatically identify the case of multiple IPs associated with a domain (DNS), and automatically scan the associated multiple IPs

  • Smart processing:

      1. When the IPs of multiple domain names in the list are the same, merge port scans to improve efficiency
      1. Intelligently handle http abnormal pages, and fingerprint calculation and learning
  • Automated supply chain identification, analysis and scanning

  • Link python3 log4j-scan

    • This version blocks the bug that your target information is passed to the DNS Log Server to avoid exposing vulnerabilities
    • Added the ability to send results to Elasticsearch for batch, touch typing
    • There will be time in the future to implement the golang version how to use?
mkdir ~/MyWork/;cd ~/MyWork/;git clone
  • Intelligently identify honeypots and skip Targets. This function is disabled by default. You can set EnableHoneyportDetection=true to enable

  • Highly customizable: allow to define your own dictionary through config/config.json configuration, or control more details, including but not limited to: nuclei, httpx, naabu, etc.

  • support HTTP Request Smuggling: CL-TETE-CLTE-TECL_CLBaseErr image

  • Support via parameter Cookie='PHPSession=xxxx' ./scan4all -host, compatible with nuclei, httpx, go-poc, x-ray POC, filefuzz, http Smuggling

work process

how to install

download from Releases

go install[email protected]
scan4all -h

how to use

    1. Start Elasticsearch, of course you can use the traditional way to output, results
mkdir -p logs data
docker run --restart=always --ulimit nofile=65536:65536 -p 9200:9200 -p 9300:9300 -d --name es -v $PWD/logs:/usr/share/elasticsearch/logs -v $PWD /config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v $PWD/config/jvm.options:/usr/share/elasticsearch/config/jvm.options -v $PWD/data:/ usr/share/elasticsearch/data hktalent/elasticsearch:7.16.2
# Initialize the es index, the result structure of each tool is different, and it is stored separately

# Search syntax, more query methods, learn Elasticsearch by yourself
where is the target to query

  • Please install nmap by yourself before use Using Help
go build
# Precise scan szUrl list UrlPrecise=true
UrlPrecise=true ./scan4all -l xx.txt
# Disable adaptation to nmap and use naabu port to scan its internally defined http-related Ports
priorityNmap=false ./scan4all -tp http -list allOut.txt -v

Work Plan

  • Integrate web-cache-vulnerability-scanner to realize HTTP smuggling smuggling and cache poisoning detection
  • Linkage with metasploit-framework, on the premise that the system has been installed, cooperate with tmux, and complete the linkage with the macos environment as the best practice
  • Integrate more fuzzers , such as linking sqlmap
  • Integrate chromedp to achieve screenshots of landing pages, detection of front-end landing pages with pure js and js architecture, and corresponding crawlers (sensitive information detection, page crawling)
  • Integrate nmap-go to improve execution efficiency, dynamically parse the result stream, and integrate it into the current task waterfall
  • Integrate ksubdomain to achieve faster subdomain blasting
  • Integrate spider to find more bugs
  • Semi-automatic fingerprint learning to improve accuracy; specify fingerprint name, configure

Q & A

  • how use Cookie?
  • libpcap related question

more see: discussions


  • 2023-05-21 nuclei nuclei
  • 2022-07-28 Added substr and aes_cbc dsl helper by me nuclei v2.7.7
  • 2022-07-20 fix and PR nuclei #2301 bug
  • 2022-07-20 add web cache vulnerability scanner
  • 2022-07-19 PR nuclei #2308 add dsl function: substr aes_cbc
  • 2022-07-19 dcom Protocol enumeration network interfaces
  • 2022-06-30 nuclei-templates 3744YAML POC 1Elasticsearch 2config
  • 2022-06-27 ;ksubdomain
  • 2022-06-24
  • 2022-06-23 ParseSSlSSLDNSSSLdnsnmap.exebugwindowsbug
  • 2022-06-22 11ftpmongodbmssqlmysqloraclepostgresqlrdpredissmbsshtelnet
  • 2022-06-20 SubfinderEnableSubfinder=true ssl config/config.json
  • 2022-06-17 IPIP
  • 2022-06-15 weblogicwebshell
  • 2022-06-10
  • 2022-06-07 404
  • 2022-06-07 http urlUrlPrecise=true

Communication group (WeChat, QQTg)

Wechat Or QQchat Or Tg


Stargazers over time


Wechat Pay AliPay Paypal BTC Pay BCH Pay
paypal [email protected]m
Popular Ssh Projects
Popular Attack Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Security Tools
Brute Force
Vulnerability Scanner
Pentest Tool
Security Scanner
Vulnerability Detection