README English | 中文
Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.
- Vulnerability detection & management
- Authentication Tester
- IT asset discovery & management
- Port scanner
- Subdomain scanner
- Acunetix Scanner (Integrate Acunetix API)
git clone --depth 1 https://github.com/jeffzh3ng/Fuxi-Scanner.git fuxi-scanner
cd fuxi-scanner
docker build -t jeffzh3ng/fuxi-scanner .or
docker pull jeffzh3ng/fuxi-scannerdocker run -dit -p 5000:5000 -v /opt/data:/data jeffzh3ng/fuxi-scanner:latestor
docker run -dit -p 5000:5000 -v /opt/data:/data -v /etc/localtime:/etc/localtime jeffzh3ng/fuxi-scanner
// Synchronize timezone from host to containerDone! Wait 10s, Open your browser to http://127.0.0.1:5000 to see it working
password: whoami
The scanner module integrate an open-sourced remote vulnerability testing and PoC development framework - Pocsuite
Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.
Some plugins in the tests directory, which are updated from time to time. You can acquiring PoC scripts from Seebug community
The target can be IP, network segment or URL.
You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding Style
IT Asset Registration:
Automatic Service Discovery:
You can scan the vulnerability by searching and filtering out specific services
This is an auth tester with hydra
Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. (55)
It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting
You can improved wordlist in settings for finding more subdomains
This module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner API
You can scan multiple websites at the same time
Port scanner allows you to discover which TCP ports are open on your target host.
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system
- Homepage: https://fuxi-scanner.com
- Download: .tar or .zip
- E-mail: jeffzh3ng@gmail.com
- Telegram: jeffzhang
- WeChat: jeffzhang