we5ter/scanners-box

Scanners Box, also called scanbox, is a curated collection of open-source security scanning tools gathered from GitHub. It does not contain any scanning software of its own. Instead it is a reference directory of over 300 tools, organized by category, that security professionals and researchers can browse to find tools suited to specific tasks. The collection is organized into more than 20 categories. These include tools for discovering subdomains of a target website, tools for detecting SQL injection vulnerabilities in databases, tools that check for weak or default passwords on web applications, and tools for finding cross-site scripting (XSS) flaws. There are also sections covering vulnerability scanners for common middleware and server software, tools for analyzing mobile app packages, tools for examining binary executable files, and tools for detecting malware. More recent additions reflect newer areas of security work. There are sections for scanners that use AI models to find vulnerabilities, tools for testing AI applications themselves (such as those checking for prompt injection or data leakage in large language models), tools for scanning smart contracts used in blockchain applications, and tools for red team vs. blue team exercises, which simulate attacker and defender roles. Each entry in the list links to the original GitHub repository for that tool and includes badges showing the main programming language, star count, last commit date, and license. The collection explicitly excludes well-known tools like nmap, Metasploit, and similar widely distributed frameworks, focusing instead on less visible specialized tools. The project is available in both English and Chinese and is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0. The full README is longer than what was shown.