Which tools does Scanners-Box recommend for SQL injection testing?

Its main recommendation is sqlmap, which automatically detects and exploits SQL injection, supports 6 database types, and includes tamper scripts for WAF bypass. The collection also lists jsql-injection, SQLiScanner, and NoSQLAttack.

What is the difference between Nmap and masscan for port scanning?

Nmap is the standard network scanner offering service/version detection and scripting (e.g. vulnerability scripts via --script=vuln), while masscan is the fastest Internet port scanner, capable of scanning the entire Internet in about 6 minutes using asynchronous transmission. masscan is Nmap-compatible, so the two are often used together.

What fuzzing tools are included in Scanners-Box?

It lists 20+ fuzzers including AFL (American Fuzzy Lop), honggfuzz, syzkaller, and libFuzzer. AFL is coverage-guided and has found thousands of bugs in real software, while syzkaller is a Linux kernel fuzzer that has found over 3000 kernel bugs and is used by Google and Microsoft.

Are penetration testing tools like those in Scanners-Box legal to use?

These tools are legal only for authorized security testing; using them against systems without explicit written permission is illegal and unethical. Relevant laws include the US Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, China's Cybersecurity Law, and the EU GDPR, so always obtain written authorization and define scope before testing.

Scanners-Box: 200+ Cybersecurity Tools Collection for Security

Q: What is Scanners-Box?

Scanners-Box is a curated collection of 200+ open-source cybersecurity tools across 15+ categories, covering subdomain enumeration, SQL injection, fuzzing, port scanning, social engineering, and more. It was originally created for the Chinese security community (t00ls) and is aimed at penetration testers and security researchers.

tags: [“cybersecurity”, “open-source”, “penetration-testing”, “tools”]{</* resource-info */>}

Scanners-Box: 200+ Cybersecurity Tools Collection for Security Professionals — dibi8.com

What is Scanners-Box? #

Scanners-Box is a curated collection of 200+ open-source cybersecurity tools for security professionals, penetration testers, and ethical hackers. Originally created for the Chinese security community (t00ls), it covers every aspect of cybersecurity from reconnaissance to exploitation.

GitHub: https://github.com/luckybbjason1/Scanners-Box
License: Open Source Collection
Tools Count: 200+
Categories: 15+

Tool Categories Overview #

Category	Tool Count	Examples
Subdomain Enumeration	15+	subDomainsBrute, amass, subfinder, OneForAll
Database & SQL Injection	10+	sqlmap, jsql-injection, SQLiScanner, NoSQLAttack
Fuzzing Tools	20+	AFL, honggfuzz, syzkaller, libFuzzer
Port Scanning & Fingerprinting	25+	Nmap, masscan, whatweb, wafw00f
Weak Password & Info Leak	15+	htpwdScan, BBScan, GitHack, truffleHog
IoT Device Scanning	5+	IoTSeeker, RouterSploit, routersploit
XSS Exploitation	10+	BruteXSS, XSS-Radar, XSSTracer, easyXssPayload
Social Engineering	15+	SET, gophish, evilginx2, blackeye
WebShell Detection	10+	findWebshell, HaboMalHunter, PHP-Shell-Detector
Enterprise Network Audit	5+	theHarvester, xunfeng, LNScan
Vulnerability Scanners	15+	vulfocus, vulhub, VulApps, upload-labs
Wireless Security	5+	fern-wifi-cracker, aircrack-ng
Asset Discovery	5+	linglong, H, nemo_go, NextScan
Threat Intelligence	3+	threat-intelligence, VirusTotal, ThreatBook
Learning Resources	20+	sec-wiki, FreeBuf, Web Hacking 101

Featured Tools Deep Dive #

1. Subdomain Enumeration #

OneForAll — The most comprehensive subdomain collection tool

Integrates 20+ data sources
Supports API keys for better results
Export to various formats

amass — Go-based subdomain enumeration

Fast and efficient
DNS, scraping, and certificate transparency
Graph visualization output

2. SQL Injection #

sqlmap — The king of SQL injection tools

Automatic detection and exploitation
Support for 6 database types
Tamper scripts for WAF bypass

# Basic usage
sqlmap -u "http://target.com/page.php?id=1" --dbs

# Dump specific table
sqlmap -u "http://target.com/page.php?id=1" -D database -T users --dump

3. Fuzzing Frameworks #

AFL (American Fuzzy Lop) — Coverage-guided fuzzing

Discovers vulnerabilities automatically
Generates test cases
Found 1000s of bugs in real software

syzkaller — Linux kernel fuzzer

Found 3000+ Linux kernel bugs
Used by Google, Microsoft
Supports multiple operating systems

4. Port Scanning #

Nmap — The network scanner king

# Basic scan
nmap -sV -sC target.com

# Full port scan with scripts
nmap -p- -sV --script=vuln target.com

# Aggressive scan
nmap -A target.com

masscan — Fastest Internet port scanner

Scan entire Internet in 6 minutes
Compatible with Nmap
Asynchronous transmission

SET (Social-Engineer Toolkit) — Complete phishing framework

Website cloning
Email spear-phishing
Credential harvesting
Multi-attack vectors

evilginx2 — Bypass 2FA phishing framework

Man-in-the-middle attack
Session cookie capture
Bypass two-factor authentication

Security Learning Resources #

For Beginners #

sec-wiki — Security Wikipedia
FreeBuf — Hacker and geek news
Web Hacking 101 — Web security basics
Kali Linux Web Pentest Cookbook

For Intermediate #

Burpsuite实战指南 — Web penetration testing
API-Security-Checklist — API security best practices
Web-Security-Learning — Comprehensive web security
应急响应实战笔记 — Emergency response

Advanced Topics #

Linux exploit development tutorial
Android penetration testing
Node.js Web security issues
Python security series

Vulnerable Targets for Practice #

Platform	Description	Link
vulfocus	Docker-based vulnerability platform	GitHub
vulhub	Pre-built vulnerable environments	GitHub
VulApps	Vulnerable application collection	GitHub
upload-labs	File upload vulnerability practice	GitHub
bWAPP	Buggy Web Application	SourceForge
DVWA	Damn Vulnerable Web Application	GitHub
WebGoat	OWASP Web security practice	GitHub

Responsible Disclosure #

⚠️ Warning: All tools listed here are for authorized security testing only. Using these tools against systems without explicit permission is illegal and unethical.

Legal Framework #

CFAA (Computer Fraud and Abuse Act) — US
Computer Misuse Act — UK
Cybersecurity Law — China
GDPR — EU data protection

Best Practices #

Always obtain written authorization
Define scope clearly
Respect business hours
Report findings promptly
Destroy data after testing

Tool Selection Guide #

Web Application Testing #

Reconnaissance: amass, subfinder, theHarvester
Scanning: Nmap, masscan, whatweb
Vulnerability: sqlmap, XSS scanners, dirsearch
Exploitation: Burp Suite, custom scripts
Reporting: Dradis, Faraday

Network Penetration Testing #

Discovery: Nmap, masscan, nbtscan
Enumeration: enum4linux, snmp-check
Vulnerability: OpenVAS, Nessus
Exploitation: Metasploit, Cobalt Strike
Post-exploitation: PowerShell Empire, Mimikatz

Red Team Operations #

Initial Access: SET, gophish, evilginx2
Persistence: Custom implants, scheduled tasks
Privilege Escalation: PowerUp, BeRoot
Lateral Movement: Pass-the-hash, Kerberoasting
Exfiltration: DNS tunneling, HTTPS C2

Agent Reach: AI Agent Internet Access — AI-powered security automation
Free Claude Code: Open Source AI Coding — Secure coding practices

Disclaimer: This article is for educational purposes only. All tools should be used responsibly and only on systems you own or have explicit permission to test. The author and dibi8.com are not responsible for any misuse of the information provided.

Recommended Tools #

For developers building or deploying open-source AI tools, we recommend:

DigitalOcean — $200 free credit for new users, 14+ global regions, one-click GPU/CPU droplets ideal for AI workloads.
HTStack — Hong Kong VPS, same IDC that hosts dibi8.com. Self-host security scanners on dedicated VPS for low-latency Asia coverage and no shared-tenant noise.

Affiliate link — supports dibi8.com at no cost to you.

Scanners-Box: 200+ Cybersecurity Tools Collection for Security

What is Scanners-Box? #

Tool Categories Overview #

Featured Tools Deep Dive #

1. Subdomain Enumeration #

2. SQL Injection #

3. Fuzzing Frameworks #

4. Port Scanning #

Security Learning Resources #

For Beginners #

For Intermediate #

Advanced Topics #

Vulnerable Targets for Practice #

Responsible Disclosure #

Legal Framework #

Best Practices #

Tool Selection Guide #

Web Application Testing #

Network Penetration Testing #

Red Team Operations #

Recommended Tools #

References & Sources #

💬 Discussion

What is Scanners-Box? #

Tool Categories Overview #

Featured Tools Deep Dive #

1. Subdomain Enumeration #

2. SQL Injection #

3. Fuzzing Frameworks #

4. Port Scanning #

5. Social Engineering Toolkit #

Security Learning Resources #

For Beginners #

For Intermediate #

Advanced Topics #

Vulnerable Targets for Practice #

Responsible Disclosure #

Legal Framework #

Best Practices #

Tool Selection Guide #

Web Application Testing #

Network Penetration Testing #

Red Team Operations #

Related Articles #

Recommended Tools #

References & Sources #

🔗 Related Resources

💬 Discussion