30 open-source projects similar to zmap/zmap, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Zmap alternative.
Aquatone is a web screenshot reconnaissance tool that captures full-page screenshots of web services discovered during network reconnaissance and groups them by visual similarity. It scans a list of hosts or domains for HTTP and HTTPS services on common and custom ports to find responsive web endpoints, then takes full-page screenshots of those pages for quick review. The tool accepts piped input from other tools and extracts URLs, domains, and IP addresses using regex pattern matching, making it pipeline-friendly for integration into existing workflows. It can also read XML output from Nmap
Masscan is a command-line network scanner designed for large-scale discovery and infrastructure reconnaissance. It identifies open ports across specific network segments or the entire internet by probing vast address ranges with high efficiency. The tool functions as an asynchronous packet engine, bypassing standard operating system kernel networking stacks to transmit raw packets directly from application memory. The project distinguishes itself through a specialized architecture that manages millions of concurrent connections by separating packet transmission and reception into independent
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Cameradar is a network scanning tool designed to discover publicly accessible IP cameras. It identifies active Real Time Streaming Protocol services by scanning IP ranges and using device fingerprints to determine specific hardware models. The tool performs security auditing through dictionary-based probing and brute force attacks to uncover valid streaming paths and authentication credentials. It validates discovered streams by verifying the receipt of real-time transport protocol data packets to eliminate false positives. The system supports a multi-stage discovery pipeline and can export
This project is a network reconnaissance framework and internet metadata database used for collecting, storing, and analyzing data from active scanners and passive traffic captures. It functions as a threat intelligence aggregator and passive traffic analysis tool, merging scan results from multiple tools into a unified dataset for security investigation. The system distinguishes itself through its ability to visualize network assets using heatmaps and geographic charts to correlate autonomous systems and domain names. It provides external attack surface management by aggregating metadata to
testssl.sh is a network security tool and SSL/TLS security scanner used to audit server configurations. It functions as a diagnostic utility that validates supported ciphers and protocols to identify cryptographic vulnerabilities and flaws in encrypted communication. The tool is available as both a command-line utility and a dockerized security scanner, allowing for execution in isolated environments without the need for local dependency installation. Its capabilities cover SSL configuration auditing and TLS server security analysis. The system exports scan results into structured reports a
testssl.sh is a suite of diagnostic tools and a network security auditor used to scan network ports for supported encryption protocols, ciphers, and vulnerabilities in TLS and SSL configurations. It functions as a security scanner that evaluates the cryptographic strength of a server by testing all available cipher suites. The tool analyzes server encryption strength and identifies security vulnerabilities or weak settings through TLS and SSL security auditing. It verifies that encryption is properly implemented on specific network ports and evaluates whether only strong and modern encryption
RustScan is a high-speed TCP network scanner written in Rust, designed for security reconnaissance and network mapping. It functions as an automated port discovery engine that identifies open ports on remote hosts using IPv6 addresses, CIDR ranges, or bulk input files. The tool is built for rapid surface area discovery, utilizing parallel port processing and OS-aware performance optimizations to identify active services. It allows for scan precision tuning through adjustable connection timeout thresholds and concurrent request controls to balance speed and accuracy. The system integrates wit
A DNS reconnaissance tool for locating non-contiguous IP space.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
ethr is a command line network diagnostic tool and performance analyzer designed to measure throughput, latency, and packet loss across TCP, UDP, and ICMP protocols. It functions as a multi-threaded network throughput tester and a diagnostic utility for analyzing connection health between client and server endpoints. The project differentiates itself through specialized diagnostics such as TCP retransmission monitoring and bidirectional path analysis to identify asymmetric performance differences. It provides the ability to evaluate the overhead of encrypted HTTPS connections and enforce spec
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Fast and powerful SSL/TLS scanning library.
Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for throttling HTTP requests and maintaining IP address blocklists to protect applications from malicious traffic and denial-of-service attacks. The project enables application layer DDoS mitigation and API rate limit management by identifying and rejecting requests from banned clients or abusive IP addresses. It allows for the definition of safelists to bypass filters and uses custom logic to determine if a client should be blocked or throttled. The tool covers comprehensive traffic mana
Simplewall is an application firewall manager and network traffic filter that provides a graphical interface for the Windows Filtering Platform. It controls inbound and outbound network access for individual programs and services by intercepting and filtering traffic at the kernel level. The project identifies specific binaries using file hashes to prevent spoofing and allows users to define custom firewall rules based on IP addresses, CIDR ranges, and port numbers. It includes a system for blocking operating system telemetry and managing blocklists of known malicious IP addresses. The tool
Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabili
udp2raw is a network tunneling tool designed to bypass firewalls and obfuscate UDP traffic. It wraps UDP packets in alternative headers and utilizes raw socket networking to move data through networks that otherwise block or throttle UDP traffic. The project distinguishes itself by simulating TCP connections, mimicking the three-way handshake and sequence numbering to trick firewalls into treating UDP streams as TCP traffic. It further stabilizes these connections through heartbeat-driven port rotation, which automatically switches ports to recover sessions after detected failures. The tool
vtop is a terminal system monitor and interactive process manager that provides a real-time command line dashboard for tracking system resources. It displays CPU and memory activity through graphical charts and process lists. The tool features a customizable interface that supports predefined and custom visual theme files. It allows for the identification and termination of active system tasks and process groups using keyboard and mouse support.
kscan is a network security scanner and service fingerprinter used to discover active hosts and open ports. It functions as a network protocol analyzer and internal network mapper to identify reachable gateways and analyze the network surface area of target environments. The tool integrates external asset discovery by retrieving target hosts through external intelligence services and verifying their availability. It also operates as a credential brute force tool, testing authentication strength across multiple protocols using automated username and password dictionaries. The project covers n
neohtop is a terminal-based system resource monitor and process manager for Linux. It provides a text-based user interface for tracking CPU and memory usage and managing active system tasks without requiring a graphical desktop environment. The utility functions as a live dashboard for observing hardware performance and resource allocation. It enables users to search, filter, and terminate system processes, with the ability to pin specific entries to ensure they remain visible during monitoring. The tool covers general system observability and process management, allowing users to isolate sp
goflyway is an encrypted traffic relay and HTTP TCP tunneling proxy. It encapsulates TCP traffic within HTTP POST or WebSocket requests to bypass restrictive firewalls and network proxies. The system provides a SOCKS5 proxy server that routes traffic via a WebSocket relay and includes a UDP over TCP tunnel to enable transport across networks that block UDP traffic. It also functions as a TCP traffic interceptor for capturing and inspecting data passing through relayed connections. Capabilities cover network tunneling and traffic proxying through various transport protocols, including HTTP PO
Lists is a curated collection of DNS blocklists, a domain blocklist generator, and a categorized library of domains used for network content filtering. The project provides a command-line pipeline that aggregates upstream sources to build and validate blocklists used to redirect unwanted traffic to null addresses. The project distinguishes itself through a CLI-driven build pipeline that automates the fetching, validation, and daily regeneration of datasets. It organizes domains into discrete functional categories rather than a single monolithic list and exports them in multiple syntaxes, incl
LibreSpeed is a self-hosted HTML5 network speed test tool used to measure download and upload speeds, ping, and jitter. It operates as a private server for measuring network performance without relying on third-party services. The system functions as a multi-backend performance tool that executes network tests across different server environments and geographic locations. It supports both PHP and Node.js backends and acts as a network telemetry collector by recording connection metadata and performance metrics into a database for historical analysis and reporting. The tool provides capabilit