RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling.Coded In PHP
Features:
+ Server detection
+ Cloudflare detector
+ robots scanner
+ CMS Detector
+-+ WordPress
+-+ Joomla
+-+ Drupal
+-+ Magento
+ Whois
+ GEO-IP Scan
+ NMAP Port Scan
+ DNS Lookup
+ SubNet Calculator
+ Subdomain Finder
+ Reverse IP Scanner

RED_HAWK v1.0.0

+-+ CMS detection For Sites On the same server.
+ Parameter Finder
+-+ Error based SQLi Detector
+ Crawler
+-+ Basic Crawler {69}
[ – ] Admin scanner
[ – ] Backups Finder
[ – ] Misc. Crawler
+-+ Advance Crawler{420}
[ – ] Admin scanner
[ – ] Backups Finder
[ – ] Misc. Crawler

Usage:

git clone https://github.com/Tuhinshubhra/RED_HAWK && cd RED_HAWK
php php rhawk.php

Source: https://github.com/Tuhinshubhra

Disclaimer:
Author not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.

LFISuite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.

Features:
* Works with Windows, Linux and OS X
* Automatic Configuration
* Automatic Update
* Provides 8 different Local File Inclusion attack modalities:
– /proc/self/environ
– php://filter
– php://input
– /proc/self/fd
– access log
– phpinfo
– data://
– expect://
* Provides a ninth modality, called <b>Auto-Hack</b>, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don’t have you can find in this project directory in two versions, small and huge).
* Tor proxy support
* Reverse Shell for Windows, Linux and OS X

LFISuite

Dependencies:
* Python 2.7.x
* Python extra modules: termcolor, requests
* socks.py

How to use it?
Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell:
When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command “reverseshell” (obviously you must put your system listening for the reverse connection, for instance using “nc -lvp port”).

Usage:

git clone https://github.com/D35m0nd142/LFISuite && cd LFISuite
python lfisuite.py

Source: https://github.com/D35m0nd142

Vanquish is a Multithreaded Kali Linux scanning and enumeration automation platform. Designed to systematically enumerate and exploit using the law of diminishing returns. Includes :
– Nmap Scanning
– GoBuster
– Nikto
– SSH
– mySQL
– MSSql
– RDP
– SMB
– SMTP
– SNMP
– SSH
– FTP
– DNS
– Web

Vanquish

Usage:

git clone https://github.com/frizb/Vanquish && cd Vanquish
python Vanquish2.py

Source: https://github.com/frizb

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.

aquatone v0.2.0

Dependencies:
+ NodeJS https://nodejs.org/
+ Ruby with RVM. https://rvm.io/

Usage:

git clone https://github.com/michenriksen/aquatone && cd aquatone
gem install aquatone
cd bin

./quatone-discover --domain example.com --fallback-nameservers 87.98.175.85,5.9.49.12
./aquatone-discover --domain example.com --sleep 5 --jitter 30

The scanning stage is where AQUATONE will enumerate the discovered hosts for open TCP ports that are commonly used for web services:
./aquatone-scan --domain example.com

Update:
git pull origin master

Source: https://github.com/michenriksen

Pentest-Detections is a Repository for penetration testing tools and Vulnerability scanner for MS17-010.
Feature:
+ IPv4, IPv6 compatible.
+ IPv6 auto discover mode
+ Input range, file-list support
+ Extremly fast scan

WannaCry_Petya_FastDetect

Requirement:
+ All Windows Operating System Support
+ WinPcap 4.1.3 https://www.winpcap.org/install/default.htm
+ git for windows.

Usage:

git clone https://github.com/ptresearch/Pentest-Detections && cd Pentest-Detections

WannaCry_Petya_FastDetect.exe -t4 192.168.0.1 -n 1
WannaCry_Petya_FastDetect.exe -t4 192.168.0.0/24 -n 8
WannaCry_Petya_FastDetect.exe -t4 192.168.0.1-192.168.0.50
WannaCry_Petya_FastDetect.exe -t6 fe80::fdba:4364:7f82:a4cd
WannaCry_Petya_FastDetect.exe -a6
WannaCry_Petya_FastDetect.exe -f C:\Work\IpListSeparetedWithNewLine.txt

Source: https://github.com/ptresearch

WifiScanMap is a Scan and map all 802.11 access point, stations probes and Bluetooth peripherals. this projects aims to play with common radio networks: Wi-Fi and Bluetooth.

wifiScanMap

Using tools such as iwlist, hcitool, or airmon-ng and a gpsd gps to logs data in an SQlite database, it provides a web HMI to monitor data processing and analyze already mapped data.
It was tested on recent Debian / Ubuntu and a flying Raspberry 1.

Features:
+ locate Wi-Fi access point and its metadata bssid, essid, signal and encryption
+ locate itself thanks to already known access points
+ if using airmon-ng (-m otpion)
+-+ record all probe request: bssid, essid
+-+ record all stations: bssid, signal, date and position
+ if hcitool is installed
+-+ record all bluetooth stations: bssid, name, classe, date and position
+ synchronize data to a remote server (running the same program, with -e option)

Installation:

git clone https://github.com/mehdilauters/wifiScanMap && cd wifiScanMap
sudo apt install npm
npm install -g bower
bower install
sudo apt install gpsd aircrack-ng bluez python-gps
sudo python scanmap.py -m
xdg-open http://localhost:8686

Source: https://github.com/mehdilauters

Bronson is a HTTP brute force path scanning tool. It uses wordlists and permutations of those lists to discover objects on a target webserver. Support is offered for generation of permutations of filenames, by using the filename and extension lists. All filenames are combined with all extensions to generate a complete list.

Bronson uses requests-futures to very quickly cover a large number of requests in parallel and as a result is quite fast.

Bronson

Dependencies:
+ Python 2.7.x
+ Python module:
-+- certifi==2017.4.17
-+- chardet==3.0.4
-+- idna==2.5
-+- PyYAML==3.12
-+- requests==2.18.1
-+- requests-futures==0.9.7
-+- urllib3==1.21.1

Usage:

git clone https://github.com/nosmo/Bronson && cd bronson
pip install -r requirements.txt
python bronson.py -h

python bronson.py --domain site-to-attack.example.com --config ./config.example.yaml

Source: https://github.com/nosmo

Eternal scanner is an network scanner for Eternal Blue exploit CVE-2017-0144.
CVE-2017-0144 Description:
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

eternal_scanner

Requirements:
+ masscan https://github.com/robertdavidgraham/masscan
+ metasploit-framework

Usage:

git clone https://github.com/peterpt/eternal_scanner && cd eternal_scanner
./escan

Source: https://github.com/peterpt

a Colection python3 Scripts that fingerprint, scan, and/or identify security issues for web application.
Script Lists:
– 404.py: Scripts that fingerprint, scan, and/or identify security issues.
– tamper.py: Tamper HTTP methods from disallowed paths via robots.txt.

Dependencies:
+ Python 3.4.x or higher
+ click, urllib, requests & lxml python3 module.

pentesting script

Usage:

git clone https://github.com/0ren/pentesting && cd pentesting
python3 404.py -h
python3 tamper.py -h

Source: https://github.com/0ren

LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

SQLiv – Massive SQL injection scanner.
Features
+ multiple domain scanning with SQL injection dork
+ targetted scanning by providing specific domain (with crawling).
+ reverse domain scanning

sqliv

Dependencies
– bs4, termcolor & google python 2.7.x module

usage:

git clone https://github.com/Hadesy2k/sqliv && cd sqliv
pip install -r requirements.txt
sudo python setup.py -i

sqliv -d "inurl:index.php?id=" -e google

Source: https://github.com/Hadesy2k

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.

How it work?
Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Ggole, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @vero.valeros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.

domain_analyzer v0.8.1

python web crawler called “crawler.py”. Its main features are:
+ Crawl http and https web sites.
+ Crawl http and https web sites not using common ports.
+ Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.
+ Identifies relative links.
+ Identifies domain related emails.
+ Identifies directory indexing.
+ Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.
+ Uses CTRL-C to stop current crawler stages and continue working.
+ Identifies file extensions (zip, swf, sql, rar, etc.)
+ Download files to a directory:
— Download every important file (images, documents, compressed files).
— Or download specified files types.
— Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
+ Maximum amount of links to crawl. A default value of 5000 URLs is set.
+ Follows redirections using HTML and JavaScript Location tag and HTTP response codes.

This extended edition has more features!
– World-domination: You can automatically analyze the whole world! (if you have time)
– Robin-hood: Although it is still in develpment, it will let you send automatically an email to the mails found during scan with the analysis information.
– Robex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.

Dependencies:
+ python 2.7.x
+ python-geoip module

Usage:

git clone https://github.com/eldraco/domain_analyzer && cd domain_analyzer
python domain_analyzer.py -d 386.edu.ru -b -o

Source: https://github.com/eldraco

Tulpar is a open source web vulnerability scanner for written to make web penetration testing automated. Tulpar has the following features.

– Sql Injection (GET Method)
– XSS (GET Method)
– Crawl
– E-mail Disclosure
– Credit Card Disclosure
– Whois
– Command Injection (GET Method)
– Directory Traversal (GET Method)
– File Include (GET Method)
– Server Information
– Technology Information
– X-Content-Type Check
– X-XSS-Protection Check
– TCP Port Scanner
– robots.txt Check
– URL Encode
– Certification Information
– Available Methods
– Cyber Threat Intelligence
– IP2Location
– File Input Available Check

tulpar

Dependencies:
+ Python 2.7.x
+ python-whois, futures, requests-2.13.0 and lxml python2 module.

Usage and install dependencies:

git clone https://github.com/anilbaranyelken/tulpar && cd tulpar
pip install r requirements
python tulpar.py whois https://google.com

Source: https://github.com/anilbaranyelken

Mr.SIP is a tool developed to audit and simulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.
It was used in an academic journal paper titled “Novel SIP-based DDoS Attacks and Effective Defense Strategies” published in Computers & Security 63 (2016) 29-44 by Elsevier, Science Direct http://sciencedirect.com/science/article/pii/S0167404816300980.

In the current state, Mr.SIP comprises four sub-modules named as SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP. Since it provides a modular structure to developers, more modules will continue be added by the authors and it is open to be contributed by the open-source developer community.
+ SIP-NES needs to enter the IP range or IP subnet information. It sends SIP OPTIONS message to each IP addresses in the subnet and according to the responses outputs the potential SIP clients and servers on that subnet.
+ IP-ENUM outputs which SIP users are valid according to the responses in that network by sending REGISTER messages to each client IP addresses on the output of SIP-NES.
+ SIP-DAS (DoS Attack Simulator) is a module developed to simulate SIP-based DoS attacks. It comprises four components: spoofed IP address generator, SIP message generator, message sender and scenario player. It needs outputs of SIP-NES (Network Scanner) and SIP-ENUM (Enumerator) along with some pre-defined files.
+ SIP-DAS basically generates legitimate SIP INVITE message and sends it to the target SIP component via TCP or UDP. It has three different options for spoofed IP address generation, i.e., manual, random and by selecting spoofed IP address from subnet. IP addresses could be specified manually or generated randomly. Furthermore, in order to bypass URPF filtering, which is used to block IP addresses that do not belong to the subnet from passing onto the Internet, we designed a spoofed IP address generation module. Spoofed IP generation module calculated the subnet used and randomly generated spoofed IP addresses that appeared to come from within the subnet.

In order to bypass automatic message generation detection (anomaly detection) systems, random “INVITE” messages are generated that contained no patterns within the messages. Each generated “INVITE” message is grammatically compatible with SIP RFCs and acceptable to all of the SIP components.

Install Dependencies and Usage:

yum install figlet toilet ngrep python-scapy
apt-get install figlet toilet ngrep python-scapy
pip install netifaces ipaddress

git clone https://github.com/meliht/Mr.SIP && cd Mr.SIP

Tips for getting SIP trace:
ngrep -W byline -d eth0 port 5060
ngrep -W byline -d eth0 port 5060 -O capture_file
ngrep -W byline -d eth0 INVITE
tcpdump -i eth0 -n -s 0 port 5060
tcpdump -i eth0 -n -s 0 port 5060 -vvv -w /home/capture_file_name
tcpdump -nqt -s 0 -A -i en0 port 5060

sudo ./mr.sip.py -i -ds -dm <sip_method_name> -c <number_of_packets> -di <server_ip> -dp <server_port> -r -to <to_user_file> -fu <from_user_file> -ua <user_agent_file>  -su <sp_user_file> 
sudo ./mr.sip.py -i -ds -dm <sip_method_name> -c <number_of_packets> -di <server_ip> -dp <server_port> -t -to <to_user_file> -fu <from_user_file> -ua <user_agent_file>  -su <sp_user_file>

Source: https://github.com/meliht

LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

dorkbot is a modular command-line tool for performing vulnerability scans against a set of webpages returned by Google search queries in a given Google Custom Search Engine. It is broken up into two sets of modules:
+ Indexers – modules that issue a search query and return the results as targets
+ Scanners – modules that perform a vulnerability scan against each target

Targets are stored in a local database upon being indexed. Once scanned, any vulnerabilities found by the chosen scanner are written to a standard JSON report file. Indexing and scanning processes can be run separately or combined in a single command.

Dependencies:
+ PhantomJS http://phantomjs.org/
+ Arachni http://www.arachni-scanner.com/
+ Wapiti http://wapiti.sourceforge.net/
+ Python 2.7.x

Usage:

1. Download PhantomJS and either Arachni or Wapiti for your platform, and make sure you have installed any required dependencies for each.
2. Extract each tool into the tools directory and rename the directory after the tool (dorkbot/tools/phantomjs/, dorkbot/tools/arachni/, etc).
3. Create a Google Custom Search Engine https://www.google.com/cse/ and note the search engine ID, e.g. 012345678901234567891:abc12defg3h.
4. Install python-dateutil (e.g.: pip install python-dateutil)

git clone https://github.com/utiso/dorkbot && cd dorkbot
./dorkbot.py -i google -o engine=012345678901234567891:abc12defg3h,query="filetype:php inurl:id" -s arachni

Source: https://github.com/utiso

Legal Disclaimer:
Don’t Use at production machine or your daily computer/laptop, This post Security Research purpose only; You Can Learn how to identify and exploit DLL hijacking vulnerabilities within a single tools utility.

Introduction
Windows has historically had significant issues with DLL hijacking vulnerabilities, and over the years Microsoft has implemented security mechanisms in an attempt to mitigate such attacks. While analyzing an advanced persistent threat (APT) in early 2017, I was shown how surprisingly vulnerable Windows still is to such attacks, even after decades of patching specific vulnerabilities and implementing new security mechanisms. In this particular APT alone, there were three separate vulnerabilities in three different. applications all being leveraged for persistence.

The capabilities of Siofra tool can be divided into two categories (intended for the two stages of carrying out this genre of attack):
1. Scanner mode, meant for identifying vulnerabilities in a desired target program (or set of programs) during the reconnaissance phase of an attack.
2. Infection mode, meant for infecting legitimate copies of the vulnerable modules identified during the reconnaissance phase of an attack for payload delivery during the exploitation phase of an attack.

Usage:

git clone https://github.com/falexorr/Siofra && cd siofra
Siofra64.exe (for run x64 with helper menu)
Siofra32.exe (for run x86 with helper menu)

Source: https://github.com/falexorr

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.

Features:
+ Fingerprints
— Server
— Web Frameworks (CakePHP,CherryPy,Django,…)
— Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,…)
— Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)
— Operating System (Linux,Unix,Windows,…)
— Language (PHP,Ruby,Python,ASP,…)
+ Discovery:
— Apache
+-+ Apache (mod_userdir)
+-+ Apache (mod_status)
+-+ Apache multiviews
+-+ Apache xss
— Broken Auth./Session Management
+-+ Admin Panel
+-+ Backdoors
+-+ Backup Directory
+-+ Backup File
+-+ Common Directory
+-+ Common File
+-+ Log File
— Disclosure
+-+ Emails
+-+ IP
— Injection
+-+ HTML
+-+ SQL
+-+ LDAP
+-+ XPath
+-+ XSS
+-+ RFI
+-+ PHP Code
— Other
+-+ Allow Methods
+-+ HTML Object
+-+ Multiple Index
+-+ Robots Paths
+-+ Cookie Security
— Vulns
+-+ ShellShock
+-+ Struts-Shock

Installation:

git clone https://github.com/m4ll0k/Spaghetti.git && cd Spaghetti
pip install -r requirements.txt
python spaghetti.py --help

Source: https://github.com/m4ll0k

Introduction:
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing (DAST) as part of your DevOps pipeline.

webbreaker

WebBreaker truly enables all members of the Software Security Development Life-Cycle (SDLC), with access to security testing, greater test coverage with increased visibility by providing Dynamic Application Security Test Orchestration (DASTO). Current support is limited to the World’s most popular commercial DAST product, WebInspect.

WebBreaker System Architecture

Supported Features
+ Command-line (CLI) scan administration of WebInspect with Foritfy SSC products.
+ Jenkins Continuous Deployment support
+ Docker container support
+ Email alerting or notification.
+ Extensible event logging with scan administration and results.
+ WebInspect REST API support for v9.30 and later.
+ Fortify Software Security Center (SSC) REST API support for v16.10 and later.
+ WebInspect scan cluster support between two (2) or greater WebInspect servers/sensors.
+ Capabilities for extensible scan telemetry with ELK and Splunk.
+ GIT support for centrally managing WebInspect scan configurations.
+ Python compatibility with versions 2.x or 3.x

Installation:

git clone https://github.com/target/webbreaker
export PATH=$PATH:$PYTHONPATH
python setup.py install --user

webbreaker webinspect --login_macro=some_login_macro --start_urls=example.com --scan_policy=Standard --scan_start=url --allowed_hosts=foo.example.com bar.example.com
webbreaker webinspect --url=https://some.webinspect.server.com --settings=MyCustomWebinspectSetting --scan_policy=Application --scan_name=some_scan_name

Source: https://github.com/target

IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

Tool Lists:
1. QuickScan :Port Scanner/WHOIS/Domain Resolver
2. DNSRecon : Advanced DNS Enumeration & Domain Utility
3. Sublist3r : OSINT Based Subdomain Enumeration
4. TekDefense-Automator : OSINT Based IP, URL and Hash Analyzer
5. TheHarvester : eMail, vHost, Domain and PII Enumeration
6. IOC-Parser : Threat Intel, parses IOC data from reports
7. PyParser-CVE : Multi Source Exploit Parser/CVE Lookup
8. Mimir : HoneyDB CLI/Threat Intelligence Utility
9. Harbinger : Cymon.io, Virus Total, Threat Feed Parser
10.Spiderfoot : Advanced OSINT/Reconnaissance Framework

IntRec-Pack

Note:
Since the Online Resources feature employs functionality derived from Python, Selenium and the Mozilla Geckodriver, I have added some logic to the script that will automatically install the proper version of each component needed in order for the script to function as it should.

Usage:

git clone https://github.com/NullArray/IntRec-Pack.git
cd IntRec-Pack
chmod +x intrec.sh
sudo ./intrec.sh

Source: https://github.com/NullArray

Zeus is a advanced dork searching tool that is capable of bypassing search engine API calls, search engine captchas, and IP address blocking from sending many requests to the search engine itself. Zeus can use three different search engines to do the search (default is Google). Zeus has a powerful built in engine, automates a hidden web browser to pull the search URL, and can run sqlmap and nmap scans on the URL’s.

Zeus v1.0

There are a few requirements for this:
+ Firefox web browser is required as of now, I will be adding the functionality of most web browsers.
+ If you want to run sqlmap through the URL’s you will need sqlmap somewhere on your system.
+ If you want to run a port scan using nmap on the URL’s IP addresses. You will need nmap on your system.
+++ Highly advised tip: Add sqlmap and nmap to your ENV PATH
+ Gecko web driver is required and will be installed the first time you run. It will be added to your /usr/bin so that it can be run in your ENV PATH.
+ You must be sudo for the first time running this so that you can add the driver to your PATH
+ selenium-webdriver package is required to automate the web browser and bypass API calls.
+ requests package is required to connect to the URL, and the sqlmap API
+ python-nmap package is required to run nmap on the URL’s IP addresses
+ whichcraft package is required to check if nmap and sqlmap are on your system if you want to use them
+ pyvirtualdisplay package is required to hide the browser display while finding the search URL

Usage:

git clone https://github.com/Ekultek/Zeus-Scanner.git && cd Zeus-Scanner
sudo pip install -r requirements.txt
python zeus.py
python zeus.py -d inurl:php?id= -s

Source: https://github.com/Ekultek

Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning.

Scannerl works on Debian/Ubuntu (but will probably work on other distributions as well). It uses a master/slave architecture where the master node will distribute the work (host(s) to fingerprint) to its slaves (local or remote). The entire deployment is transparent to the user.

scannerl v0.33

Why use Scannerl?
When using conventional fingerprinting tools for large-scale analysis, security researchers will often hit two limitations: first, these tools are typically built for scanning comparatively few hosts at a time and are inappropriate for large ranges of IP addresses. Second, if large range of IP addresses protected by IPS devices are being fingerprinted, the probability of being blacklisted is higher what could lead to an incomplete set of information. Scannerl is designed to circumvent these limitations, not only by providing the ability to fingerprint multiple hosts simultaneously, but also by distributing the load across an arbitrary number of hosts. Scannerl also makes the distribution of these tasks completely transparent, which makes setup and maintenance of large-scale fingerprinting projects trivial; this allows to focus on the analyses rather than the herculean task of managing and distributing fingerprinting processes by hand. In addition to the speed factor, scannerl has been designed to allow to easily set up specific fingerprinting analyses in a few lines of code. Not only is the creation of a fingerprinting cluster easy to set up, but it can be tweaked by adding fine-tuned scans to your fingerprinting campaigns.

It is the fastest tool to perform large scale fingerprinting campaigns.

Dependencies:
+ erlang v1.8 higher
+ erlang-src
+ rebar

Use and build:

sudo apt install erlang rebar
git clone https://github.com/kudelskisecurity/scannerl && cd scannerl
./build.sh
./scannerl -h

Source: https://github.com/kudelskisecurity