Critical Severity
Published: Jun 24, 2025
Maxx is an all-in-one network scanning tool that combines port scanning, protocol and fingerprint recognition, brute-force cracking, as well as vulnerability detection and exploitation functionalities.
<p align="center"> <img src="static/images/maxx_logo.svg" width="100px" alt="maxx"> </p>
[](https://github.com/dusbot/maxx/releases/latest)[](https://github.com/dusbot/maxx/issues)
> This tool is intended for use by authorized security testers only. Unauthorized testing is prohibited and will be at your own risk.
[δΈζ](README_CN.md)
## MaXx
MaXx is a modular network security scanner combining:
- Port scanning with service fingerprinting (Coming soon)
- Vulnerability assessment (CVE detection) (Coming soon)
- Credential auditing (Brute-force & dictionary attacks) (Implemented in the initial release)
- Automated exploit chaining (Beta:Coming soon)
> If you like this tool, please star it~
### About Service Cracking
For webshell brute-force details, refer to [docs/webshell](docs/webshell.md)
### About Vulnerability Scanning
**Comming soon**
### Snapshot
### π Project Roadmap
#### π
June: WebShell Detection & Brute-Force Module
- **Compact Webshell Detection**: Supports fingerprinting and brute-force attacks for common PHP/ASP/JSP one-liner webshells
- **Advanced Webshell Analysis**: Capable of identifying and testing popular frameworks (Godzilla/Ice Scorpion, Behinder/Chopper)
- **Intelligent Form Cracking**: Automated login brute-forcing with integrated CAPTCHA bypass (OCR/TensorFlow)
#### π July-August: OWASP Top 10 Scanner
- **Comprehensive Vulnerability Assessment**: Full coverage of OWASP Top 10 threats (SQLi, XSS, CSRF, etc.) with CTF/red team optimizations
- **Adaptive Payload Engine**: Context-aware attack vector generation with false-positive r