*`typo3scan` was removed as the scanner itself[isn't maintaned anymore](https://github.com/whoot/Typo3Scan?tab=readme-ov-file#unsupported). Most security aspects of typo3 are now hard to verify from the outside as it requires authentication (which is really good). Some typo3 security aspects (e.g. a incomplete installation) can be verified by[nuclei](https://www.securecodebox.io/docs/scanners/nuclei).

*`zap-baseline-scan` and`zap-advanced` in favor of the`zap-automation-framework`. The`zap-automation-framework` ScanTpye includes all functionalities of the removed ScanTypes and can be customized easily. The default ScanType for the AutoDiscovery has been changed to the`zap-automation-framework` as well. For migrating to the`zap-automation-framework` please refer to[migration to zap-automation framework](/docs/scanners/zap-automation-framework#migration-to-zap-automation-framework) guide.

*`amass` has been replaced with`subfinder`. Amass is still an amzing tool, but with its focus on becoming more of a standalone platform / database for attack surfaces keeping it integrated and updated in the secureCodeBox was getting harder and harder.[subfinder](https://github.com/projectdiscovery/subfinder) is a very good replacement for subdomain discovery, thats also generally quicker and produces a similar result.

*`kubeaudit` was removed as the scanner itself[isn't maintaned anymore](https://github.com/Shopify/kubeaudit?tab=readme-ov-file#-deprecation-notice-). As a replacement you can use the`trivy` with it's`k8s` scanning mode, see[trivy ScanType k8s example](https://www.securecodebox.io/docs/scanners/trivy#k8s).

*`typo3scan` was removed as the scanner itself[isn't maintaned anymore](https://github.com/whoot/Typo3Scan?tab=readme-ov-file#unsupported). Most security aspects of typo3 are now hard to verify from the outside as it requires authentication (which is really good). Some typo3 security aspects (e.g. a incomplete installation) can be verified by[nuclei](https://www.securecodebox.io/docs/scanners/nuclei).

*`doggo` was removed. Doggo was added primarily as an experimentation to be used to deduplicate duplicate scan target from cascading rules based on DNS entries. That approach hasn't worked out unfortunately. The doggo integration has been non-functional for a while (see:https://github.com/secureCodeBox/secureCodeBox/issues/2853). As an alternative, nuclei already includes some DNS record based checks, if checks for specific records are required custom nuclei rules could be used to fulfil those requirements.

*`cmseek` was removed. cmseek has seen little updates in the last years. Our secureCodeBox integration with cmseek was always pretty basic, only supporting joomla (a specfifc CMS) results, which hasn't been a big focus for us. As a replacement we recommend using nuclei which has joomla rules which will likely receive more updates in the future.

*`zap-baseline-scan` and`zap-advanced` in favor of the`zap-automation-framework`. The`zap-automation-framework` ScanTpye includes all functionalities of the removed ScanTypes and can be customized easily. The default ScanType for the AutoDiscovery has been changed to the`zap-automation-framework` as well. For migrating to the`zap-automation-framework` please refer to[migration to zap-automation framework](/docs/scanners/zap-automation-framework#migration-to-zap-automation-framework) guide.

*`amass` has been replaced with`subfinder`. Amass is still an amzing tool, but with its focus on becoming more of a standalone platform / database for attack surfaces keeping it integrated and updated in the secureCodeBox was getting harder and harder.[subfinder](https://github.com/projectdiscovery/subfinder) is a very good replacement for subdomain discovery, thats also generally quicker and produces a similar result.

➡️[Reference:#2670](https://github.com/secureCodeBox/secureCodeBox/issues/2670)