Awesome Open Source
Awesome Open Source



ScanT3r

***

Why would you use Scant3r?

Scant3r Scans all URLs with multiple HTTP Methods also,it Tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster , you don't need to configure http/threads/errors/options/etc... , just by writing main function in your script (also you can import scant3r function for write a awesome script), you can run it in your terminal or access your script from api 😃

All Modules

Module Description
lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability
ssrf simple ssrf scanner
paths checking for custom paths
xss inject xss payload in parameter value
sqli simple sqli scanner
rce simple RCE scanner
finder text Matcher in request/response
xss_param inject xss payload in parameter name
ssti simple server side template injection scanner
exec run multi tasks for automate your work/recon
injheaders inject blind xss and custom payloads in custom headers (headers.yaml&payload.yaml)
reflect find reflected parameters
secrets find interesting variables content (API Keys , Debug Mode , etc ..)

Linux Linux

$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ pip3 install -r requirements.txt
$ ./scant3r.py -h

pass data

  • pipe
$ echo http://testphp.vulnweb.com  | ./scant3r.py
  • list
$ ./scant3r.py -l url_list.txt

Links:

TIPS

ScanT3r API

TODO-Features

  • web spider
  • support change scant3r options from api
  • DOM XSS Scanner
  • send/analyzing requests from .yaml file
  • rate limit/Access Token option for api
  • swigger api template
  • scanning status bar
  • make scant3r functions to another langs (nodejs/php/golang)
  • pass module output to another module as input
  • Logger

Media

Version: 0.7

  • All asciicast

  • XSS Scanner asciicast

  • injheaders asciicast***

Version: 0.6

Nokia https://www.nokia.com/responsible-disclosure/

IBM https://hackerone.com/ibm


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (54,525
linux (2,518
python3 (1,645
hacking-tools (71
bug-bounty (49
web-security (47
bugbounty-tool (22
sqli (22
ssrf (20