- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,457
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
News
! V 1.3.3 !
! Replace "--cookie" by "-H" for different header values; ex: -H "Host:test" // -H "Authentification:cookie" (not space after ":" or "=")
! Adding new function which try automatically if it's possible scanning with "localhost" host
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ ...)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in same place)
WAF detection
Add personal prefix
Auto update script
Auto or personal output of scan (scan.txt)
Check Github
Recursif dir/file
Scan with an authenfication cookie
Option --profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if app is unstable (--timesleep)
Check in waybackmachine
Response error to WAF
Check if DataBase firebaseio existe and accessible
Automatic threads depending response to website (and reconfig if WAF detected too many times). Max: 30
Search S3 buckets in source code page
Testing bypass of waf if detected
Testing if it's possible scanning with "localhost" host
TODO
P1 is the most important
Dockerfile [P1]
JS parsing and analysis [P1]
Analyse html code webpage [P1]
On-the-fly writing report [P1]
Check HTTP headers/ssl security [P2]
Fuzzing amazonaws S3 Buckets [P2]
Anonymous routing through some proxy (http/s proxy list) [P2]
Check pastebin [P2]
Access token [P2]
Check source code and verify leak or sentsitive data in the Github [P2]
Check phpmyadmin version [P3]
Scan API endpoints/informations leaks [ASAP]