- Joined
- Jan 8, 2019
- Messages
- 56,602
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,445
- Points
- 2,313
- Credits
- 32,540
6 Years of Service
76%

Spyhunt is comprehensive network scanning and vulnerability assessment tool. This tool is designed for security professionals and penetration testers to perform comprehensive reconnaissance and vulnerability assessment on target networks and web applications. It combines multiple scanning techniques and integrates various external tools to provide a wide range of information about the target.
Here's a high-level overview of its functionality
- It imports various libraries for network operations, web scraping, and parallel processing.
- The script defines a colorful banner and sets up command-line argument parsing for different scanning options.
- It includes multiple scanning functions for different purposes:
Technology detection
DNS record scanning
Web crawling and URL extraction
Favicon hash calculation
Host header injection testing
Security header analysis
Network vulnerability analysis
Wayback machine URL retrieval
JavaScript file discovery
Broken link checking
HTTP request smuggling detection
IP address extraction
Domain information gathering
API endpoint fuzzing
Shodan integration for additional recon
403 Forbidden bypass attempts
Directory and file brute-forcing
Local File Inclusion (LFI) scanning with Nuclei
Google dorking
Directory Traversal
SQL Injection
XSS
Subdomain Takeover
Web Server Detection
JavaScript file scanning for sensitive info
Auto Recon
Port Scanning
CIDR Notation Scanning
Custom Headers
API Fuzzing
AWS S3 Bucket Enumeration
JSON Web Token Scanning
The script uses multithreading and multiprocessing to perform scans efficiently.
It includes options to save results to files and customize scan parameters.
The tool integrates with external tools and APIs like Shodan, Nmap, and various web-based services.
It implements various techniques to bypass restrictions and discover vulnerabilities.
The script includes a CIDR notation scanner for port scanning across IP ranges.
What's New?????
Now you can scan a list of domains to bypass 403
Added a script to extract forbidden domains from a file to use with forbiddenpass
New payloads for Forbiddenpass
Added new commands to README
Bug fixes
To see this hidden content, you must like this content.