Scant3R – Web Security Scanner

ScanT3r – Web Security Scanner

 _____ ___________ / ___/_________ _____/_ __/__ /_____ \__ \/ ___/ __ `/ __ \/ / /_ </ ___/ ___/ / /__/ /_/ / / / / / ___/ / / /____/\___/\__,_/_/ /_/_/ /____/_/ # Coded By : Khaled Nassar @knassar702

• Detect This vulnerabilities
  • Remote Code Execution
  • XSS Reflected
  • Template Injection
    • Jinja2
    • ERB
    • Java
    • Twig
    • Freemarker
  • SQl Injection 

ScreenShot:

GIF

OS Support :

• Linux
• Android
• Windows

Install

Linux

• open your terminal
• enter this command

  $ git clone https://github.com/knassar702/scant3r $ cd scant3r $ python3 -m pip install -r requirements.txt

Android

• Download Termux App
• open termux app
• enter this command

 $ pkg install python -y $ pkg install git -y $ git clone https://github.com/knassar702/scant3r $ cd scant3r $ python3 -m pip install -r requirements.txt

Windows

• Download python3 and install it
• open your cmd
• enter this command

$ python3 -m pip install -r requirements.txt

Usage :

Options: -h, --help | Show help message and exit --version | Show program's version number and exit -u URL, --url=URL | Target URL (e.g."http://www.target.com/vuln.php?id=1") --data=DATA | Data string to be sent through POST (e.g. "id=1") --list=FILE | Get All Urls from List --threads | Max number of concurrent HTTP(s) requests (default 10) --timeout | Seconds to wait before timeout connection --proxy | Start The Connection with http(s) proxy --cookies | HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..") --encode | How Many encode the payload (default 1) --allow-redirect | Allow the main redirect --user-agent | add custom user-agent --scan-headers | Try to injec t payloads in headers not parameters (user-agent,referrer) --skip-headers | Skip The Headers scanning processe --sleep | Sent one request after some Seconds --module | add custom module (e.g. "google.py") --debug | Debugging Mood

Example :

• post method
  $ python3 scant3r -u 'http://localhost/dvwa/vulnerabilities/exec/' --data='ip=localhost&Submit=Submit'
• add cookies
  $ python3 scant3r -u 'http://localhost/?l=2' --cookies='user=admin&id=1'
• add timeout
  $ python3 scant3r -u 'http://localhost/?l=13' --timeout=1
• allow redirects (302,301)
  $ python3 scant3r -u 'http://localhost/?l=13' --allow-redirect
• sleeping
  $ python3 scant3r -u 'http://localhost/?l=13' --sleep=2
• debugging mood
  $ python3 scant3r -u 'http://localhost/?l=13' --debug
• scanning all headers
  $ python3 scant3r -u 'http://localhost/?l=13' --scan-headers
• skip headers
  $ python3 scant3r -u 'http://localhost/?l=13' --skip-headers
• add custom user-agent
  $ python3 scant3r -u 'http://localhost/?l=13' --user-agent='CustomUseragent(v2)'
• add encoding
  $ python3 scant3r -u 'http://localhost/?l=13' --encode=2
• add proxy
  $ python3 scant3r -u 'http://localhost/?l=13' --proxy='http://localhost:8080'
• run your own module
  $ python3 scant3r -u 'http://localhost/?l=13' --module=dumper.py
• add urls list
  $ python3 scant3r --list urls.txt --threads=40

Source : KitPloit – PenTest Tools!