scant3r v0.9.3 releases: Web Security Scanner

by do son · Published July 2, 2020 · Updated June 13, 2022

ScanT3r – Web Security Scanner

Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster, you don’t need to configure http/threads/errors/options/etc…, just by writing the main function in your script (also you can import scant3r function for write an awesome script), you can run it in your terminal or access your script from api

All Modules

Module	Description
lorsrf	Bruteforcing on Hidden parameters to find SSRF vulnerability
ssrf	simple ssrf scanner
paths	checking for custom paths
xss	inject xss payload in parameter value
sqli	simple sqli scanner
rce	simple RCE scanner
finder	text Matcher in request/response
xss_param	inject xss payload in the parameter name
ssti	simple server-side template injection scanner
exec	run multi-tasks for automating your work/recon
injheaders	inject blind xss and custom payloads in custom headers (headers.yaml&payload.yaml)
reflect	find reflected parameters
secrets	find interesting variables content (API Keys, Debug Mode, etc ..)

Download

git clone https://github.com/knassar702/scant3r.git
cd scant3r
pip3 install -r requirements.txt

Use

Options:

  -h, --help          |    Show help message and exit

  --version           |    Show program's version number and exit

  -u URL, --url=URL   |    Target URL (e.g."http://www.target.com/vuln.php?id=1")

  --data=DATA         |    Data string to be sent through POST (e.g. "id=1")

  --list=FILE         |    Get All Urls from List

  --threads           |    Max number of concurrent HTTP(s) requests (default 10)

  --timeout           |    Seconds to wait before timeout connection

  --proxy             |    Start The Connection with http(s) proxy

  --cookies           |    HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")

  --encode            |    How Many encode the payload (default 1)

  --allow-redirect    |    Allow the main redirect

  --user-agent        |    add custom user-agent

  --scan-headers      |    Try to inject payloads in headers not parameters (user-agent,referrer)

  --skip-headers      |    Skip The Headers scanning processe

  --sleep             |    Sent one request after some Seconds

  --module            |    add custom module (e.g. "google.py")

  --debug             |    Debugging Mood

Example

post method $ python3 scant3r -u ‘http://localhost/dvwa/vulnerabilities/exec/’ –data=’ip=localhost&Submit=Submit’
add cookies $ python3 scant3r -u ‘http://localhost/?l=2′ –cookies=’user=admin&id=1’
add timeout $ python3 scant3r -u ‘http://localhost/?l=13’ –timeout=1
allow redirects (302,301) $ python3 scant3r -u ‘http://localhost/?l=13’ –allow-redirect
sleeping $ python3 scant3r -u ‘http://localhost/?l=13’ –sleep=2
debugging mood $ python3 scant3r -u ‘http://localhost/?l=13’ –debug
scanning all headers $ python3 scant3r -u ‘http://localhost/?l=13’ –scan-headers
skip headers $ python3 scant3r -u ‘http://localhost/?l=13’ –skip-headers
add custom user-agent $ python3 scant3r -u ‘http://localhost/?l=13′ –user-agent=’CustomUseragent(v2)’
add encoding $ python3 scant3r -u ‘http://localhost/?l=13’ –encode=2
add proxy $ python3 scant3r -u ‘http://localhost/?l=13′ –proxy=’http://localhost:8080’
run your own module $ python3 scant3r -u ‘http://localhost/?l=13’ –module=dumper.py
add urls list $ python3 scant3r –list urls.txt –threads=40

Tutorial

Source: https://github.com/knassar702/

scant3r v0.9.3 releases: Web Security Scanner

Search

Brilliantly

Content & Links