GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → melbadry9 → ScanApi

melbadry9 / ScanApi

Licence: other
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects
shell
77523 projects
HTML
75241 projects

Labels

reconbugbountysubdomains-enumerations3-bucket-scanner

Projects that are alternatives of or similar to ScanApi

fuzzmost
all manner of wordlists
Stars: ✭ 23 (-32.35%)
Mutual labels:  recon, bugbounty
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (+311.76%)
Mutual labels:  recon, bugbounty
Deksterecon
Web Application recon automation
Stars: ✭ 109 (+220.59%)
Mutual labels:  recon, bugbounty
Sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+550%)
Mutual labels:  recon, bugbounty
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+455.88%)
Mutual labels:  recon, bugbounty
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+3891.18%)
Mutual labels:  recon, bugbounty
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (+285.29%)
Mutual labels:  recon, bugbounty
Awesome Oneliner Bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
Stars: ✭ 594 (+1647.06%)
Mutual labels:  recon, bugbounty
Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (+414.71%)
Mutual labels:  recon, bugbounty
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (+402.94%)
Mutual labels:  recon, bugbounty
Autorecon
Simple shell script for automated domain recognition with some tools
Stars: ✭ 244 (+617.65%)
Mutual labels:  recon, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+458.82%)
Mutual labels:  recon, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+2764.71%)
Mutual labels:  recon, bugbounty
Uddup
Urls de-duplication tool for better recon.
Stars: ✭ 103 (+202.94%)
Mutual labels:  recon, bugbounty
Urlhunter
a recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (+2647.06%)
Mutual labels:  recon, bugbounty
Grecon
Your Google Recon is Now Automated
Stars: ✭ 119 (+250%)
Mutual labels:  recon, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+1491.18%)
Mutual labels:  recon, bugbounty
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+1558.82%)
Mutual labels:  recon, bugbounty
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+397.06%)
Mutual labels:  recon, bugbounty
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (+458.82%)
Mutual labels:  recon, bugbounty
View All Similar Projects ➔

ScanApi Python 3.5 linux 64-bit Total alerts Language grade: Python

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Installing

  • Linux
git clone https://github.com/melbadry9/ScanApi.git
cd ScanApi
sudo bash install.sh
python3 app.py
  • Docker
docker build -t scanapi:latest .
docker run -d -p 8000:8000 scanapi

  • Update config.ini before building docker image.

  • Add slack hook in config.ini if Slack is Enabled.

  • Commit docker image docker commit <container id> scanapi:latest to avoid losing data from db.

Endpoints

  1. /enum/domain/<domain>/

    • Start subdomain enumeration task in background then update db
    • Domain ex: example.com

  2. /enum/s3/<bucket-name>/

    • Start s3 bucket permissions scanner and update db
    • Bucket-name ex: example-prod

  3. /db/domain/<domain>/

    • Retrieve all subdomains from db if any exist

  4. /db/domain/<domain>/?pro=http

    • Retrieve subdomains with port 80 opened from db if any exist

  5. /db/domain/<domain>/?pro=https

    • Retrieve subdomains with port 443 opened from db if any exist

  6. /db/s3/<bucket-name>/

    • Retrieve s3 bucket scanner data from db if any exist

  7. /scan/domain/<domain>/

    • Start scanning for possible subdomain takeover depending on db
    • Domain ex: example.com

Supported Tools

To-Do list

  • Add directory brute forcing monitoring
  • Add open ports monitoring
  • Add scheduling jobs
  • Add UI

Donation

Coffee

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].