knassar702 / Scant3r
Licence: gpl-3.0
ScanT3r - Web Security Scanner
Stars: ✭ 248
Programming Languages
Projects that are alternatives of or similar to Scant3r
Resources For Beginner Bug Bounty Hunters
A list of resources for those interested in getting started in bug bounties
Stars: ✭ 7,185 (+2797.18%)
Mutual labels: web-security, bug-bounty
Axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Stars: ✭ 2,424 (+877.42%)
Mutual labels: bug-bounty
Domxssscanner
DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Stars: ✭ 181 (-27.02%)
Mutual labels: web-security
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-37.1%)
Mutual labels: bug-bounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-23.39%)
Mutual labels: bug-bounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-42.74%)
Mutual labels: bug-bounty
Diodata
Tools, data, and contact lists relevant to The disclose.io Project.
Stars: ✭ 232 (-6.45%)
Mutual labels: bug-bounty
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-19.76%)
Mutual labels: web-security
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+852.02%)
Mutual labels: web-security
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+4837.9%)
Mutual labels: web-security
Web Security Fundamentals
👨🏫 Mike's Web Security Course
Stars: ✭ 195 (-21.37%)
Mutual labels: web-security
Cs253.stanford.edu
CS 253 Web Security course at Stanford University
Stars: ✭ 155 (-37.5%)
Mutual labels: web-security
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-41.94%)
Mutual labels: web-security
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-31.85%)
Mutual labels: web-security
Lighthouse Security
Runs the default Google Lighthouse tests with additional security tests
Stars: ✭ 190 (-23.39%)
Mutual labels: web-security
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1286.69%)
Mutual labels: bug-bounty
Why would you use Scant3r?
Scant3r Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way :)
Modules
Module | Description |
---|---|
lorsrf | Bruteforcing on Hidden parameters to find SSRF vulnerability |
paths | Check for custom paths |
xss | xss scanner |
injheaders | inject blind xss and custom payloads in custom headers (headers.yaml&payload.yaml) |
reflect | find reflected parameters |
scant3r will help you to write your own python script faster , you don't need to configure http/threads/errors/options/etc... , just by writing main function in your script , you can run it in your terminal or access your script from api :D
Write module for API
writing your own scant3r module
Edite Scant3r Command line options
Installation
Linux
$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ pip3 install -r requirements.txt
$ ./scant3r.py -h
Usage
how to find hidden SSRF Parameters by using scant3r
Find Reflected Parameters with scant3r
How to Find sensitive files by using ScanT3r
Find Blind XSS With ScanT3r
ScanT3r API
TODOLIST
- add web spider
- send/analizy requests from .yaml file
- SSRF/SQLI/REC/SSTI Module
Media
Version: 0.7
0.6
Version:Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].