GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → knassar702 → Scant3r

knassar702 / Scant3r

Licence: gpl-3.0
ScanT3r - Web Security Scanner

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

linuxbug-bountyweb-security

Projects that are alternatives of or similar to Scant3r

Resources For Beginner Bug Bounty Hunters
A list of resources for those interested in getting started in bug bounties
Stars: ✭ 7,185 (+2797.18%)
Mutual labels:  web-security, bug-bounty
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (-18.55%)
Mutual labels:  bug-bounty
Axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Stars: ✭ 2,424 (+877.42%)
Mutual labels:  bug-bounty
Domxssscanner
DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Stars: ✭ 181 (-27.02%)
Mutual labels:  web-security
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-37.1%)
Mutual labels:  bug-bounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-23.39%)
Mutual labels:  bug-bounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-42.74%)
Mutual labels:  bug-bounty
Diodata
Tools, data, and contact lists relevant to The disclose.io Project.
Stars: ✭ 232 (-6.45%)
Mutual labels:  bug-bounty
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-19.76%)
Mutual labels:  web-security
Jwt Pwn
Security Testing Scripts for JWT
Stars: ✭ 170 (-31.45%)
Mutual labels:  web-security
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+852.02%)
Mutual labels:  web-security
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+4837.9%)
Mutual labels:  web-security
Web Security Fundamentals
👨‍🏫 Mike's Web Security Course
Stars: ✭ 195 (-21.37%)
Mutual labels:  web-security
Cs253.stanford.edu
CS 253 Web Security course at Stanford University
Stars: ✭ 155 (-37.5%)
Mutual labels:  web-security
Hawkeye
Hawkeye filesystem analysis tool
Stars: ✭ 202 (-18.55%)
Mutual labels:  bug-bounty
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-41.94%)
Mutual labels:  web-security
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-31.85%)
Mutual labels:  web-security
Lighthouse Security
Runs the default Google Lighthouse tests with additional security tests
Stars: ✭ 190 (-23.39%)
Mutual labels:  web-security
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1286.69%)
Mutual labels:  bug-bounty
Veneno
Stars: ✭ 230 (-7.26%)
Mutual labels:  web-security
View All Similar Projects ➔

Why would you use Scant3r?

Scant3r Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way :)

Modules

Module Description
lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability
paths Check for custom paths
xss xss scanner
injheaders inject blind xss and custom payloads in custom headers (headers.yaml&payload.yaml)
reflect find reflected parameters

scant3r will help you to write your own python script faster , you don't need to configure http/threads/errors/options/etc... , just by writing main function in your script , you can run it in your terminal or access your script from api :D

Write module for API

writing your own scant3r module

Edite Scant3r Command line options

Installation

Linux Linux 

$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ pip3 install -r requirements.txt
$ ./scant3r.py -h

Usage

how to find hidden SSRF Parameters by using scant3r

Find Reflected Parameters with scant3r

How to Find sensitive files by using ScanT3r

Find Blind XSS With ScanT3r

ScanT3r API

TODOLIST

  • add web spider
  • send/analizy requests from .yaml file
  • SSRF/SQLI/REC/SSTI Module

Media

Version: 0.7

  • XSS Scanner asciicast

  • injheaders asciicast***

Version: 0.6

Nokia https://www.nokia.com/responsible-disclosure/

IBM https://hackerone.com/ibm

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].