Scant3R - Web Security Scanner

ScanT3r - Web Security Scanner

    _____                ___________     
   / ___/_________ _____/_  __/__  /_____
   \__ \/ ___/ __ `/ __ \/ /   /_ </ ___/
  ___/ / /__/ /_/ / / / / /  ___/ / /    
 /____/\___/\__,_/_/ /_/_/  /____/_/
 
 # Coded By : Khaled Nassar @knassar702

• Detect This vulnerabilities

  • Remote Code Execution

    • Linux

  • XSS Reflected

  • Template Injection

    • Jinja2
    • ERB
    • Java
    • Twig
    • Freemarker

  • SQl Injection

ScreenShot:

GIF

OS Support :

• Linux

• Android

• Windows

Install

Linux

• open your terminal

• enter this command

  $ git clone https://github.com/knassar702/scant3r 
  

  $ cd scant3r
  $ python3 -m pip install -r requirements.txt

Android

• Download Termux App

• open termux app

• enter this command

  $ pkg install python -y
  $ pkg install git -y
  $ git clone https://github.com/knassar702/scant3r
  $ cd scant3r
  $ python3 -m pip install -r requirements.txt

Windows

• Download python3 and install it

• open your cmd

• enter this command

  $ python3 -m pip install -r requirements.txt

Usage :

Options:
  -h, --help          |    Show help message and exit
  --version           |    Show program's version number and exit
  -u URL, --url=URL   |    Target URL (e.g."http://www.target.com/vuln.php?id=1")
  --data=DATA         |    Data string to be sent through POST (e.g. "id=1")
  --list=FILE         |    Get All Urls from List
  --threads           |    Max number of concurrent HTTP(s) requests (default 10)
  --timeout           |    Seconds to wait before timeout connection
  --proxy             |    Start The Connection with http(s) proxy
  --cookies           |    HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
  --encode            |    How Many encode the [payload](<https://www.kitploit.com/search/label/Payload> "payload" ) (default 1)
  --allow-redirect    |    Allow the main redirect
  --user-agent        |    add custom user-agent
  --scan-headers      |    Try to injec   t payloads in headers not parameters (user-agent,referrer)
  --skip-headers      |    Skip The [Headers](<https://www.kitploit.com/search/label/Headers> "Headers" ) [scanning](<https://www.kitploit.com/search/label/Scanning> "scanning" ) processe
  --sleep             |    Sent one request after some Seconds
  --module            |    add custom module (e.g. "google.py")
  --debug             |    [Debugging](<https://www.kitploit.com/search/label/Debugging> "Debugging" ) Mood

Example :

• post method
  $ python3 scant3r -u 'http://localhost/dvwa/vulnerabilities/exec/' --data='ip=localhost&Submit=Submit'
• add cookies
  $ python3 scant3r -u 'http://localhost/?l=2' --cookies='user=admin&id=1'
• add timeout
  $ python3 scant3r -u 'http://localhost/?l=13' --timeout=1
• allow redirects (302,301)
  $ python3 scant3r -u 'http://localhost/?l=13' --allow-redirect
• sleeping
  $ python3 scant3r -u 'http://localhost/?l=13' --sleep=2
• debugging mood
  $ python3 scant3r -u 'http://localhost/?l=13' --debug
• scanning all headers
  $ python3 scant3r -u 'http://localhost/?l=13' --scan-headers
• skip headers
  $ python3 scant3r -u 'http://localhost/?l=13' --skip-headers
• add custom user-agent
  $ python3 scant3r -u 'http://localhost/?l=13' --user-agent='CustomUseragent(v2)'
• add encoding
  $ python3 scant3r -u 'http://localhost/?l=13' --encode=2
• add proxy
  $ python3 scant3r -u 'http://localhost/?l=13' --proxy='http://localhost:8080'
• run your own module
  $ python3 scant3r -u 'http://localhost/?l=13' --module=dumper.py
• add urls list
  $ python3 scant3r --list urls.txt --threads=40

Download Scant3R