Skip to content
/ scant3r Public
forked from knassar702/scant3r

ScanT3r - Module based Bug Bounty Automation Tool

License

GPL-3.0 license
0 stars 148 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MariusVinaschi/scant3r

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

477 Commits
.github
.github
 
 
.src
.src
 
 
conf
conf
 
 
core
core
 
 
log
log
 
 
modules
modules
 
 
reverse_shell
reverse_shell
 
 
wordlists
wordlists
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
scant3r.py
scant3r.py
 
 

Repository files navigation



ScanT3r

Scant3r WikiMain UsageFor DevelopersMediaCollaboratorsTIPS

Description

scant3r is a module-based web security tool, our goal is to make customizable tool with providing many functions and features that what you need for write a security module for an example (cookie parser/http request class/opts parsing etc ..) to make write a security module easy and simple for saving your time also we made it customizable as possible for example you can change what you want for example options parser you can change/add more options by a config file and scanning map content_types help message logos etc ...

How can I benefit from this project?

  • for bug bounty hunters :
    you can use it with the main modules in the table below or write your own module
  • for developers :
    you can read the source code and try to understand how to make a project like this, or you can get all functions of scant3r in your projects (based on) and try to add more features with scant3r team support :D

Modules

this the modules we providing for our community for you need new module open an issue with Feature request template or write your own module ;D

module Short description
lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability
upload file uploader scanner ( by @MariusVinaschi )
Wappalyzer shows you what websites are built ( by @MariusVinaschi )
ssrf simple ssrf scanner
cve cve checks module wtih python scripts and YAML template
firebase checks for public firebase database (write/read) permission
paths checking for custom paths
xss inject xss payload in parameter value
sqli simple sqli scanner
rce simple RCE scanner
xss_param inject xss payload in parameter name
ssti simple server side template injection scanner
exec run multi tasks for automate your work/recon
injheaders inject blind xss and custom payloads in custom headers (headers.yaml&payload.yaml)
reflect find reflected parameters
secrets find interesting variables content (API Keys , Debug Mode , etc ..)

Requirements

  • python >= 3.6
  • pip
  • Git

install

  • Unix & MS-DOS
$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ pip3 install -r requirements.txt
$ ./scant3r.py -h

TODO-Features

Collaborators

wanna to Help us ?

License

Stars Rate

stars

Media

Version: 0.6

Nokia https://www.nokia.com/responsible-disclosure/

IBM https://hackerone.com/ibm

About

ScanT3r - Module based Bug Bounty Automation Tool

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Python 94.6%
  • Go 3.8%
  • PHP 1.2%
  • Other 0.4%