ScanT3r – Web Security Scanner To Find Remote Code Execution

Scant3r Web Scanner
Scant3r Web Scanner

ScanT3r – A Web Security Scanner To Detect following vulnerabilities.

  • Remote Code Execution
  • XSS Reflected
  • Template Injection
  1. Jinja2
  2. ERB
  3. Java
  4. Twig
  5. Freemarker
  6. SQl Injection

OS Support :

  • Linux
  • Android
  • Windows

How To Install ScanT3r Web Security Scanner

Note: ScanT3r doesn’t work with python < 3.6

For Linux

  • Open your terminal
  • Enter following command

$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r

For Android

  • Download Termux App
  • Open Termux app
  • Enter following  command
$ pkg install python -y 
$ pkg install git -y 
$ git clone https://github.com/knassar702/scant3r
$ cd scant3r 
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r

For Windows

  • Download python3 and install it
  • Open your cmd
  • Enter this command
$ python3 -m pip install -r requirements.txt

Usage :

Options-

  • -h, –help | Show help message and exit
  • –version | Show program’s version number and exit
  • -u URL, –url=URL | Target URL (e.g.”http://www.target.com/vuln.php?id=1″)
  • –data=DATA | Data string to be sent through POST (e.g. “id=1”)
  • –list=FILE | Get All Urls from List
  • –threads | Max number of concurrent HTTP(s) requests (default 10)
  • –timeout | Seconds to wait before timeout connection
  • –proxy | Start The Connection with http(s) proxy
  • –cookies | HTTP Cookie header value (e.g. “PHPSESSID=a8d127e..”)
  • –encode | How Many encode the payload (default 1)
  • –allow-redirect | Allow the main redirect
  • –user-agent | add custom user-agent
  • –scan-headers | Try to inject payloads in headers not parameters (user-agent,referrer)
  • –skip-headers | Skip The Headers scanning processe
  • –sleep | Sent one request after some Seconds
  • –module | add custom module (e.g. “google.py”)
  • –debug | Debugging Mood

Example’s :

  • post method
    $ python3 scant3r -u ‘http://localhost/dvwa/vulnerabilities/exec/’ –data=’ip=localhost&Submit=Submit’
  • add cookies
    $ python3 scant3r -u ‘http://localhost/?l=2′ –cookies=’user=admin&id=1’
  • add timeout
    $ python3 scant3r -u ‘http://localhost/?l=13’ –timeout=1
  • allow redirects (302,301)
    $ python3 scant3r -u ‘http://localhost/?l=13’ –allow-redirect
  • sleeping
    $ python3 scant3r -u ‘http://localhost/?l=13’ –sleep=2
  • debugging mood
    $ python3 scant3r -u ‘http://localhost/?l=13’ –debug
  • scanning all headers
    $ python3 scant3r -u ‘http://localhost/?l=13’ –scan-headers
  • skip headers
    $ python3 scant3r -u ‘http://localhost/?l=13’ –skip-headers
  • add custom user-agent
    $ python3 scant3r -u ‘http://localhost/?l=13′ –user-agent=’CustomUseragent(v2)’
  • add encoding
    $ python3 scant3r -u ‘http://localhost/?l=13’ –encode=2
  • add proxy
    $ python3 scant3r -u ‘http://localhost/?l=13′ –proxy=’http://localhost:8080’
  • run your own module
    $ python3 scant3r -u ‘http://localhost/?l=13’ –module=dumper.py
  • add urls list
    $ python3 scant3r –list urls.txt –threads=40

For Testing purpose:

  • $ ./scant3r -u ‘http://test.vulnweb.com/search.php?test=query’ –data=’searchFor=scant3r&goButton=go’
  • $ ./scant3r -u ‘http://test.vulnweb.com/artists.php?artist=1’
  • $ ./scant3r -u ‘https://menacoderrr.pythonanywhere.com/’

Download Scant3r

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Top List of The Biggest Hacks in 2018

There are many security breaches and cyber attack happened this year, today...
Read More