ScanT3r – A Web Security Scanner To Detect following vulnerabilities.
- Remote Code Execution
- XSS Reflected
- Template Injection
- Jinja2
- ERB
- Java
- Twig
- Freemarker
- SQl Injection
OS Support :
- Linux
- Android
- Windows
How To Install ScanT3r Web Security Scanner
Note: ScanT3r doesn’t work with python < 3.6
For Linux
- Open your terminal
- Enter following command
$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r
For Android
- Download Termux App
- Open Termux app
- Enter following command
$ pkg install python -y $ pkg install git -y $ git clone https://github.com/knassar702/scant3r $ cd scant3r $ python3 -m pip install -r requirements.txt $ chmod +x scant3r
For Windows
- Download python3 and install it
- Open your cmd
- Enter this command
$ python3 -m pip install -r requirements.txt
Usage :
Options-
- -h, –help | Show help message and exit
- –version | Show program’s version number and exit
- -u URL, –url=URL | Target URL (e.g.”http://www.target.com/vuln.php?id=1″)
- –data=DATA | Data string to be sent through POST (e.g. “id=1”)
- –list=FILE | Get All Urls from List
- –threads | Max number of concurrent HTTP(s) requests (default 10)
- –timeout | Seconds to wait before timeout connection
- –proxy | Start The Connection with http(s) proxy
- –cookies | HTTP Cookie header value (e.g. “PHPSESSID=a8d127e..”)
- –encode | How Many encode the payload (default 1)
- –allow-redirect | Allow the main redirect
- –user-agent | add custom user-agent
- –scan-headers | Try to inject payloads in headers not parameters (user-agent,referrer)
- –skip-headers | Skip The Headers scanning processe
- –sleep | Sent one request after some Seconds
- –module | add custom module (e.g. “google.py”)
- –debug | Debugging Mood
Example’s :
- post method
$ python3 scant3r -u ‘http://localhost/dvwa/vulnerabilities/exec/’ –data=’ip=localhost&Submit=Submit’ - add cookies
$ python3 scant3r -u ‘http://localhost/?l=2′ –cookies=’user=admin&id=1’ - add timeout
$ python3 scant3r -u ‘http://localhost/?l=13’ –timeout=1 - allow redirects (302,301)
$ python3 scant3r -u ‘http://localhost/?l=13’ –allow-redirect - sleeping
$ python3 scant3r -u ‘http://localhost/?l=13’ –sleep=2 - debugging mood
$ python3 scant3r -u ‘http://localhost/?l=13’ –debug - scanning all headers
$ python3 scant3r -u ‘http://localhost/?l=13’ –scan-headers - skip headers
$ python3 scant3r -u ‘http://localhost/?l=13’ –skip-headers - add custom user-agent
$ python3 scant3r -u ‘http://localhost/?l=13′ –user-agent=’CustomUseragent(v2)’ - add encoding
$ python3 scant3r -u ‘http://localhost/?l=13’ –encode=2 - add proxy
$ python3 scant3r -u ‘http://localhost/?l=13′ –proxy=’http://localhost:8080’ - run your own module
$ python3 scant3r -u ‘http://localhost/?l=13’ –module=dumper.py - add urls list
$ python3 scant3r –list urls.txt –threads=40
For Testing purpose:
- $ ./scant3r -u ‘http://test.vulnweb.com/search.php?test=query’ –data=’searchFor=scant3r&goButton=go’
- $ ./scant3r -u ‘http://test.vulnweb.com/artists.php?artist=1’
- $ ./scant3r -u ‘https://menacoderrr.pythonanywhere.com/’