/Gsec

Web Security Scanner

Primary LanguagePython

Gsec

Web Security Scanner & Exploitation.

Based on custom vulnerability scanners & Nuclei

Python Version Issues Stars Twitter

FeaturesKeysInstallUsageJoin Discord

Features

  • Passive Scan

    • Find assets with shodan
    • RapidDNS to get subdomains
    • Certsh to enumerate subdomains
    • DNS enumeration
    • Waybackurls to fetch old links
    • Find domains belonging to your target

  • Normal / Agressive Scan

    • Domain http code
    • Web port scanning
    • Server information
    • HTTP security header scanner
    • CMS security identifier / misconfiguration scanner
    • Technology scanner
    • Programming Language check
    • Path Traversal scan
    • Web Crawler
    • OS detection
    • Nuclei vulnerability scanning
    • SSRF, XSS, Host header injection and Cors Misconfiguration Scanners.

Installation

Make sure you have GoLang installed, with out it you won't be able to install nuclei.

git clone https://github.com/gotr00t0day/Gsec.git

cd Gsec

pip3 install -r requirements.txt

# Make sure that nuclei-templates is cloned in the / directory. Gsec fetches the templates from ~/nuclei-templates
python3 install.py

Keys

Gsec will fetch the shodan API key from the core directory, the passive recon script supports scanning with shodan,
please save your shodan key in core/.shodan for the scan to be able to work.

OUTPUT

Some outputs that are too large will be saved in a file in the output folder / directory.

Usage

# normal (passive and aggresive scans)

python3 gsec.py -t https://domain.com

# Passive Recon

python3 gsec.py -t https://domain.com --passive_recon

# Ultimate Scan (Scan for High and Severe CVEs and Vulnerabilities with nuclei)

python3 gsec.py --ultimatescan https://target.com

Issues

In python3.10+ you might get an SSL error while running Gsec. To fix this issue just pip3 install ceritifi and then do /Applications/Python\ 3.10/Install\ Certificates.command and the issue will be fixed.