/scant3r

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

ScanT3r Logo

Last Version : 0.2#Beta

Features:

  • Detect This vulnerabilitys
    • Remote Code Execution
      • Linux
    • XSS Reflected
    • Template Injection
      • Jinja2
      • ERB
      • Java
      • Twig
      • Freemarker
    • SQl Injection
  • Support Post Request
  • Bypass KingWaf
  • Use Random user-agent in requests
  • Change The Timeout
  • Add Cookies
  • Remote in all thing in the requests like (add custom user-agent and allow to redirect.. etc)
  • Support Scanning from List File
  • You can Change how many Seconds sleeping after send one request
  • Threading For Speeds
  • Inject Payloads of some bugs in referrer and user-agent header (Header Scanner)
  • Add Http and Https Proxy
  • You Can Change how many payload encoded (URL Encoding)

Screen Shot :

  • Nokia Website:
    • nokia-xss
How can i test Test ScanT3r Tool .. You can download <Dvwa or hacking-lab for test scant3r tool

OS Support :

  • Linux
  • Android
  • Windows

Install

Linux alt tag

  • open your terminal
  • enter this command 
    $ git clone https://github.com/knassar702/scant3r 
$ cd scant3r 
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r
$ python3 scant3r -h

Andoird

  • Download Termux App
  • open termux app
  • enter this command
 $ pkg install python -y 
 $ pkg install git -y 
 $ git clone https://github.com/knassar702/scant3r
 $ cd scant3r 
 $ python3 -m pip install -r requirements.txt
 $ chmod +x scant3r
 $ python3 scant3r -h

Windows

  • Download python3 and install it
  • open your cmd
  • enter this command
$ python3 -m pip install -r requirements.txt
$ python3 scant3r -h

Usage :

Options:
  -h, --help          |    Show help message and exit
  --version           |    Show program's version number and exit
  -u URL, --url=URL   |    Target URL (e.g."http://www.target.com/vuln.php?id=1")
  --data=DATA         |    Data string to be sent through POST (e.g. "id=1")
  --list=FILE         |    Get All Urls from List
  --threads           |    Max number of concurrent HTTP(s) requests (default 10)
  --timeout           |    Seconds to wait before timeout connection
  --proxy             |    Start The Connection with http(s) proxy
  --cookies           |    HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
  --encode            |    How Many encode the payload (default 1)
  --allow-redirect    |    Allow the main redirect
  --verify            |    Enable HTTPS Cert
  --user-agent        |    add custom user-agent
  --sleep             |    Sent one request after some Seconds

Example :

  • Post Request And Add cookies $ python3 scant3r -u 'http://localhost/dvwa/vulnerabilities/exec/' --data='ip=localhost&Submit=Submit' --cookies='PHPSESSID=safasf'

  • Get Request $ python3 scant3r -u http://localhost/web/search?u= --cookies='mycookie=True'

  • Add Proxy $ python3 scant3r -u 'http://localhost/web/login' --proxy='http://127.0.0.1:8080'

  • Send one request after some Seconds $ python3 scant3r -u 'http://localhost/waf' --sleep=3

  • How Many Encode The payload $ python3 scant3r -u 'http://localhost/web/login' --proxy='http://127.0.0.1:8080' --encode=3

  • Add Custom User-agent $ python3 scant3r -u 'http://localhost/web/' --user-agent='Firefox'

  • Change The Timeout $ python3 scant3r -u 'http://localhost/web/sleep' --timeout=10

  • Add List and threads $ python3 scant3r --list mylist.txt --threads=100

Blog : ScanT3r