/vault_scanner

swiss army knife for hackers

Primary LanguagePythonMIT LicenseMIT

VAULT

swiss army knife for hackers

Codacy Badge GitHub Join the chat at https://gitter.im/vault_scanner/kwoc Python version

Table of contents

Getting Started

Steps to setup :

  1. git clone <your-fork-url>
  2. cd vault_scanner
  3. sudo apt-get install python3-pip
  4. sudo pip3 install virtualenv
  5. virtualenv venv
  6. source venv/bin/activate
  7. pip3 install -r requirements.txt

Starting Vault :

  1. cd vault_scanner/src
  2. python3 vault.py

Features

  • Scan website for the following vulnerabilities

  • XSS
  • LFI
  • RFI
  • SQLi

  • Scanner

  • Port scanning : ACK, FIN, NULL, XMAS
  • IP scanning : Ping Sweep, ARP
  • SSL vulnerability scan
  • OS scan
  • Hash scanner

  • Others

  • Information Gathering
    • Clickjacking
    • jQuery version checking
    • Insecure cookie flags
    • Testing HTTP methods
    • Insecure headers
    • Header/banner grabbing
    • Finder
      • Find comments in source code
      • Find e-mails in source code
  • Session fixation through cookie injection
  • Brute force login through authorization headers
  • URL Fuzzer
  • WHOIS Lookup
  • Google Dork
  • Error handler checker
  • Admin panel finder
  • Open redirect vulnerability
  • CMS Detection
  • Detect Honeypots
  • Detect DDoS attack
  • Detect De-authentication attack
  • Detect ARP spoof attack

  • Crawling

  • Crawl a website and collect all the links
  • Crawl and scrape the website for images

  • Attacks

  • DDoS Attack
  • ARP Spoofer
  • DNS Spoofer
  • De-authentication attack
  • Network disassociation attack
  • Ping of death
  • MAC Flood Attack

  • Utilities

  • Generate customized backdoor
  • Data monitoring
  • Keylogger
  • SSH Tunelling
  • Generate sitemap
  • MAC address changer
  • Trace route

Usage

usage: vault.py [-h] [-u URL] [-p PORT] [-sp START_PORT] [-ep END_PORT] [-ssl]
                [-info] [-comment] [-fuzz] [-ip IP] [-t THREADS]
                [-source_port SOURCE_PORT] [-fin] [-null] [-ack] [-xmas] [-c]
                [-xss] [-this] [-ping_sweep] [-ip_start_range IP_START_RANGE]
                [-ip_end_range IP_END_RANGE] [-lfi] [-whois] [-o OUTPUT]
                [-d DORK]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL for scanning
  -p PORT, --port PORT  Single port for scanning
  -d DORK,--dork DORK   Performs Google Dorking
  -sp START_PORT, --start_port START_PORT
                        Start port for scanning
  -ep END_PORT, --end_port END_PORT
                        End port for scanning
  -ssl                  perform SSL scan
  -info                 Gather information
  -comment              Finding comments
  -fuzz                 Fuzzing URL
  -ip IP, --ip IP       IP address for port scanning
  -t THREADS, --threads THREADS
                        Number of threads to use
  -source_port SOURCE_PORT
                        Source port for sending packets
  -fin                  Perform FIN Scan
  -null                 Perform NULL Scan
  -ack                  Perform TCP ACK Scan
  -xmas                 Perform XMAS Scan
  -c, --crawl           Crawl and collect all the links
  -xss                  Scan for XSS vulnerabilities
  -this                 Only scan the given URL, do not crawl
  -ping_sweep           ICMP ECHO request
  -ip_start_range IP_START_RANGE
                        Start range for scanning IP
  -ip_end_range IP_END_RANGE
                        End range for scanning IP
  -lfi                  Scan for LFI vulnerabilities
  -whois                perform a whois lookup of a given IP
  -o OUTPUT, --output OUTPUT
                        Output all data

Example Usage : python3 vault.py -u 'http://url' -info -comment -ssl -fuzz

Screenshot

Contributing

Any and all contributions, issues, features and tips are welcome. Please refer to CONTRIBUTING.md for more details.

License

GitHub

This project is currently a part of IIT KWoC 2018.