/lalascan

自主开发的分布式web漏洞扫描框架,集合webkit爬虫,Subdomain子域名发现,sqli、反射xss、Domxss等owasp top10漏洞扫描和边界资产发现能力。同时为通用CMS POC扫描提供了插件扩展平台

Primary LanguagePython

What's lalascan?

Web vulnerability scanner framework

Basic usage

 _          _
| |    __ _| | __ _ ___  ___ __ _ _ __
| |   / _` | |/ _` / __|/ __/ _` | '_ \
| |__| (_| | | (_| \__ \ (_| (_| | | | |
|_____\__,_|_|\__,_|___/\___\__,_|_| |_|

LalaScan WebApplication vul scanner!
usage:

optional arguments:
  -h, --help            Show help message and exit
  --version             Show program's version number and exit

[ Targets ]:
  -u URL, --url URL     Target URL (e.g. "http://www.lalascan.com/")
  -t PROCESS_NUM, --threads PROCESS_NUM
                        max number of process, default cpu number

[ Resource Found ]:
  -S, --spider          Enable user Spider

[ Plugin Option ]:
  -e PLUGIN, --enable-plugin PLUGIN
                        enable a plugin

[ Request Option ]:
  --data POST DATA      HTTP Post data
  --cookie COOKIE       HTTP Cookie header value
  --referer REFERER     HTTP Referer header value
  --user-agent AGENT    HTTP User-Agent header value
  --random-agent        Use randomly selected HTTP User-Agent header value
  --proxy PROXY         Use a proxy to connect to the target URL
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 30)
  --retry RETRY         Time out retrials times.

###正在开发中........