scant3r is a web security scanner, which can detect too many security vulnerabilities.
It locates the specific ones vulnerabilities :
- Linux
Remote Code Execution
- XSS Reflected
- Jinja2
- ERB
- Java
- Twig
- Freemarker
Template Injection
- SQL Injection
Operating system support
- Linux
- Android
- Windows
Download
git clone https://github.com/knassar702/scant3r.git cd scant3r pip3 install -r requirements.txt
Use
Options: -h, --help | Show help message and exit --version | Show program's version number and exit -u URL, --url = URL | Target URL (eg "http://www.target.com/vuln.php?id=1") --data = DATA | Data string to be sent through POST (eg "id = 1") --list = FILE | Get All Urls from List --threads | Max number of concurrent HTTP (s) requests (default 10) --timeout | Seconds to wait before timeout connection --proxy | Start The Connection with http (s) proxy --cookies | HTTP Cookie header value (eg "PHPSESSID = a8d127e ..") --encode | How Many encode the payload (default 1) --allow-redirect | Allow the main redirect --user-agent | add custom user-agent --scan-headers | Try to inject payloads in headers not parameters (user-agent, referrer) --skip-headers | Skip The Headers scanning process --sleep | Sent one request after some Seconds --module | add custom module (eg "google.py") --debug | Debugging Mood
Application snapshots
You can download it program from here.