ScanT3r – Web Security Scanner To Find Remote Code Execution

ScanT3r – A Web Security Scanner To Detect following vulnerabilities.

• Remote Code Execution
• XSS Reflected
• Template Injection

1. Jinja2
2. ERB
3. Java
4. Twig
5. Freemarker
6. SQl Injection

OS Support :

• Linux
• Android
• Windows

How To Install ScanT3r Web Security Scanner

Note: ScanT3r doesn’t work with python < 3.6

For Linux

• Open your terminal
• Enter following command

$ git clone https://github.com/knassar702/scant3r
$ cd scant3r
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r

For Android

• Download Termux App
• Open Termux app
• Enter following  command

$ pkg install python -y 
$ pkg install git -y 
$ git clone https://github.com/knassar702/scant3r
$ cd scant3r 
$ python3 -m pip install -r requirements.txt
$ chmod +x scant3r

For Windows

• Download python3 and install it
• Open your cmd
• Enter this command

$ python3 -m pip install -r requirements.txt

Usage :

Options-

• -h, –help | Show help message and exit
• –version | Show program’s version number and exit
• -u URL, –url=URL | Target URL (e.g.”http://www.target.com/vuln.php?id=1″)
• –data=DATA | Data string to be sent through POST (e.g. “id=1”)
• –list=FILE | Get All Urls from List
• –threads | Max number of concurrent HTTP(s) requests (default 10)
• –timeout | Seconds to wait before timeout connection
• –proxy | Start The Connection with http(s) proxy
• –cookies | HTTP Cookie header value (e.g. “PHPSESSID=a8d127e..”)
• –encode | How Many encode the payload (default 1)
• –allow-redirect | Allow the main redirect
• –user-agent | add custom user-agent
• –scan-headers | Try to inject payloads in headers not parameters (user-agent,referrer)
• –skip-headers | Skip The Headers scanning processe
• –sleep | Sent one request after some Seconds
• –module | add custom module (e.g. “google.py”)
• –debug | Debugging Mood

Example’s :

• post method
  $ python3 scant3r -u ‘http://localhost/dvwa/vulnerabilities/exec/’ –data=’ip=localhost&Submit=Submit’
• add cookies
  $ python3 scant3r -u ‘http://localhost/?l=2′ –cookies=’user=admin&id=1’
• add timeout
  $ python3 scant3r -u ‘http://localhost/?l=13’ –timeout=1
• allow redirects (302,301)
  $ python3 scant3r -u ‘http://localhost/?l=13’ –allow-redirect
• sleeping
  $ python3 scant3r -u ‘http://localhost/?l=13’ –sleep=2
• debugging mood
  $ python3 scant3r -u ‘http://localhost/?l=13’ –debug
• scanning all headers
  $ python3 scant3r -u ‘http://localhost/?l=13’ –scan-headers
• skip headers
  $ python3 scant3r -u ‘http://localhost/?l=13’ –skip-headers
• add custom user-agent
  $ python3 scant3r -u ‘http://localhost/?l=13′ –user-agent=’CustomUseragent(v2)’
• add encoding
  $ python3 scant3r -u ‘http://localhost/?l=13’ –encode=2
• add proxy
  $ python3 scant3r -u ‘http://localhost/?l=13′ –proxy=’http://localhost:8080’
• run your own module
  $ python3 scant3r -u ‘http://localhost/?l=13’ –module=dumper.py
• add urls list
  $ python3 scant3r –list urls.txt –threads=40

For Testing purpose:

• $ ./scant3r -u ‘http://test.vulnweb.com/search.php?test=query’ –data=’searchFor=scant3r&goButton=go’
• $ ./scant3r -u ‘http://test.vulnweb.com/artists.php?artist=1’
• $ ./scant3r -u ‘https://menacoderrr.pythonanywhere.com/’

Download Scant3r