knassar702 / scant3r Goto Github PK

error: sql_err doesn't have items function

fix:

• e5247a6
• db91a89
• 0c9a9c4
• c198ae9

run git pull or download scant3r again

I don't know what's the issue, but the scanner doesn't seem to work at all. Every time I tried doing some scan, it starts throws 2-3 errors and then some [CVE_2014_6271] and then stops. I ma attaching the snapshot below :
echo "http://testphp.vulnweb.com/search.php?test=query"|./scant3r.py
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//

[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta

[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.xss
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.xss_param
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.sqli
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.rce
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.injheaders
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.cve
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.firebase
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.secrets
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.ssrf
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.ssti
[ERROR][2021-10-22,11:56:51] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-22,11:56:51] requester -> Failed to parse: []
[ERROR][2021-10-22,11:56:51] data -> url_encoder() missing 1 required positional argument: 'data'
[INFO][2021-10-22,11:56:52] CVE_2014_6271 -> send the payload with 125 timeout value

Hello Devs,
I am liking your project from the outer view cause I haven't tied it yet but wanted to know something regarding this tool. What's the purpose of this tool? I can see we need to pass in urls for scanning, is it like fuzzing payloads or we need to put in subdomains? Also, do we need to crawl and spider and collect the endpoints to pass it on to this tool. I am not able to understand the wokflow of this, it would be nice if you can make the README.md more descriptive.

Thanks.

I think we can create dot file for editing non-python files like payloads and args config file

Hi,
I have this error with every modules:
File "/root/Tools/scant3r/modules/injheaders/__init__.py", line 38, in start if payload in r.content.decode('utf-8'): UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf5 in position 18: invalid start byte

Hi, I have cloned the repo in my Linux and try to scan an URL, but it takes a too long time to scan, is there any Solution?

Describe the bug
I have installed scant3r on different platforms (kali, windows, ubuntu..) and every time I try to run the script it does not start. It only shows me the beginning.

To Reproduce
the commands I tried to run :
echo "my-website.com" | ./scant3r
echo "my-website.com" | python3 scant3r
echo "my-website.com" | python3.9 scant3r
etc..

Screenshots

Desktop :

• OS: Kali-Linux 2021, Ubuntu for Windows.
• Compiler Python
• Version 3.9.1

Whenver i am trying to execute scant3r
i am getting this error

line 12, in init
self.payloads = XSS(opts['blindxss']).payloads
line 20, in init
self.blind.append(p.rstrip().format(b64_host=b64_host).replace('{host}',host))
KeyError: 'host'

Hello,

I am trying to run scant3r in a lab, but it is failing to find valid SQLi's. On the other hand, wapiti finds all the injection points. Here is an example:

echo 'http://sql1.webapp.site/newsdetails.php?id=26' | ./scant3r.py -m headers

I already ran pip3 install -r requirements.txt Can you give me some directions?
Again, wapiti identifies the SQLi point on this url, but scant3r fails.

Thanks

Hi,

Is it possible to make scant3r installable from pypi pip install -U scant3r or pipx install scant3r without doing git clone scant3r ?

The goal is to make the tool easy to install and run without cloning the repo and install requirements.txt

Describe the bug
When ever I am trying to run the tool it is not running giving me some error.

To Reproduce
I am attaching the error message below sir.

   ____              __  ____
  / __/______ ____  / /_|_  /____
 _\ \/ __/ _ `/ _ \/ __//_ </ __/
/___/\__/\_,_/_//_/\__/____/_/

[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.7#Beta

Traceback (most recent call last):
  File "/scant3r/./scant3r.py", line 59, in <module>
    M.run(opts,msg)
  File "/scant3r/core/libs/all/module_loader.py", line 35, in run
    res = future.result()
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 433, in result
    return self.__get_result()
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/scant3r/modules/finder/__init__.py", line 48, in main
    v = start(opts,r)
  File "/scant3r/modules/finder/__init__.py", line 26, in start
    part = dump_response(r).decode()
  File "/scant3r/core/libs/all/data.py", line 38, in dump_response
    body += str(request.status_code).encode("utf8")
AttributeError: 'int' object has no attribute 'status_code'


**Additional context**
i have tried to reinstall the tool but still facing the same issue sir. Please help me to run the tool.

Thank you so much for this awesome tool  sir.

[INFO][2021-10-02,05:47:53] CVE_2014_6271 -> send the payload with 125 timeout value
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] requester -> Failed to parse: []
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] requester -> Failed to parse: []
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[INFO][2021-10-02,05:47:53] CVE_2014_6271 -> send the payload with 125 timeout value

C:\Users\Yaseen\Downloads\cmder\scant3r (master)
λ python scant3r.py -l test.txt -b hellofresh.xss.ht

Getting this error everytime.

root@kali:~/scant3r# echo "testphp.vulnweb.com" | gauplus | grep "=" | qsreplace |./scant3r.py -m xss
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//

[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta

[INFO][2021-08-21,19:24:30] scant3r -> Load xss Module
[INFO][2021-08-21,19:24:30] scant3r -> Run modules.python.xss
[ERROR][2021-08-21,19:24:45] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41782b39a0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
[ERROR][2021-08-21,19:24:55] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41781debe0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))

The arguments of the tool are missing the option to set the target url to scan.

The arguments are shown below:
[-h] [-H HEADERS] [-C COOKIES] [-v LOG_MODE] [-s DELAY] [-M METHODS] [-m MODULES] [-O] [-P LORSRF_PARAMETERS]
[-l TARGETLIST] [-g] [-j] [-p PROXY] [-r] [-b BLINDXSS] [-x HOST] [-R] [-w THREADS] [-t TIMEOUT]

Is it missing, or something changed to the tool? As I can see from other guides url was an argument normally.

l
Tool is not working

when i am installing finding the error pls help.

echo "http://testphp.vulnweb.com/listproducts.php?cat=1" | scant3r -m all
Traceback (most recent call last):
File "/usr/local/bin/scant3r", line 5, in
from scant3r.main import main
File "/usr/local/lib/python3.10/dist-packages/scant3r/main.py", line 2, in
from scant3r.core.app import Scantr
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/app.py", line 8, in
from scant3r.core.module_loader import ModuleLoader
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/module_loader.py", line 15, in
from scant3r.core.requester import httpSender
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/requester.py", line 8, in
from requests import Request, Session, packages, request
File "/usr/lib/python3/dist-packages/requests/init.py", line 133, in
from . import utils
File "/usr/lib/python3/dist-packages/requests/utils.py", line 27, in
from . import certs
File "/usr/lib/python3/dist-packages/requests/certs.py", line 15, in
from certifi import where
ModuleNotFoundError: No module named 'certifi'

i had collected all the subdomains and pushed

cat zoho | ./scant3r.py -m

it crashed

cant able to run how to fix these issues

Demo images and videos used in wiki pages

how to pass a list all url file you remove list command ?

Hi, how are you?

I have found some strange things in the module and I can't say if it's correct.

1. SQLI

In the folder /modules/sqli/. The start method in Sqli class always returns an empty dictionary. After that, we compare the c value in the file /modules/sqli/init.py.

def main(opts, http):
    c = Sqli(opts, http).start()
    # C is always an empty dict
    if c:
        return c 

2. Reflect

In both file /modules/reflect/init..py/ and /modules/reflect/reflect.py there is a check on the URLs. I think only one check may be sufficient.

if urlparse(opts['url']).query: 
    pass 

3. RCE

In the start method in the file /modules/rce/rec.py I don't understand why we only return the first payload.

if match in dump_response(r):
    return {
        'payload':payload.replace('\n','%0a').replace('\t','%0d'),
        'match':match,
        'http':r
    }

4. SSRF and SSTI

I don't understand why in the 'GET' method we send the request to n and in the 'POST' we send the request to the self.opts['url'].

for n in nurl:
  if method == 'GET':
      r = self.http.send(method,n)
  else:
      r = self.http.send(method, self.opts['url'].split('?')[0], body=urlparse(n).query)

Thank you in advance for your answers.
Best regards
Marius

hello, i'm getting this error

└─# echo 'http://testphp.vulnweb.com/showimage.php' | ./scant3r.py -m lorsrf -x 'http://%PARAM%.xxxxxxxxxx.interact.sh/%PATH%' -M GET 1 ⨯
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//

[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta

[INFO][2022-02-03,17:29:25] scant3r -> Run modules.python.lorsrf
[ERROR][2022-02-03,17:29:30] requester -> HTTPSConnectionPool(host='odiss.eu', port=1337): Max retries exceeded with url: /events (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f34e9ab5ac0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
Traceback (most recent call last):
File "/home/kalirobot/Tools/scant3r/./scant3r.py", line 70, in
M.run(opts, Http(opts))
File "/home/kalirobot/Tools/scant3r/core/libs/all/module_loader.py", line 103, in run
res = future.result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 438, in result
return self.__get_result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 390, in __get_result
raise self._exception
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/kalirobot/Tools/scant3r/modules/python/lorsrf/init.py", line 6, in main
Lorsrf(opts, http).start()
File "/home/kalirobot/Tools/scant3r/modules/python/lorsrf/lorsrf.py", line 30, in init
self.host = self.oob_host.new()
File "/home/kalirobot/Tools/scant3r/core/libs/all/hosts.py", line 25, in new
self.host = req.json()['id'] + '.odiss.eu'
AttributeError: 'list' object has no attribute 'json'

WARNING: The script tldextract is installed in '/home/anoint/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script scant3r is installed in '/home/anoint/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.

this error is because of the multi-threading feature, so for now, you can set the delay option to 2 seconds for avoiding this error

$ cargo r -- urls --file urls.txt.1 --config config.yaml -c 100 --delay 2

scant3r % cat "trip.txt" | ./scant3r.py -R

/ /____ ____ / /| /____
\ / __/ _ `/ _ / // </ /
//_/_,////_/___//

[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta

[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.xss
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.xss_param
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.sqli
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.rce
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.injheaders
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.cve
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.firebase
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.secrets
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.ssrf
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.ssti
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:38] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:38] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:39] CVE_2014_6271 -> send the payload with 125 timeout value

Describe the bug
Not sure if i use it in the right way. There is no output result.

To Reproduce

• Your command

$ echo "http://testphp.vulnweb.com/listproducts.php?cat=1" | scant3r -m all

• Copy your logging file (~/.scant3r.log by default) make sure to check core/data.py

scant3r     : DEBUG    trying to load scant3r.modules.ssti
scant3r     : DEBUG    LOADED
scant3r     : DEBUG    trying to load scant3r.modules.firebase
scant3r     : DEBUG    LOADED
scant3r     : DEBUG    trying to load scant3r.modules.req_callback
scant3r     : DEBUG    LOADED
scant3r     : DEBUG    trying to load scant3r.modules.xss
scant3r     : ERROR    invalid syntax (payload_gen.py, line 150)
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/scant3r/core/module_loader.py", line 33, in get
    import_obj = importlib.import_module(import_path)
  File "/usr/lib64/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/usr/local/lib/python3.6/site-packages/scant3r/modules/xss/__init__.py", line 17, in <module>
    from .payload_gen import XSS_PAYLOADS
  File "/usr/local/lib/python3.6/site-packages/scant3r/modules/xss/payload_gen.py", line 150
    match location:
                 ^
SyntaxError: invalid syntax
scant3r     : DEBUG    Trynig to Start <scant3r.modules.ssti.Main object at 0x7fe51b40bf28>
scant3r     : DEBUG    SSTI: GENERATE A NEW URL: http://testphp.vulnweb.com/listproducts.php?cat=1scanKZWr
scant3r     : DEBUG    STARTED <scant3r.modules.ssti.Main object at 0x7fe51b40bf28>
scant3r     : DEBUG    Trynig to Start <scant3r.modules.req_callback.Main object at 0x7fe51a3db5f8>
scant3r     : DEBUG    STARTED <scant3r.modules.req_callback.Main object at 0x7fe51a3db5f8>
scant3r     : DEBUG    Trynig to Start <scant3r.modules.firebase.Main object at 0x7fe51a3db9b0>
scant3r     : DEBUG    STARTED <scant3r.modules.firebase.Main object at 0x7fe51a3db9b0>
scant3r     : DEBUG    Check for Read permission -> https://vulnweb-dev.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnweb-dev.firebaseio.com
scant3r     : DEBUG    REFLECTED KZW on http://testphp.vulnweb.com/listproducts.php?cat=1scanKZWr
scant3r     : DEBUG    SSTI: MATCHING  WITH scan10tr
scant3r     : DEBUG    Check for Read permission -> https://vulnweb.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnweb.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnweb-staging.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnweb-staging.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnweb-qa.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnweb-qa.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnweb-test.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnweb-test.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnwebdev.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnwebdev.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnwebstaging.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnwebstaging.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnwebtest.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnwebtest.firebaseio.com
scant3r     : DEBUG    Check for Read permission -> https://vulnwebqa.firebaseio.com
scant3r     : DEBUG    Check for Write permission -> https://vulnwebqa.firebaseio.com
scant3r     : DEBUG    TASK FINISHED: <Future at 0x7fe51a3db8d0 state=finished returned dict> | {'module': 'firebase'}
scant3r     : DEBUG    TASK FINISHED: <Future at 0x7fe51b40bdd8 state=finished returned dict> | {}
scant3r     : DEBUG    TASK FINISHED: <Future at 0x7fe51a3db5c0 state=finished returned dict> | {}

Expected behavior
some results shown

Screenshots

Desktop (please complete the following information):

• OS: [e.g. Linux]
  Linux
• Compiler [e.g. Python, PYPY]
  Python
• Version [e.g. 3.8]
  3.6.8
• Last Commit [first line of git log command , EX: f8a3a9d]
  0.9.3

Additional context
Add any other context about the problem here.