knassar702 / scant3r Goto Github PK
View Code? Open in Web Editor NEWScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Home Page: https://scant3r.knas.me/
License: GNU General Public License v3.0
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Home Page: https://scant3r.knas.me/
License: GNU General Public License v3.0
I don't know what's the issue, but the scanner doesn't seem to work at all. Every time I tried doing some scan, it starts throws 2-3 errors and then some [CVE_2014_6271] and then stops. I ma attaching the snapshot below :
echo "http://testphp.vulnweb.com/search.php?test=query"|./scant3r.py
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.xss
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.xss_param
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.sqli
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.rce
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.injheaders
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.cve
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.firebase
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.secrets
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.ssrf
[INFO][2021-10-22,11:56:51] scant3r -> Run modules.python.ssti
[ERROR][2021-10-22,11:56:51] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-22,11:56:51] requester -> Failed to parse: []
[ERROR][2021-10-22,11:56:51] data -> url_encoder() missing 1 required positional argument: 'data'
[INFO][2021-10-22,11:56:52] CVE_2014_6271 -> send the payload with 125 timeout value
Hello Devs,
I am liking your project from the outer view cause I haven't tied it yet but wanted to know something regarding this tool. What's the purpose of this tool? I can see we need to pass in urls for scanning, is it like fuzzing payloads or we need to put in subdomains? Also, do we need to crawl and spider and collect the endpoints to pass it on to this tool. I am not able to understand the wokflow of this, it would be nice if you can make the README.md more descriptive.
Thanks.
I think we can create dot file for editing non-python files like payloads and args config file
Hi,
I have this error with every modules:
File "/root/Tools/scant3r/modules/injheaders/__init__.py", line 38, in start if payload in r.content.decode('utf-8'): UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf5 in position 18: invalid start byte
Hi, I have cloned the repo in my Linux and try to scan an URL, but it takes a too long time to scan, is there any Solution?
Describe the bug
I have installed scant3r on different platforms (kali, windows, ubuntu..) and every time I try to run the script it does not start. It only shows me the beginning.
To Reproduce
the commands I tried to run :
echo "my-website.com" | ./scant3r
echo "my-website.com" | python3 scant3r
echo "my-website.com" | python3.9 scant3r
etc..
Desktop :
Whenver i am trying to execute scant3r
i am getting this error
line 12, in init
self.payloads = XSS(opts['blindxss']).payloads
line 20, in init
self.blind.append(p.rstrip().format(b64_host=b64_host).replace('{host}',host))
KeyError: 'host'
Hello,
I am trying to run scant3r in a lab, but it is failing to find valid SQLi's. On the other hand, wapiti finds all the injection points. Here is an example:
echo 'http://sql1.webapp.site/newsdetails.php?id=26' | ./scant3r.py -m headers
I already ran pip3 install -r requirements.txt
Can you give me some directions?
Again, wapiti identifies the SQLi point on this url, but scant3r fails.
Thanks
Hi,
Is it possible to make scant3r installable from pypi pip install -U scant3r
or pipx install scant3r
without doing git clone scant3r
?
The goal is to make the tool easy to install and run without cloning the repo and install requirements.txt
Describe the bug
When ever I am trying to run the tool it is not running giving me some error.
To Reproduce
I am attaching the error message below sir.
____ __ ____
/ __/______ ____ / /_|_ /____
_\ \/ __/ _ `/ _ \/ __//_ </ __/
/___/\__/\_,_/_//_/\__/____/_/
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.7#Beta
Traceback (most recent call last):
File "/scant3r/./scant3r.py", line 59, in <module>
M.run(opts,msg)
File "/scant3r/core/libs/all/module_loader.py", line 35, in run
res = future.result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 433, in result
return self.__get_result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
raise self._exception
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/scant3r/modules/finder/__init__.py", line 48, in main
v = start(opts,r)
File "/scant3r/modules/finder/__init__.py", line 26, in start
part = dump_response(r).decode()
File "/scant3r/core/libs/all/data.py", line 38, in dump_response
body += str(request.status_code).encode("utf8")
AttributeError: 'int' object has no attribute 'status_code'
**Additional context**
i have tried to reinstall the tool but still facing the same issue sir. Please help me to run the tool.
Thank you so much for this awesome tool sir.
[INFO][2021-10-02,05:47:53] CVE_2014_6271 -> send the payload with 125 timeout value
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] requester -> Failed to parse: []
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[ERROR][2021-10-02,05:47:53] requester -> Failed to parse: []
[ERROR][2021-10-02,05:47:53] data -> url_encoder() missing 1 required positional argument: 'data'
[INFO][2021-10-02,05:47:53] CVE_2014_6271 -> send the payload with 125 timeout value
C:\Users\Yaseen\Downloads\cmder\scant3r (master)
λ python scant3r.py -l test.txt -b hellofresh.xss.ht
Getting this error everytime.
root@kali:~/scant3r# echo "testphp.vulnweb.com" | gauplus | grep "=" | qsreplace |./scant3r.py -m xss
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2021-08-21,19:24:30] scant3r -> Load xss Module
[INFO][2021-08-21,19:24:30] scant3r -> Run modules.python.xss
[ERROR][2021-08-21,19:24:45] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41782b39a0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
[ERROR][2021-08-21,19:24:55] requester -> HTTPSConnectionPool(host='testphp.vulnweb.com', port=443): Max retries exceeded with url: /listproducts.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7f41781debe0>, 'Connection to testphp.vulnweb.com timed out. (connect timeout=10)'))
The arguments of the tool are missing the option to set the target url to scan.
The arguments are shown below:
[-h] [-H HEADERS] [-C COOKIES] [-v LOG_MODE] [-s DELAY] [-M METHODS] [-m MODULES] [-O] [-P LORSRF_PARAMETERS]
[-l TARGETLIST] [-g] [-j] [-p PROXY] [-r] [-b BLINDXSS] [-x HOST] [-R] [-w THREADS] [-t TIMEOUT]
Is it missing, or something changed to the tool? As I can see from other guides url was an argument normally.
when i am installing finding the error pls help.
echo "http://testphp.vulnweb.com/listproducts.php?cat=1" | scant3r -m all
Traceback (most recent call last):
File "/usr/local/bin/scant3r", line 5, in
from scant3r.main import main
File "/usr/local/lib/python3.10/dist-packages/scant3r/main.py", line 2, in
from scant3r.core.app import Scantr
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/app.py", line 8, in
from scant3r.core.module_loader import ModuleLoader
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/module_loader.py", line 15, in
from scant3r.core.requester import httpSender
File "/usr/local/lib/python3.10/dist-packages/scant3r/core/requester.py", line 8, in
from requests import Request, Session, packages, request
File "/usr/lib/python3/dist-packages/requests/init.py", line 133, in
from . import utils
File "/usr/lib/python3/dist-packages/requests/utils.py", line 27, in
from . import certs
File "/usr/lib/python3/dist-packages/requests/certs.py", line 15, in
from certifi import where
ModuleNotFoundError: No module named 'certifi'
Demo images and videos used in wiki pages
how to pass a list all url file you remove list command ?
Hi, how are you?
I have found some strange things in the module and I can't say if it's correct.
In the folder /modules/sqli/. The start method in Sqli class always returns an empty dictionary. After that, we compare the c value in the file /modules/sqli/init.py.
def main(opts, http):
c = Sqli(opts, http).start()
# C is always an empty dict
if c:
return c
In both file /modules/reflect/init..py/ and /modules/reflect/reflect.py there is a check on the URLs. I think only one check may be sufficient.
if urlparse(opts['url']).query:
pass
In the start method in the file /modules/rce/rec.py I don't understand why we only return the first payload.
if match in dump_response(r):
return {
'payload':payload.replace('\n','%0a').replace('\t','%0d'),
'match':match,
'http':r
}
I don't understand why in the 'GET' method we send the request to n and in the 'POST' we send the request to the self.opts['url'].
for n in nurl:
if method == 'GET':
r = self.http.send(method,n)
else:
r = self.http.send(method, self.opts['url'].split('?')[0], body=urlparse(n).query)
Thank you in advance for your answers.
Best regards
Marius
hello, i'm getting this error
└─# echo 'http://testphp.vulnweb.com/showimage.php' | ./scant3r.py -m lorsrf -x 'http://%PARAM%.xxxxxxxxxx.interact.sh/%PATH%' -M GET 1 ⨯
__ _____
______________ _____ / /|__ /_____
/ / / __ `/ __ / // </ /
( ) // // / / / / // / /
//___/_,// //_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2022-02-03,17:29:25] scant3r -> Run modules.python.lorsrf
[ERROR][2022-02-03,17:29:30] requester -> HTTPSConnectionPool(host='odiss.eu', port=1337): Max retries exceeded with url: /events (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f34e9ab5ac0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
Traceback (most recent call last):
File "/home/kalirobot/Tools/scant3r/./scant3r.py", line 70, in
M.run(opts, Http(opts))
File "/home/kalirobot/Tools/scant3r/core/libs/all/module_loader.py", line 103, in run
res = future.result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 438, in result
return self.__get_result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 390, in __get_result
raise self._exception
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/kalirobot/Tools/scant3r/modules/python/lorsrf/init.py", line 6, in main
Lorsrf(opts, http).start()
File "/home/kalirobot/Tools/scant3r/modules/python/lorsrf/lorsrf.py", line 30, in init
self.host = self.oob_host.new()
File "/home/kalirobot/Tools/scant3r/core/libs/all/hosts.py", line 25, in new
self.host = req.json()['id'] + '.odiss.eu'
AttributeError: 'list' object has no attribute 'json'
WARNING: The script tldextract is installed in '/home/anoint/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script scant3r is installed in '/home/anoint/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
this error is because of the multi-threading feature, so for now, you can set the delay option to 2 seconds for avoiding this error
$ cargo r -- urls --file urls.txt.1 --config config.yaml -c 100 --delay 2
scant3r % cat "trip.txt" | ./scant3r.py -R
/ /____ ____ / /| /____
\ / __/ _ `/ _ / // </ /
//_/_,////_/___//
[!] Coded by: Khaled Nassar @knassar702
[!] Version: 0.8#Beta
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.xss
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.xss_param
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.sqli
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.rce
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.injheaders
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.cve
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.firebase
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.secrets
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.ssrf
[INFO][2022-01-01,11:26:34] scant3r -> Run modules.python.ssti
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:36] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:37] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:38] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:38] CVE_2014_6271 -> send the payload with 125 timeout value
[INFO][2022-01-01,11:26:39] CVE_2014_6271 -> send the payload with 125 timeout value
Describe the bug
Not sure if i use it in the right way. There is no output result.
To Reproduce
$ echo "http://testphp.vulnweb.com/listproducts.php?cat=1" | scant3r -m all
~/.scant3r.log
by default) make sure to check core/data.pyscant3r : DEBUG trying to load scant3r.modules.ssti
scant3r : DEBUG LOADED
scant3r : DEBUG trying to load scant3r.modules.firebase
scant3r : DEBUG LOADED
scant3r : DEBUG trying to load scant3r.modules.req_callback
scant3r : DEBUG LOADED
scant3r : DEBUG trying to load scant3r.modules.xss
scant3r : ERROR invalid syntax (payload_gen.py, line 150)
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/scant3r/core/module_loader.py", line 33, in get
import_obj = importlib.import_module(import_path)
File "/usr/lib64/python3.6/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 678, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/usr/local/lib/python3.6/site-packages/scant3r/modules/xss/__init__.py", line 17, in <module>
from .payload_gen import XSS_PAYLOADS
File "/usr/local/lib/python3.6/site-packages/scant3r/modules/xss/payload_gen.py", line 150
match location:
^
SyntaxError: invalid syntax
scant3r : DEBUG Trynig to Start <scant3r.modules.ssti.Main object at 0x7fe51b40bf28>
scant3r : DEBUG SSTI: GENERATE A NEW URL: http://testphp.vulnweb.com/listproducts.php?cat=1scanKZWr
scant3r : DEBUG STARTED <scant3r.modules.ssti.Main object at 0x7fe51b40bf28>
scant3r : DEBUG Trynig to Start <scant3r.modules.req_callback.Main object at 0x7fe51a3db5f8>
scant3r : DEBUG STARTED <scant3r.modules.req_callback.Main object at 0x7fe51a3db5f8>
scant3r : DEBUG Trynig to Start <scant3r.modules.firebase.Main object at 0x7fe51a3db9b0>
scant3r : DEBUG STARTED <scant3r.modules.firebase.Main object at 0x7fe51a3db9b0>
scant3r : DEBUG Check for Read permission -> https://vulnweb-dev.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnweb-dev.firebaseio.com
scant3r : DEBUG REFLECTED KZW on http://testphp.vulnweb.com/listproducts.php?cat=1scanKZWr
scant3r : DEBUG SSTI: MATCHING WITH scan10tr
scant3r : DEBUG Check for Read permission -> https://vulnweb.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnweb.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnweb-staging.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnweb-staging.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnweb-qa.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnweb-qa.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnweb-test.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnweb-test.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnwebdev.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnwebdev.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnwebstaging.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnwebstaging.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnwebtest.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnwebtest.firebaseio.com
scant3r : DEBUG Check for Read permission -> https://vulnwebqa.firebaseio.com
scant3r : DEBUG Check for Write permission -> https://vulnwebqa.firebaseio.com
scant3r : DEBUG TASK FINISHED: <Future at 0x7fe51a3db8d0 state=finished returned dict> | {'module': 'firebase'}
scant3r : DEBUG TASK FINISHED: <Future at 0x7fe51b40bdd8 state=finished returned dict> | {}
scant3r : DEBUG TASK FINISHED: <Future at 0x7fe51a3db5c0 state=finished returned dict> | {}
Expected behavior
some results shown
Desktop (please complete the following information):
git log
command , EX: f8a3a9d]Additional context
Add any other context about the problem here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.