ScanT3r:一款功能強(qiáng)大的Web安全掃描工具
ScanT3r是一款功能強(qiáng)大的Web安全掃描工具,該工具支持檢測(cè)下列漏洞:
- 遠(yuǎn)程代碼執(zhí)行漏洞-Linux;
- 反射型XSS漏洞;
- 模板注入漏洞:Jinja2、ERB、Java、Twig、Freemarker;
- SQL注入漏洞;
系統(tǒng)支持:
- Linux
- Android
- Windows
工具安裝
注意:ScanT3r僅支持Python > 3.6環(huán)境。
Linux安裝
首先,打開命令行終端窗口。
輸入并運(yùn)行下列命令:
- $ git clone https://github.com/knassar702/scant3r
- $ cd scant3r
- $ python3 -m pip install -r requirements.txt
- $ chmod +x scant3r
Android安裝
首先,下載Termux App:https://play.google.com/store/apps/details?id=com.termux&hl=en
打開Termux應(yīng)用程序,然后輸入并運(yùn)行下列命令:
- $ pkg install python -y
- $ pkg install git -y
- $ git clone https://github.com/knassar702/scant3r
- $ cd scant3r
- $ python3 -m pip install -r requirements.txt
- $ chmod +x scant3r
Windows安裝
首先,下載并安裝 Python3 環(huán)境,然后打開命令行終端窗口,輸入并運(yùn)行下列命令:
- $ python3 -m pip install -r requirements.txt
工具使用
- Options:
- -h, --help | Show help message and exit
- --version | Show program's version number and exit
- -u URL, --url=URL | Target URL (e.g."http://www.target.com/vuln.php?id=1")
- --data=DATA | Data string to be sent through POST (e.g. "id=1")
- --list=FILE | Get All Urls from List
- --threads | Max number of concurrent HTTP(s) requests (default 10)
- --timeout | Seconds to wait before timeout connection
- --proxy | Start The Connection with http(s) proxy
- --cookies | HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
- --encode | How Many encode the payload (default 1)
- --allow-redirect | Allow the main redirect
- --user-agent | add custom user-agent
- --scan-headers | Try to inject payloads in headers not parameters (user-agent,referrer)
- --skip-headers | Skip The Headers scanning processe
- --sleep | Sent one request after some Seconds
- --module | add custom module (e.g. "google.py")
- --debug | Debugging Mood
工具使用樣例
POST方法:
- $ python3 scant3r -u 'http://localhost/dvwa/vulnerabilities/exec/' --data='ip=localhost&Submit=Submit'
添加Cookie:
$ python3 scant3r -u 'http://localhost/?l=2' --cookies='user=admin&id=1'
添加超時(shí):
$ python3 scant3r -u 'http://localhost/?l=13' --timeout=1
允許重定向(302、301):
$ python3 scant3r -u 'http://localhost/?l=13' --allow-redirect
休眠時(shí)間:
$ python3 scant3r -u 'http://localhost/?l=13' --sleep=2
開啟調(diào)試模式:
$ python3 scant3r -u 'http://localhost/?l=13' --debug
掃描所有Header:
$ python3 scant3r -u 'http://localhost/?l=13' --scan-headers
跳過(guò)Header:
$ python3 scant3r -u 'http://localhost/?l=13' --skip-headers
添加自定義User-Agent:
$ python3 scant3r -u 'http://localhost/?l=13' --user-agent='CustomUseragent(v2)'
添加編碼方案:
$ python3 scant3r -u 'http://localhost/?l=13' --encode=2
添加代理:
$ python3 scant3r -u 'http://localhost/?l=13' --proxy='http://localhost:8080'
運(yùn)行你自己的模塊:
$ python3 scant3r -u 'http://localhost/?l=13' --module=dumper.py
添加URL列表:
$ python3 scant3r --list urls.txt --threads=40
測(cè)試樣例
- $ ./scant3r -u 'http://test.vulnweb.com/search.php?test=query' --data='searchFor=scant3r&goButton=go'
- $ ./scant3r -u 'http://test.vulnweb.com/artists.php?artist=1'
- $ ./scant3r -u 'https://menacoderrr.pythonanywhere.com/'
工具運(yùn)行截圖
諾基亞官網(wǎng):
項(xiàng)目地址
ScanT3r:https://github.com/knassar702/scant3r
