Skip to content

Vishal-Bedi/Vulnerability-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
README.md
README.md
 
 
Vulnerability-Scanner.py
Vulnerability-Scanner.py
 
 

Repository files navigation

Vulnerability-Scanner

usage: Vulnerability-Scannernothread.py [-h] [-file FILE] [-port PORT]
                                        [-cookie COOKIE] [-proxy PROXY] [-big]
                                        [-f] [-m] [-hi] [-v] [-i] [-ssl]
                                        [-ssrf] [-ntp] [-dns] [-jwt JWT]
                                        [-head] [-c] [-oc OC] [-url URL]
                                        [-post POST] [-csrf CSRF]
                                        [-public_key PUBLIC_KEY]

optional arguments:
  -h, --help             show this help message and exit

Network Scanning:
  -file FILE             file path with ip addresses to scan. Required argument
                         for network scanning
  -port PORT             scan custom port, use comma-seperated values for
                         multiple ports
  -cookie COOKIE         insert session cookie to scan authenticated pages
  -proxy PROXY           use an intercepting proxy, provide IP and Port number.
                         eg. -proxy 127.0.0.1:8080
  -big                   check if BIGIP cookie is present and whether it is
                         vulnerable to information disclosure
  -f                     scan for all options given below
  -m                     check for any misconfigurations or missing security
                         headers
  -hi                    check if application is vulnerable to Host Header
                         Injection
  -v                     check if the application returns a verbose server
                         banner
  -i                     check if the application discloses internal ip
                         addresses
  -ssl                   check if there are ssl related vulnerabilities or
                         misconfigurations
  -ssrf                  response based detection for server side request
                         forgery
  -ntp                   check if the remote NTP server responds to mode 6
                         queries (DOS)
  -dns                   check for DNS vulnerabilities

JWT Exploitation:
  -jwt JWT               input a JWT Token to check for JWT vulnerabilities
  -head                  select if input value is a JWT Token in header
  -c                     select if input value is a JWT Token in cookie
  -oc OC                 input any other cookies required apart from the JWT
                         token
  -url URL               input the endpoint URL
  -post POST             input POST data to be sent
  -csrf CSRF             add CSRF token header
  -public_key PUBLIC_KEY filepath of public key: Exploit - JWTs Signed With 
                         the HS256 Algorithm And Using the RS256 Public Key

About

Mass Vulnerability Scanner for Network pentesting

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages