Application Weakness Monitoring Software
Web weakness scanner for cumulus.
also can use as CLI scanner like nikto, sqlmap.
If you have already chrome skip this part
#install chrome 95.0.4638.54
#cumulus scanner use chromedriver ver 95.0.4638.17
https://support.google.com/chrome/answer/95346?hl=ko&co=GENIE.Platform%3DDesktop
git clone https://github.com/tophat-cloud/cumulus-scanner.git
cd cumulus-scanner
pip3 install -r requirements.txt
cd thunder_mushroom
Give the chromedriver the executive authority according to your os. Chromedriver is in cumulus-scanner/thunder_mushroom folder
chmod 555 chromedriver_mac64
chmod 555 chromedriver_mac_m1
chmod 555 chromedriver_linux
cumulus-scanner works out of the box with Python version 3.x on any platform.
python3 mushroom_test.py -u example.com -o a
-u, --url # set scan target url
-o --options # set all module or single module
- a # use all scanner module
- c # use check unnecessary comment module
- d # use directory traversal module
- g # use guessing moduele
- f # use find unobfuscated code module
- Unnecessary Comment
- Directory Traversal
- Guessing
- Unobfuscated Code
@lookuss from TopHat