3737
3838### What's this?
3939this is a module-based web automation tool that I made for saving my scripting
40- time by providing some utilises that everybody needs in his automation script
41- instead of focusing on ( logger, parsers, output function , cmd args, multi-threading) ,
40+ time by providing some utilizes that every web pentester needs in his automation script
41+ instead of focusing on ( logger, parsers, output function, cmd args, multi-threading),
4242just write the logic of your scanning idea with scant3r utils without caring
43- about these things, you can find callback/parsing/logging utils and output functions, Also we will adding Restful API soon <br >
44- what if you need to add new Command option to scant3r for your script? <br >
45- easy without writing any code just open ` conf/opts.yaml ` file and you will find all options of scant3r so you can change and add what you want;D
46-
47-
48- ``` yaml
49- # conf/opts.yaml
50- exit_after :
51- - option :
52- - ' -e' # SHORT
53- - " --exit-after" # LONG
54- - type : int # TYPE OF VALUE
55- - default : 500 # DEFAULT
56- - save_content : true # SHOUD I SAVE THE CONTENT OF THIS OPTION ?
57- - help : " Exit after get this number of errors" # HELP MESSAGE
58- - exec : " dict_args['exit_after'] = int(value)" # HOW TO SAVE IT IN OPTS DICT
59- ` ` `
43+ about these things, you can find callback/parsing/logging utils and output functions, Also we will add Restful API soon <br >
44+ what if you need to add a new Command option to scant3r for your script? <br >
45+ easy without writing any code just open the `conf/opts.YAML file and you will find all options of scant3r so you can change and add what you want;D
46+
6047
6148### why should I use it ?
62- the short answer is to save your time, you as a security guy you don't need to
49+ the short answer is to save your time, as a security guy you don't need to
6350learn more about " how to write a perfect CLI script " you just need to
6451understand the logic of your script <br > if you need to write something like SSRF
6552CVE scanner, instead of searching "How can I call interact.sh", "how to fix this
6653code issue", "how can I parse this' <br > and after getting the answer you will get
6754some cool errors in your code and you will find yourself needing more time to
68- search and fix these bugs
69-
70- 
55+ search and fix these bugs <br >
7156
72- you as a security guy this is a waste of time for you, so this project will help to
57+ this is a waste of time for you, so this project will help to
7358save more and more, just take a look at the examples modules and read the
7459official documentation (unavailable yet), or just open an issue with a
75- Feature request and we will write your script by our hands
60+ Feature request and we will write your script with our hands
7661
7762### Modules
7863
@@ -81,6 +66,7 @@ this the modules we providing for our community for you need new module open an
8166
8267| module | Short description |
8368| :------------- | :------------- |
69+ | ** xss** | xss scanner for the ( ATTR_NAME, ATTR_VALUE , Comments, TAG_NAME ) |
8470| ** req_callback** | Finds Out-of-band Resources parameters |
8571| ** ssti** | Finds Server-side Template injection |
8672| ** firebase** | checks for public firebase databases (write/read) permission |
@@ -148,9 +134,14 @@ wiki: https://github.com/knassar702/scant3r/wiki
148134```
149135
150136
137+ ### Start
138+ ```bash
139+ $ echo "http://testphp.vulnweb.com/listproducts.php?cat=1" | scant3r -m all
140+ ```
141+
151142## TODO-Features
152143* [ ] Restful API
153- * [ ] re-write the core utils in Rust by using pyo3
144+ * [ ] re-write the core utils in Rust by using pyo3
154145* [ ] Command line Modules ( with yaml file )
155146* [ ] Custom scanning map
156147* [ ] Selenium Modules
0 commit comments