Skip to content

Open source tool to perform vulnerability scanning using Python and NMAP.

Notifications You must be signed in to change notification settings

ptaas-tool/scanner.py

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

scanner.py

GitHub top language GitHub release (with filter)

Open source tool to perform API security scan in PTaaS. This scanner uses nmap in order to get some details about our target. In this app, we get system information, critical issues, system vulnerabilities, and system dependencies. After that we return a list of possible vulnerabilities that might be used in a penetrating testing for that target.

use

Install dependencies first:

pip install -r requirements.txt

Run the scanner by following command:

python scanner.py --host webmail.aut.ac.ir

flags

A list of the flags that you can set when executing the scanner:

Flag Description Value
--host target address string
--ports target port int
--protocols target protocols list
--type target type (service type) string
--deps target deps addresses (dependency services) list
--token target access token for authentication string
--endpoints target special endpoints list
--fastscan scanner fast mode bool

output

[
  {
    "vuln": "injection",
    "attacks": [ "sql injection", "graphql injection" ]
    "path": [
      "/docs/{doc-name}",
      "/docs?sort_by={sorting-field}",
    ],
    "host" : {
      "ip": "127.0.0.2",
      "port": 8080
    }
  }
]