Skip to content

BugScanner v2.1

Latest

Choose a tag to compare

@faizzyhon faizzyhon released this 27 Mar 12:39
6d9e810

4 new scanner modules:
scanners/recon.py — Runs first on any URL. Resolves IP, does reverse DNS, pulls DNS records (A/MX/NS/TXT/CNAME/SOA via dnspython), Whois lookup, SSL/TLS certificate analysis, geolocation via ip-api.com, WAF detection against 10 WAF fingerprint libraries. Emits a RECON_JSON: line to stdout for the web GUI.
scanners/port_scanner.py — Scans 70 common ports concurrently (50 threads, 2.5s timeout). Grabs service banners. Classifies ports as CRITICAL (internet-exposed datastores like MongoDB, Redis, Elasticsearch), HIGH (RDP, MySQL, SMB), or INFO. Emits PORT_JSON:.
scanners/tech_detector.py — Fingerprints 80+ technologies from HTTP headers, HTML body, cookies, meta tags, and script URLs. Covers CMS (WordPress/Joomla/Drupal/Magento/Shopify…), frameworks (Laravel/Django/Rails/Spring/Next.js/React/Vue…), servers (Nginx/Apache/IIS/Tomcat/WebLogic…), JS libs, CDNs, analytics, payments. Emits TECH_JSON:.
scanners/cve_scanner.py — Queries NIST NVD API v2.0 (free, no key) for CVEs matching each detected technology. Runs 9 active exploit PoC tests: Drupalgeddon2, Laravel Ignition, Spring4Shell, Log4Shell, Joomla RCE, WordPress XMLRPC + user enum, phpMyAdmin exposure, Elasticsearch/MongoDB no-auth. Emits CVE_JSON:.
Updated files:
main.py — Added INTEL_REGISTRY, Phase-0 scan loop (runs recon→ports→tech→cve before vuln modules), --skip-recon, --skip-ports, --nvd-key flags. TechDetector passes self.technologies to CVEScanner.
web_gui.py — New 🔍 Intel tab in UI showing live cards for Host/IP, Geolocation, SSL, WAF, DNS records, open ports table, tech stack grid, CVE table. _detect_finding() now intercepts RECON_JSON:/PORT_JSON:/TECH_JSON:/CVE_JSON: and emits them as typed SSE events. Sidebar has Phase-0 toggles. scan_start route passes --skip-recon/--skip-ports to CLI.
requirements.txt — Added dnspython>=2.6.0 and python-whois>=0.9.4.
README.md — Fully rewritten with v2.0 feature matrix, architecture diagram, all commands.
commands.txt — Complete command reference with 50+ ready-to-paste commands covering every scenario.

Full Changelog: BugScanner-v2...v2.1