- Integration of WAF detection, fingerprint information, and plugin scanning
- Supports parsing parameters in complex formats like Json, XML, and pseudo-static parameters
- Provides data storage support (e.g., scan records) via SQLite3
- Open-source Python3-based tool with full cross-platform compatibility
- Interactive dynamic adjustment of passive scanning parameters
- AI-powered post-validation for JS-sensitive information
- Supports IPv6 domain resolution
Get the release version (compiled with Nuitka for significantly improved speed & performance): Download
- Want to build an executable tailored to your environment? See: Documentation
PyPI updates have been discontinued since 2025.7.19
Install via GitHub/Gitee clone:
git clone https://github.com/JiuZero/z0scan
# https://gitee.com/JiuZero/z0scan
cd z0scan
pip install -r requirements.txt
python3 z0.py help - For special environment installations (e.g., Termux), see: Documentation
Default configuration for passive scanning (forward browser traffic to port 5920):
z0 scan -s 127.0.0.1:5920
Commonly recommended:
z0 scan -s 127.0.0.1:5920 --risk 0,1,2,3 --level 2 --disable cmdi,unauth
Default configuration for active scanning:
# Active detection initiated via Burp/Yakit request traffic (recommended)
z0 scan -s 127.0.0.1:5920
# Direct detection
z0 scan -u https://example.com/?id=1
# Batch detection from a URL list
z0 scan -f urls.txt
- For more detailed information, see: Documentation
- PerFile
| Plugin Name | Description | Risk |
|---|---|---|
| sqli-bool | SQL Boolean-based Blind Injection | 2 |
| sqli-time | SQL Time-based Blind Injection | 2 |
| sqli-error | SQL Error-based Injection | 2 |
| codei-asp | ASP Code Execution | 3 |
| codei-php | PHP Code Execution | 3 |
| cmdi | Command Execution | 3 |
| other-objectdese | Deserialization Parameter Analysis | 3 |
| sensi-js | JS Sensitive Information Leak | 0 |
| sensi-jsonp | Jsonp Sensitive Information Leak | 1 |
| sensi-php-realpath | PHP Real Path Discovery | 0 |
| redirect | Redirect Vulnerability | 1 |
| sensi-webpack | Webpack Source Code Leak | 1 |
| other-webdav-passive | WebDAV Service Passive Detection | 1 |
| xpathi-error | Error-based XPATH Injection | 2 |
| trave-path | Path Traversal | 2 |
| sensi-backup_1 | Backup File Detection (File-based) | 1 |
| sensi-viewstate | Unencrypted VIEWSTATE Discovery | 0 |
| xss | JS Semantic-based XSS Scanning | 1 |
| crlf_1 | CRLF Vulnerability Detection | 2 |
| cors-passive | CORS Vulnerability (Passive Analysis) | 2 |
| unauth | Unauthorized Access Vulnerability | 2 |
| leakpwd-page-passive | Weak Password on Login Page | 2 |
| sensi-editfile | Editor Backup File Leak | 1 |
| sensi-sourcecode | Source Code Leak | 1 |
| captcha-bypass | CAPTCHA Bypass | 0 |
| sensi-retirejs | Outdated JS Component Detection | -1 |
| ssti | SSTI Vulnerability Detection | 3 |
- PerFolder
| Plugin Name | Description | Risk |
|---|---|---|
| sensi-backup_2 | Backup File Scan (Directory-based) | 1 |
| trave-list_2 | Directory Listing | 2 |
| sensi-file | Sensitive File Leak (e.g., phpinfo, .git) | / |
| upload-oss | OSS Bucket Arbitrary File Upload | 2 |
| sensi-frontpage | FrontPage Configuration Leak | 1 |
- PerServer
| Plugin Name | Description | Risk |
|---|---|---|
| sensi-errorpage | Error Page Sensitive Information Leak | 0 |
| xss-net | .NET Universal XSS | 1 |
| other-dns-zonetransfer | DNS Zone Transfer Vulnerability | 1 |
| xss-flash | Flash Universal XSS | 1 |
| other-idea-parse | Idea Directory Parsing | 1 |
| other-xst | XST Vulnerability Detection | -1 |
| other-webdav-active | WebDAV Service Discovery | 1 |
| upload-put | PUT-based Arbitrary File Upload | 3 |
| sensi-backup_3 | Backup File Detection (Domain-based) | 1 |
| cors-active | CORS Vulnerability (Active Detection) | 2 |
| crlf_3 | CRLF Line Injection Vulnerability | 2 |
| other-hosti | Host Header Injection Detection | 1 |
| other-oss-takeover | OSS Bucket Takeover Vulnerability | 3 |
| sensi-iis-shortname | IIS Short Filename Vulnerability | 0 |
| other-clickjacking | Clickjacking Vulnerability | -1 |
| other-baseline | Service Version Leak | -1 |
| other-smuggling | Request Smuggling Vulnerability | 3 |
| trave-list_3 | Directory Listing | 2 |
| Platform | Contact |
|---|---|
| JiuZer1 | |
| 1703417187 | |
| [email protected] |