Skip to content

yeyingsrc/z0scan

BranchesTags
 
 

Repository files navigation



Z0SCAN

An efficient active/passive scanning tool for vulnerability detection and auxiliary assessment of risky assets.

English | 中文

GitHub Repo stars

⚠️ Disclaimer

If you engage in any illegal activities while using this project and its included tools, you shall bear all corresponding consequences. We assume no legal or joint liability.

By using this software or otherwise indicating your acceptance of this agreement, you are deemed to have read and agreed to be bound by this agreement.

🌟 Advantages

  1. Integration of WAF detection, fingerprint information, and plugin scanning
    "Fewer WAF triggers, lower request volume, precise targeting"

  2. Support for pseudo-static pages and other vulnerability types
    "Broader detection coverage"

  3. Auxiliary discovery of sensitive information and potential vulnerabilities
    "Enhanced discovery capabilities"

  4. SQLite3 support for scan records and data storage
    "Large-scale, high-efficiency operations"

  5. Open-source Python3 implementation
    "High customizability"

🔧 Installation

cryptography dependency installation (optional):

Environment Command
Debian/Ubuntu apt install python-cryptography
Termux pkg install python-cryptography
Alpine/iSH apk add py3-cryptography

Install via Pypi

pip install z0scan
z0scan

Install via GitHub clone

git clone https://github.com/JiuZero/z0scan
cd z0scan
pip install -r requirements.txt
python3 z0scan.py

🚀 Usage

usage: z0scan [options]

options:
  -h, --help            show this help message and exit
  -v, --version         Show program's version number and exit
  --debug               Show programs's exception
  -l LEVEL, --level LEVEL
                        Different level use different kind of scanner
                        (Default [0, 1, 2, 3])

Proxy:
  Passive Agent Mode Options

  -s SERVER_ADDR, --server-addr SERVER_ADDR
                        Server addr format:(ip:port)

Target:
  Options has to be provided to define the target(s)

  -u URL, --url URL     Target URL (e.g. "http://www.site.com/vuln.php?id=1")
  -f URL_FILE, --file URL_FILE
                        Scan multiple targets given in a textual file

Request:
  Network request options

  -p PROXY, --proxy PROXY
                        Use a proxy to connect to the target URL,Support
                        http,https,socks5,socks4 eg:[email protected]:8080 or
                        [email protected]:1080
  --timeout TIMEOUT     Seconds to wait before timeout connection (Default
                        10)
  --retry RETRY         Time out retrials times (Default 2)
  --random-agent        Use randomly selected HTTP User-Agent header value

Output:
  Output options

  --html                When selected, the output will be output to the
                        output directory by default, or you can specify
  --json JSON           The json file is generated by default in the output
                        directory, you can change the path

Optimization:
  Optimization options

  -t THREADS, --threads THREADS
                        Max number of concurrent network requests (Default
                        31)
  -iw, --ignore-waf     Ignore the WAF during detection
  -sc, --scan-cookie    Scan cookie during detection
  --disable DISABLE     Disable some plugins (e.g. --disable
                        SQLiBool,SQLiTime)
  --able ABLE           Enable some moudle (e.g. --enable SQLiBool,SQLiTime)

⚡️ Plugin List

  • PerFile
Plugin Name Description
sqli-bool SQL Boolean-based Blind Injection
sqli-time SQL Time-based Blind Injection
sqli-error SQL Error-based Injection
codei-asp ASP Code Execution
codei-php PHP Code Execution
cmdi Command Execution
objectdese Deserialization Parameter Analysis
sensi-js JavaScript Sensitive Information Leakage
sensi-jsonp JSONP Sensitive Information Leakage
sensi-php-phprealpath PHP Real Path Discovery
redirect Redirect
xpathi-error Error-based XPATH Injection
trave-path Path Traversal
  • PerFolder
Plugin Name Description
sensi-backupfolder Backup File Scanning
trave-dir Directory Traversal
sensi-repositoryleak Source Code Repository Leakage
sensi-php-phpinfo Phpinfo File Discovery
  • PerServer
Plugin Name Description
sensi-iis-shortname IIS Short File Name Vulnerability
other-nginx_iis-parse IIS and Nginx Parsing Vulnerabilities
sensi-errorpage Error Page Sensitive Information Leakage
takeover-oss OSS Bucket Takeover
xss-net .NET Universal XSS
crlf-nginx Nginx CRLF Injection
other-nginx-clearcache Nginx Misconfiguration - Cache Clearing
xss-flash Flash Universal XSS
sensi-nginx-readvar Nginx Misconfiguration - Variable Reading
other-idea-parse Idea Directory Parsing
sensi-backupdomain Domain-based Backup File Detection
upload-oss OSS bucket file overwriting upload vulnerability
sensi-viewstate unencrypted VIEWSTATE discovery
  • Plugin development guidelines: DEV.MD

✨ References

During the development of z0scan, we referenced numerous projects including but not limited to:

- [w13scan](https://github.com/w-digital-scanner/w13scan)
- [sqlmap](https://github.com/sqlmapproject/sqlmap)
- [Vxscan](https://github.com/al0ne/Vxscan)
- [Sitadel](https://github.com/shenril/Sitadel)
etc…
  • Full list available here

🔆 Changelog & License

❤️ Contact

Platform Contact
QQ 3973580951
Email [email protected]
WeiXin JiuZer1

About

一款用于风险资产漏洞检测的高效主动 / 被动扫描工具

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%