Scant3R – Web Security Scanner

Vulnerability Scanning is the process of finding the security flaws in the web-based application which can compromise the web application and reveal sensitive data. Scanning can be done in a manual way as well as in an automated way. Manual testing takes a lot of time if the scope of the target domain is vast. So automated testing is a good approach to be followed. Scant3rR is an automated tool developed in the python language which tests the target domain for various types of vulnerabilities or flaws like XSS, Injection, LFI, etc. The tool contains various modules which can be used in the scanning process. Scant3R tool is open source and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Scant3R Tool on Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called Scant3R using the following command. In this directory, we will complete the installation of the Scant3R tool.

mkdir Scant3R 

Step 4: Now switch to the Scant3R directory using the following command.

cd Scant3R 

Step 5: Now you have to install the tool. You have to clone the tool from GitHub.

git clone https://github.com/knassar702/scant3r.git

Step 6: The tool has been downloaded successfully in the Scant3R directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the Scant3R tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd scant3r 

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Download the required packages for running the tool, use the following command.

sudo pip3 install -r requirements.txt

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 scant3r.py -h

Working with Scant3R Tool on Kali Linux

Example 1: Using Scant3R Tool for Normal scan

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py 

Example 2: Using Scant3R Tool to Add module

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -m headers

Example 3: Using Scant3R Tool to add Random User-agents

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -R

Example 4: Using Scant3R Tool Add custom headers

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -H “Auth: U2NhblQzcgo=\nNew: True”

Example 5: Using Scant3R Tool Add timeout

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -t 1000

Example 6: Using Scant3R Tool Add threads

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -w 50

Example 7: Using Scant3R Tool Add http/https proxy

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -p http://127.0.0.1:80

Example 8: Using Scant3R Tool Add cookies

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -c ‘login=test%2Ftest’

Example 9: Using Scant3R Tool to Follow redirects

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -r

Example 10: Using Scant3R Tool to Dump HTTP requests/responses

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py -H “Auth: U2NhblQzcgo=” -d

Example 11: Using Scant3R Tool to Remove logo

echo “http://testphp.vulnweb.com/search.php?test=query&searchFor=1&goButton=go” | python3 scant3r.py –nologo

Example 12: Using Scant3R Tool to use PMG Module

cat waybackurls.txt | python3 scant3r.py -m PMG

Example 13: Using Scant3R Tool to use Headers Module

echo https://testphp.vulnweb.com|python3 scant3r.py -m headers

Example 14: Using Scant3R Tool to use Lorsrf Module

echo ‘http://testphp.vulnweb.com/’ | python3 scant3r.py -m lorsrf -w 50 -R -x ‘http://myhost.burpcollaborator.net’

Example 15: Using Scant3R Tool to use Paths Module

echo ‘http://testphp.vulnweb.com/’| python3 scant3r.py -m paths -w 50

Example 16: Using Scant3R Tool to use Neon Module

echo http://$$$$$.com/admin/ | python3 scant3r.py -m neon