V3n0M-Scanner | Popular Pentesting scanner in Python36 for SQLi/XSS/LFI/RFI and other Vulns | Security Testing library

by v3n0m-Scanner Python Version: Release-425 License: GPL-3.0

X-Ray Key Features Code Snippets(3)Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | V3n0M-Scanner Summary

V3n0M-Scanner is a Python library typically used in Testing, Security Testing applications. V3n0M-Scanner has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has medium support. However V3n0M-Scanner build file is not available. You can install using 'pip install V3n0M-Scanner' or download it from GitHub, PyPI.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Support

Quality

Security

License

Reuse

Support

V3n0M-Scanner has a medium active ecosystem.

It has 1292 star(s) with 427 fork(s). There are 91 watchers for this library.

It had no major release in the last 12 months.

There are 2 open issues and 176 have been closed. On average issues are closed in 80 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of V3n0M-Scanner is Release-425

Quality

V3n0M-Scanner has 0 bugs and 0 code smells.

Security

V3n0M-Scanner has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

V3n0M-Scanner code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

V3n0M-Scanner is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

V3n0M-Scanner releases are available to install and integrate.

Deployable package is available in PyPI.

V3n0M-Scanner has no build file. You will be need to create the build yourself to build the component from source.

Installation instructions, examples and code snippets are available.

It has 4273 lines of code, 232 functions and 8 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed V3n0M-Scanner and discovered the below as its top functions. This is intended to give you an instant insight into V3n0M-Scanner implemented functionality, and help decide if they suit your requirements.

Tries to inject validation parameters into the given URL
Tries to test the parameter against the provided parameters
Prompt the user for a URL
Parse parameters
Manage the f menu
Runs the vulnscan
Generate a list of IPs
Print banner
Navigate menu
LFI scanner
Scans a given URL and scan it
Run the auto - hack
Runs all the vuln tests
Manage the menu
Crawl a web page
Process a seed URL
Searches for vulnerabilities using the given URL
Create a new SOCKS proxy connection
Generate new IP list
Negotiates a connection via HTTP
Negotiates a SOCKS4 request
Filtering filter checker
Fuzzer
Setup the logger
Updates the XS strike
Check for newlisuite updates
Perform a single fuzzing test
Prompt the user for a text file
Takes a list of parameters and returns the result

Get all kandi verified functions for this library.

V3n0M-Scanner Key Features

No Key Features are available at this moment for V3n0M-Scanner.

V3n0M-Scanner Examples and Code Snippets

Usage:

Python

Lines of Code : 28

License : Non-SPDX (NOASSERTION)

Copy

root@bt:~# python2.7 Linux-v3n0m.py

Now you may follow the simple prompts.

[0x100] Choose your target (domain) :
        Example : .com
        AND
        it is necessary to add you can also use a specific website (www.example.com)

[0x200] Choose

New To This Addition:

Python

Lines of Code : 18

License : Non-SPDX (NOASSERTION)

Copy

---To be Done --Partially implemented -Done
  -FTP Crawler thanks Sam for code
  -Fix engines search parameters
  -Increase LFI/RFI/XSS Lists if possible
---Implement SQL Database dumping tweaks
---Implement SQLi Post Method attack
  -Removed ToRSled

Original Header:

Python

Lines of Code : 7

License : Non-SPDX (NOASSERTION)

Copy

- This was written for educational purpose and pentest only. Use it at your own risk.
- Author will be not responsible for any damage!
- !!! Special greetz for my friend sinner_01 !!!
- Toolname        : darkd0rk3r.py
- Coder           : baltazar a.k

Community Discussions

Trending Discussions on Security Testing

DAST security scaning of a IoT Nodemcu esp8266 LUA script www HTML server connected to camera and A/C relay

QUESTION

DAST security scaning of a IoT Nodemcu esp8266 LUA script www HTML server connected to camera and A/C relay

Asked 2021-Apr-08 at 01:04

I have not, but shall DAST* security test, out of curiosity, an IoT device; Nodemcu esp8266 www server I built. It's showing a HTML page (on a mobile phone for example) that allows to control and interact with a camera module and a A/C relay. With it I can for example show images captured in the camera I even think it has some image recognition built in, and I can switch on and off a relay for electrical current to a light bulb (110/220v A/C power)

Before I start pentest I though I better start thinking of what types of exploits one would be able to find and detect? Which sinister exploits I will be able to find, or rather ought be able to find given a proper pentest exercise? (And if I do not find exploits, my approach to the pentest of the Iot might be wrong)

I ponder it might be a totally pointless exercise since the esp8266 www server (or rather its LUA programming libraries) might not have any security built into it, so basically it is "open doors" and everything with it is unsafe ?

The test report might just conclude what I can foresee be that the the "user input needs to be sanitized"?

Anyone have any idea what such pentest of a generic IoT device generally reports? Maybe it is possible to crash or reset the IoT device? Buffer overruns, XXS, call own code ?

I might use ZAP or Burpsuite or similar DAST security test tool.

I could of course SAST test it instead, or too, but I think it will be hard to find a static code analyzer for the NodeMCU libraries and NUA scripting language easily ? I found some references here though: https://ieeexplore.ieee.org/abstract/document/8227299 but it seems to be a long read.

So if someone just have a short answer what to expect in a DAST scan/pentest , it would be much appreciated.

Stay safe and secure out there ! Zombieboy

...

ANSWER

Answered 2021-Apr-08 at 01:04

I do my vulnerability scanning with OpenVAS (I assume this is what you mean by pentesting?). I am not aware of any IOT focused Tools.

If your server is running on esp8266, i would imagine that there is no much room for authentication and encryption of http traffic, but correct me if i am wrong).

Vulnerability Scan results might show things like unencrypted http traffic, credentials transmitted in cleartext (if you have any credentials fields in the pages served by the web server) etc. Depending on if there is encryption, you might also see weak encryption findings.

You might get some false positives on your lua webserver reacting like other known webservers when exploits are applied. I have seen this kind of false positive specially on DoS vulnerabilities when a vulnerability scan is testing a vulnerability and the server becomes unresponsive. Depending on how invasive your vulnerability scanner is, you might get a lot of false positives for DoS on such a constrained platform.

Source https://stackoverflow.com/questions/66995125

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install V3n0M-Scanner

Ubuntu users: Please make sure you sudo apt-get install python3-bs4 | apt-get install python3-setuptools. Kali users: Please apt-get install python3-dev | apt-get install python-dev. Docker users: Please see Dockerfile_README.md.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: