Open source tool to perform API security scan in PTaaS. This scanner uses nmap in order
to get some details about our target. In this app, we get system information, critical issues, system vulnerabilities,
and system dependencies. After that we return a list of possible vulnerabilities that might be used in a penetrating testing
for that target.
Install dependencies first:
pip install -r requirements.txtRun the scanner by following command:
python scanner.py --host webmail.aut.ac.irA list of the flags that you can set when executing the scanner:
| Flag | Description | Value |
|---|---|---|
--host |
target address | string |
--ports |
target port | int |
--protocols |
target protocols | list |
--type |
target type (service type) | string |
--deps |
target deps addresses (dependency services) | list |
--token |
target access token for authentication | string |
--endpoints |
target special endpoints | list |
--fastscan |
scanner fast mode | bool |
[
{
"vuln": "injection",
"attacks": [ "sql injection", "graphql injection" ]
"path": [
"/docs/{doc-name}",
"/docs?sort_by={sorting-field}",
],
"host" : {
"ip": "127.0.0.2",
"port": 8080
}
}
]