Skip to content
/ z0scan Public

An efficient active/passive scanning tool for vulnerability detection in risk assets.

License

GPL-2.0 license
74 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JiuZero/z0scan

BranchesTags

Repository files navigation



Z0SCAN

An efficient active/passive scanning tool for vulnerability detection in risk assets

English | 中文

🌟 Advantages

  1. Integration of WAF detection, fingerprint identification, and plugin scanning
    "Less WAF triggering, fewer requests, stronger targeting"

  2. Support for pseudo-static pages and other vulnerabilities
    "Enhanced vulnerability discovery capabilities"

  3. Unique similarity-based scanning skip mechanism
    "Reduced request volume"

  4. Auxiliary discovery of sensitive information and potential vulnerabilities
    "Comes with auxiliary capabilities"

  5. SQLite3-based storage for scan records and data
    "Large-scale, high-efficiency"

  6. Open-source Python3 implementation
    "Highly customizable"

🔧 Installation

cryptography dependency installation (optional):

Environment Command
Debian/Ubuntu apt install python-cryptography
Termux pkg install python-cryptography
Alpine/iSH apk add py3-cryptography

Install via Pypi

pip install z0scan
z0scan

Install via GitHub clone

git clone https://github.com/JiuZero/z0scan
cd z0scan
pip install -r requirements.txt
python3 z0scan.py

🚀 Usage

usage: z0scan [options]

options:
  -h, --help            show this help message and exit
  -v, --version         Show program's version number and exit
  --debug               Show programs's exception
  -l LEVEL, --level LEVEL
                        Different level use different kind of scanner
                        (Default [0, 1, 2, 3])

Proxy:
  Passive Agent Mode Options

  -s SERVER_ADDR, --server-addr SERVER_ADDR
                        Server addr format:(ip:port)

Target:
  Options has to be provided to define the target(s)

  -u URL, --url URL     Target URL (e.g. "http://www.site.com/vuln.php?id=1")
  -f URL_FILE, --file URL_FILE
                        Scan multiple targets given in a textual file

Request:
  Network request options

  -p PROXY, --proxy PROXY
                        Use a proxy to connect to the target URL,Support
                        http,https,socks5,socks4 eg:[email protected]:8080 or
                        [email protected]:1080
  --timeout TIMEOUT     Seconds to wait before timeout connection (Default
                        10)
  --retry RETRY         Time out retrials times (Default 2)
  --random-agent        Use randomly selected HTTP User-Agent header value

Output:
  Output options

  --html                When selected, the output will be output to the
                        output directory by default, or you can specify
  --json JSON           The json file is generated by default in the output
                        directory, you can change the path

Optimization:
  Optimization options

  -t THREADS, --threads THREADS
                        Max number of concurrent network requests (Default
                        31)
  -iw, --ignore-waf     Ignore the WAF during detection
  -sc, --scan-cookie     Scan cookie during detection
  --disable DISABLE     Disable some plugins (e.g. --disable
                        SQLiBool,SQLiTime)
  --able ABLE           Enable some moudle (e.g. --enable SQLiBool,SQLiTime)

⚡️ Plugin List

  • PerFile
Plugin Name Description
SQLiBool SQL Boolean-based Blind Injection Detection
SQLiTime SQL Time-based Blind Injection Detection
SQLiError SQL Error-based Injection Detection
AspCodei ASP Code Execution
PhpCodei PHP Code Execution
Cmdi Command Execution
ObjectDese Deserialization Parameter Analysis
JsSensi JS Sensitive Information Leakage
Jsonp JS Sensitive Information Leakage
PhpRealPath PHP Real Path Discovery
Redirect Redirect
XpathiError Error-based XPATH Injection Detection
PathTrave Path Traversal
  • PerFolder
Plugin Name Description
BackupFolder Backup File Scanning
DirTrave Directory Traversal
RepositoryLeak Source Code Repository Leakage
Phpinfo Phpinfo File Discovery
  • PerServer
Plugin Name Description
IISShortname IIS Short Filename Vulnerability Detection
IISNginxParse IIS and Nginx Parsing Vulnerabilities
ErrorPage Error Page Sensitive Information Leakage
OSSTakeover OSS Bucket Takeover
NetXSS .NET Universal XSS
NginxCRLF Nginx CRLF Injection
NginxWebcache Nginx Misconfiguration - Cache Purge
FlashXSS Flash Universal XSS
NginxVariableLeakage Nginx Misconfiguration - Variable Reading
IdeaParse Idea Directory Parsing
BackupDomain Domain-based Backup File Detection
  • Plugin Development Guidelines: DEV.MD

✨ References

During the development of z0scan, we referenced numerous projects including but not limited to:

- [w13scan](https://github.com/w-digital-scanner/w13scan)
- [sqlmap](https://github.com/sqlmapproject/sqlmap)
- [Vxscan](https://github.com/al0ne/Vxscan)
- [Sitadel](https://github.com/shenril/Sitadel)
etc…
  • Full list available here

🔆 Changelog & License

❤️ Contact

Platform Contact
QQ 3973580951
Email [email protected]
WeChat JiuZer0

About

An efficient active/passive scanning tool for vulnerability detection in risk assets.

Topics

python3 sql-injection vulnerability information-gathering passive-vulnerability-scanner security-tools vulnerability-scanner red-teaming

Resources

Readme

License

GPL-2.0 license
Activity

Stars

74 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages