Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Related tags

Security related resourcesEARScanner
Overview

EARScanner

Hacker GIF 

                    This small python script can do really awesome work.

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, Can Scan Single & Multiple URLs, MultiThreaded, Fast & Reliable, Can Fuzz All URLs of target website & then can scan them for EAR

Disclaimer

💻 This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

Features

  • Works on Windows/Linux
  • MultiThreaded [Fast]
  • Uses GoBuster for Content Discovery (Fuzzing)
  • Can Scan Single URL
  • Can Scan Multiple URLs
  • Can Save Vulnerable URLs in text format
  • Reliable & Easy to Use [Very Less False Positive]

Tested On

Kali) Kali Linux

Windows) Windows 10

Prerequisite

  • Python 3.X
  • Few External Modules

How To Use in Linux

# Navigate to the /opt directory (optional)
$ cd /opt/

# Clone this repository
$ git clone https://github.com/PushpenderIndia/EARScanner.git

# Navigate to EARScanner folder
$ cd EARScanner

# Installing dependencies
$ sudo apt install python3-pip 
$ pip3 install -r requirements.txt

# Installing GoBuster (For More Installation Method, Visit: https://github.com/OJ/gobuster)
# NOTE: GoBuster Tool is Only Required for using --fuzz-scan flag
# PS: You need at least go 1.16.0 to compile gobuster.
$ go install github.com/OJ/gobuster/[email protected]

# Help Menu
$ chmod +x EARScanner.py
$ python3 EARScanner.py --help

# Scanning Single URL
$ python3 EARScanner.py -u https://example.com/admin/dashboard.php

# Scanning Multiple URLs
$ python3 EARScanner.py -uL url_list.txt

# Automatically FUZZ URLs and Scan Them for EAR 
$ python3 EARScanner.py -f https://www.example.com

How To Use in Windows

# Install dependencies 
$ Install latest python 3.x

# Clone this repository or Download this project
$ git clone https://github.com/PushpenderIndia/EARScanner.git

# Navigate to EARScanner folder
$ cd EARScanner

# Installing dependencies
$ pip install -r requirements.txt

# Help Menu
$ python EARScanner.py --help

# Scanning Single URL
$ python EARScanner.py -u https://example.com/admin/dashboard.php

# Scanning Multiple URLs
$ python EARScanner.py -uL url_list.txt

# Automatically FUZZ URLs and Scan Them for EAR 
$ python EARScanner.py -f https://www.example.com

Available Arguments

Short Hand Full Hand Description
-h --help show this help message and exit
-u URL --url URL Scan Single URL for EAR
-uL FILE_CONTAINING_URLS --url-list FILE_CONTAINING_URLS Provide a File Containing URLs [PRO_TIP: Fuzz ALL URLs using tools such as ffuf,gobuster,disbuter,etc & then pass urls_list.txt using this argument] [NOTE: One URL in One Line].
-f FUZZ_AND_SCAN --fuzz-scan FUZZ_AND_SCAN Provide a domain for scanning [It will Fuzz ALL URLs using GoBuster & Then It will scan them.]
-w WORDLIST --wordlist WORDLIST Provide a wordlist for fuzzing. [Only Use With --fuzz-scan]. default=content_discovery_all.txt
-t TIMEOUT --timeout TIMEOUT HTTP Request Timeout. default=60
-th THREADNUMBER --thread THREADNUMBER Parallel HTTP Request Number. default=100
-c CONTENTLENGTH --content-length CONTENTLENGTH Any Content Length for Confirming EAR Vulnerability. default=200
-o OUTPUT --output OUTPUT Output filename [Script will save vulnerable urls by given name]. default=vulnerable.txt

Screenshots:

Help Menu

Single URL Scan

Multiple URL Scan

Auto FUZZ & Scan

Contribute

  • All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.
Owner
Pushpender Singh
A Ethical Hacker, Programmer & Web Developer who just love to code in python
Pushpender Singh
GitHub Repository
Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

12 Sep 28, 2022
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

Ivan Å incek 165 Dec 28, 2022
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 04, 2023
This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

RemoteMouse-3.008-Exploit The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to

Podalirius 25 Dec 04, 2022
Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

Stefan Marsiske 15 Nov 26, 2022
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

Taroballz 25 Nov 15, 2022
MITMSDR for INDIAN ARMY cybersecurity hackthon

There mainly three things here: MITMSDR spectrum Manual reverse shell MITMSDR Installation Clone the project and run the setup file: ./setup One of th

2 Jul 26, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The

Himank_Jain 7 Sep 19, 2022
CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation

Banny 30 Dec 06, 2022
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
Open-source keylogger write in python

Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

Dio brando 4 Jan 15, 2022
Automatically fetch, measure, and merge subscription links on the network, use Github Action

Free Node Merge Introduction Modified from alanbobs999/TopFreeProxies It measures the speed of free nodes on the network and import the stable and hig

52 Jul 16, 2022
List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

Nag 291 Dec 28, 2022
PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

1 Sep 25, 2022
An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

Steve 20 Dec 13, 2022