EARScanner
This small python script can do really awesome work.
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, Can Scan Single & Multiple URLs, MultiThreaded, Fast & Reliable, Can Fuzz All URLs of target website & then can scan them for EAR
Disclaimer
THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.
Features
- Works on Windows/Linux
- MultiThreaded [Fast]
- Uses GoBuster for Content Discovery (Fuzzing)
- Can Scan Single URL
- Can Scan Multiple URLs
- Can Save Vulnerable URLs in text format
- Reliable & Easy to Use [Very Less False Positive]
Tested On
Kali Linux
Windows 10
Prerequisite
- Python 3.X
- Few External Modules
How To Use in Linux
# Navigate to the /opt directory (optional)
$ cd /opt/
# Clone this repository
$ git clone https://github.com/PushpenderIndia/EARScanner.git
# Navigate to EARScanner folder
$ cd EARScanner
# Installing dependencies
$ sudo apt install python3-pip
$ pip3 install -r requirements.txt
# Installing GoBuster (For More Installation Method, Visit: https://github.com/OJ/gobuster)
# NOTE: GoBuster Tool is Only Required for using --fuzz-scan flag
# PS: You need at least go 1.16.0 to compile gobuster.
$ go install github.com/OJ/gobuster/[email protected]
# Help Menu
$ chmod +x EARScanner.py
$ python3 EARScanner.py --help
# Scanning Single URL
$ python3 EARScanner.py -u https://example.com/admin/dashboard.php
# Scanning Multiple URLs
$ python3 EARScanner.py -uL url_list.txt
# Automatically FUZZ URLs and Scan Them for EAR
$ python3 EARScanner.py -f https://www.example.com
How To Use in Windows
# Install dependencies
$ Install latest python 3.x
# Clone this repository or Download this project
$ git clone https://github.com/PushpenderIndia/EARScanner.git
# Navigate to EARScanner folder
$ cd EARScanner
# Installing dependencies
$ pip install -r requirements.txt
# Help Menu
$ python EARScanner.py --help
# Scanning Single URL
$ python EARScanner.py -u https://example.com/admin/dashboard.php
# Scanning Multiple URLs
$ python EARScanner.py -uL url_list.txt
# Automatically FUZZ URLs and Scan Them for EAR
$ python EARScanner.py -f https://www.example.com
Available Arguments
| Short Hand | Full Hand | Description |
|---|---|---|
| -h | --help | show this help message and exit |
| -u URL | --url URL | Scan Single URL for EAR |
| -uL FILE_CONTAINING_URLS | --url-list FILE_CONTAINING_URLS | Provide a File Containing URLs [PRO_TIP: Fuzz ALL URLs using tools such as ffuf,gobuster,disbuter,etc & then pass urls_list.txt using this argument] [NOTE: One URL in One Line]. |
| -f FUZZ_AND_SCAN | --fuzz-scan FUZZ_AND_SCAN | Provide a domain for scanning [It will Fuzz ALL URLs using GoBuster & Then It will scan them.] |
| -w WORDLIST | --wordlist WORDLIST | Provide a wordlist for fuzzing. [Only Use With --fuzz-scan]. default=content_discovery_all.txt |
| -t TIMEOUT | --timeout TIMEOUT | HTTP Request Timeout. default=60 |
| -th THREADNUMBER | --thread THREADNUMBER | Parallel HTTP Request Number. default=100 |
| -c CONTENTLENGTH | --content-length CONTENTLENGTH | Any Content Length for Confirming EAR Vulnerability. default=200 |
| -o OUTPUT | --output OUTPUT | Output filename [Script will save vulnerable urls by given name]. default=vulnerable.txt |
Screenshots:
Help Menu
Single URL Scan
Multiple URL Scan
Auto FUZZ & Scan
Contribute
- All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.
1 Oct 24, 2021
4 Aug 31, 2021
50 Dec 26, 2022
6 Dec 28, 2022
826 Jan 01, 2023
36 Jul 18, 2021
10 Sep 28, 2022
2.7k Jan 09, 2023
6.7k Jan 05, 2023
4 Jan 08, 2022
86 Aug 21, 2022
1 Aug 29, 2022
16 Oct 12, 2022
13 Nov 09, 2022
10 Jul 31, 2022
33 Jan 04, 2023
102 Jan 04, 2023
15 Dec 22, 2022
3 Apr 13, 2022
136 Jan 02, 2023