{"id":13843440,"url":"https://github.com/ARPSyndicate/kenzer","last_synced_at":"2025-07-11T19:31:33.302Z","repository":{"id":40319205,"uuid":"296299538","full_name":"ARPSyndicate/kenzer","owner":"ARPSyndicate","description":"automated web assets enumeration \u0026 scanning [DEPRECATED]","archived":true,"fork":false,"pushed_at":"2023-03-07T09:20:26.000Z","size":1630,"stargazers_count":287,"open_issues_count":0,"forks_count":62,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-08-05T17:37:26.142Z","etag":null,"topics":["aquatone","arpsyndicate","axiom","certex","domlock","favinizer","ffuf","freaker","freakerdb","jaeles","kenzer","nuclei","s3hunter","shuffledns","subfinder","zulip"],"latest_commit_sha":null,"homepage":"https://asm.arpsyndicate.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ARPSyndicate.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-09-17T10:55:15.000Z","updated_at":"2024-07-22T02:50:19.000Z","dependencies_parsed_at":"2023-10-20T17:41:58.368Z","dependency_job_id":null,"html_url":"https://github.com/ARPSyndicate/kenzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARPSyndicate%2Fkenzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARPSyndicate%2Fkenzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARPSyndicate%2Fkenzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARPSyndicate%2Fkenzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ARPSyndicate","download_url":"https://codeload.github.com/ARPSyndicate/kenzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225754976,"owners_count":17519181,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aquatone","arpsyndicate","axiom","certex","domlock","favinizer","ffuf","freaker","freakerdb","jaeles","kenzer","nuclei","s3hunter","shuffledns","subfinder","zulip"],"created_at":"2024-08-04T17:02:08.597Z","updated_at":"2024-11-21T15:30:56.369Z","avatar_url":"https://github.com/ARPSyndicate.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"\u003cdiv align='left'\u003e\u003cp\u003e\u003ch2\u003eKENZER - Automated web assets enumeration \u0026 scanning\u003c/h2\u003e\u003ch3\u003e[DEPRECATED]\u003c/h3\u003e\u003cdiv id='badges'\u003e\u003ca href='https://www.linkedin.com/company/scanfactory-io'\u003e\u003cimg src='https://img.shields.io/badge/LinkedIn-black?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white' alt='ScanFactory LinkedIn'/\u003e\u003c/a\u003e \u003ca href='https://twitter.com/scanfactory_io'\u003e\u003cimg src='https://img.shields.io/badge/Twitter-black?style=for-the-badge\u0026logo=twitter\u0026logoColor=white' alt='ScanFactory Twitter'/\u003e\u003c/a\u003e \u003ca href='https://t.me/scanfactorybot'\u003e\u003cimg src='https://img.shields.io/badge/Telegram Recon Bot-black?style=for-the-badge\u0026logo=telegram\u0026logoColor=white' alt='ScanFactory Telegram Recon Bot'/\u003e\u003c/a\u003e\u003c/div\u003e\u003c/p\u003e\u003c/div\u003e\r\n\r\n## Mentions\r\n\r\n[A Conceptual Introduction to Automating Bug Bounties](https://g147.medium.com/a-conceptual-introduction-to-automating-bug-bounties-ft-arpsyndicate-yeswehack-scanfactory-f2468f345d7)\u003cbr\u003e\r\n\r\n## Demo\r\n\r\n[![kenzer](screenshots/yt-thumbnail.png)](https://www.youtube.com/watch?v=pD0IRloikz8)\r\n\r\n## Screenshots\r\n\r\n![kenzer](screenshots/kenzer0.png)\r\n![kenzer](screenshots/kenzer1.png)\r\n\r\n## Instructions for running\r\n\r\n0. Run `git clone https://github.com/ARPSyndicate/kenzer /home/ubuntu/kenzer \u0026\u0026 cd /home/ubuntu/kenzer` **(preferred)**\u003cbr\u003e\r\n1. Create an account on [Zulip](https://zulipchat.com)\u003cbr\u003e\r\n2. Navigate to `Settings \u003e Your Bots \u003e Add a new bot`\u003cbr\u003e\r\n3. Create a new generic bot named `kenzer`\u003cbr\u003e\r\n4. Add all the configurations in `configs/kenzer.conf`\u003cbr\u003e\r\n5. Install/Run using - \u003cbr\u003e\r\n   - `./install.sh -b` [if you need `kenzer-compatible` binaries to be installed] **(preferred)**\u003cbr\u003e\r\n   - `./install.sh` [if you do not need `kenzer-compatible` binaries to be installed]\u003cbr\u003e\r\n   - `./run.sh` [if you do not need installation at all]\u003cbr\u003e\r\n   - `./service.sh` [initialize it as a service post-installation] **(preferred)**\u003cbr\u003e\r\n   - `bash swap.sh` [in case you are facing memory issues]\r\n6. Interact with `kenzer` using Zulip client, by adding bot to a stream or via DM.\u003cbr\u003e\r\n7. Test `@**kenzer** man` as Zulip input to display available commands.\u003cbr\u003e\r\n8. All the commands can be used by mentioning the chatbot using the prefix `@**kenzer**` (name of your chatbot).\u003cbr\u003e\r\n\r\n## Some Popular Features\r\n- Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, \u0026 ShuffleDNS\r\n- Port Enumeration using NXScan (Shodan, Netlas, Naabu \u0026 Nmap)\r\n- Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter \u0026 Waymore\r\n- Web Vulnerability Scanning using Freaker, Jaeles, Wapiti, ZAP, Nuclei, Rescro \u0026 DalFox\r\n- Backup Files Scanning using Fuzzuli\r\n- Git Repository Enumeration \u0026 Scanning using RepoHunt \u0026 Trufflehog\r\n- Web Screenshot Identification using Shottie \u0026 Perceptic\r\n- WAF Detection \u0026 Avoidance using WafW00f \u0026 Nuclei\r\n- Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)\r\n- Every task can be distributed over multiple machines\r\n- Every task can be executed through a single HTTP/SOCKS Proxy\r\n\r\n## Built-in Modules\r\n\r\n\u003e - `blacklist \u003ctarget\u003e,\u003cregex\u003e` - initializes \u0026 removes blacklisted targets\r\n\u003e - `whitelist \u003ctarget\u003e,\u003cregex\u003e` - initializes \u0026 keeps only whitelisted targets\r\n\u003e - `program \u003ctarget\u003e,[\u003cname\u003e][\u003cmeta\u003e][\u003clink\u003e]` - initializes the program to which target belongs\r\n\u003e - `subenum[-\u003cmode\u003e[active/passive (default=all)]] \u003ctarget\u003e` - enumerates subdomains\r\n\u003e - `repenum \u003ctarget\u003e` - enumerates reputation of subdomains\r\n\u003e - `repoenum \u003ctarget\u003e` - enumerates github repositories\r\n\u003e - `portenum[-\u003cmode\u003e[100/1000/full/fast (default=1000)]] \u003ctarget\u003e` - enumerates open ports\r\n\u003e - `servenum \u003ctarget\u003e` - enumerates services\r\n\u003e - `webenum \u003ctarget\u003e` - enumerates webservers\r\n\u003e - `headenum \u003ctarget\u003e` - enumerates additional info from webservers\r\n\u003e - `urlheadenum \u003ctarget\u003e` - enumerates additional info from urls\r\n\u003e - `asnenum \u003ctarget\u003e` - enumerates asn records\r\n\u003e - `dnsenum \u003ctarget\u003e` - enumerates dns records\r\n\u003e - `conenum \u003ctarget\u003e` - enumerates hidden files \u0026 directories\r\n\u003e - `urlenum[-\u003cmode\u003e[active/passive (default=all)]] \u003ctarget\u003e` - enumerates urls\r\n\u003e - `socenum \u003ctarget\u003e` - enumerates social media accounts\r\n\u003e - `keysenum \u003ctarget\u003e` - enumerates sensitive api keys\r\n\u003e - `wafscan \u003ctarget\u003e` - scans for firewalls\r\n\u003e - `subscan[-\u003cmode\u003e[web/dns (default=all)]] \u003ctarget\u003e` - hunts for subdomain takeovers\r\n\u003e - `urlscan[-\u003cmode\u003e[cmdi/crlf/redirect/sqli/ssrf/ssti/xss (default=all)]] \u003ctarget\u003e` - hunts for vulnerabilities in URL parameters\r\n\u003e - `reposcan \u003ctarget\u003e` - scans github repositories for api key leaks\r\n\u003e - `bakscan \u003ctarget\u003e` - scans for backup files\r\n\u003e - `cscan[-\u003cseverity\u003e[critical/high/medium/low/info/workflow (default=all)]] \u003ctarget\u003e` - scan with customized templates\r\n\u003e - `cvescan[-\u003cseverity\u003e[critical/high/medium/low/info/workflow (default=all)]] \u003ctarget\u003e` - hunts for CVEs\r\n\u003e - `vulnscan[-\u003cseverity\u003e[critical/high/medium/low/info/workflow (default=all)]] \u003ctarget\u003e` - hunts for other common vulnerabilities\r\n\u003e - `idscan[-\u003cseverity\u003e[critical/high/medium/low/info/workflow (default=all)]] \u003ctarget\u003e` - identifies applications running on webservers\r\n\u003e - `portscan \u003ctarget\u003e` - scans open ports (nmap)(slow)\r\n\u003e - `shodscan \u003ctarget\u003e` - scans open ports (shodan)(fast)\r\n\u003e - `xssscan \u003ctarget\u003e` - scans for xss vulnerabilities\r\n\u003e - `appscan \u003ctarget\u003e` - scans for webapp vulnerabilities\r\n\u003e - `buckscan \u003ctarget\u003e` - hunts for unreferenced aws s3 buckets\r\n\u003e - `favscan \u003ctarget\u003e` - fingerprints webservers using favicon\r\n\u003e - `vizscan[-\u003cmode\u003e[web/repo (default=web)]] \u003ctarget\u003e` - screenshots websites \u0026 repositories\r\n\u003e - `enum \u003ctarget\u003e` - runs all enumerator modules\r\n\u003e - `scan \u003ctarget\u003e` - runs all scanner modules\r\n\u003e - `recon \u003ctarget\u003e` - runs all modules\r\n\u003e - `hunt \u003ctarget\u003e` - runs your custom workflow\r\n\u003e - `disseminate \u003ccommand\u003e \u003ctarget\u003e` - splits \u0026 distributes input over multiple bots\r\n\u003e - `upload` - switches upload functionality\r\n\u003e - `waf` - switches waf avoid functionality\"\r\n\u003e - `proxy` - switches proxy functionality\"\r\n\u003e - `upgrade` - upgrades kenzer to latest version\r\n\u003e - `monitor \u003ctarget\u003e` - monitors ct logs for new subdomains\r\n\u003e - `monitor normalize` - normalizes the enumerations from ct logs\r\n\u003e - `monitor db` - monitors ct logs for domains in summary/domain.txt\r\n\u003e - `monitor autohunt \u003cfrequency(default=5)\u003e` - starts automated hunt while monitoring\r\n\u003e - `sync` - synchronizes the local kenzerdb with github\r\n\u003e - `freaker \u003cmodule\u003e [\u003ctarget\u003e]` - runs freaker module\r\n\u003e - `kenzer \u003cmodule\u003e` - runs a specific module\r\n\u003e - `kenzer man` - shows this manual\r\n\r\n## The Beginner's Workflow\r\n\r\n![workflow](screenshots/workflow.png)\r\n\r\nAlthough few more modules are available \u0026 much more is going to be released in the course of time which can advance this workflow, yet this one is enough to get started with \u0026 listed below are few of its successful hunts.\u003cbr\u003e\u003cbr\u003e\r\n\u003cimg src=\"screenshots/adobe.png\" width=\"200\" height=\"60\"\u003e\r\n\u003cimg src=\"screenshots/ibm.png\" width=\"150\" height=\"60\"\u003e\r\n\u003cimg src=\"screenshots/amazon.png\" width=\"150\" height=\"50\"\u003e\r\n\u003cimg src=\"screenshots/algolia.png\" width=\"250\" height=\"60\"\u003e\r\n\r\n**COMPATIBILITY TESTED ON UBUNTU 20.04.5 (x86_64) ONLY**\u003cbr\u003e\r\n**RIGGED WITH LOGIC ISSUES**\u003cbr\u003e\r\n**FEEL FREE TO SUBMIT PULL REQUESTS**\u003cbr\u003e\r\n**THIS IS A VERY SOPHISTICATED AUTOMATION FRAMEWORK**\u003cbr\u003e\r\n**MEANT TO BE DEPLOYED ON AWS UBUNTU 20.04 AMD64 SERVER**\u003cbr\u003e\r\n**ABILITY TO UNDERSTAND PYTHON \u0026 BASH IS A PREREQUISITE**\u003cbr\u003e\r\n**WE DO NOT PROVIDE ANY SUPPORT WITH INSTALLATION**\u003cbr\u003e\r\n**ISSUES RELATED TO INSTALLATION WILL BE CLOSED WITHOUT ANY RESOLUTION**\u003cbr\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FARPSyndicate%2Fkenzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FARPSyndicate%2Fkenzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FARPSyndicate%2Fkenzer/lists"}