{"id":13842289,"url":"https://github.com/ethicalhackingplayground/erebus","last_synced_at":"2025-04-15T18:03:20.306Z","repository":{"id":45029328,"uuid":"342573812","full_name":"ethicalhackingplayground/erebus","owner":"ethicalhackingplayground","description":"Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.","archived":false,"fork":false,"pushed_at":"2021-07-11T11:20:28.000Z","size":3168,"stargazers_count":131,"open_issues_count":6,"forks_count":29,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-15T18:02:32.257Z","etag":null,"topics":["erebus-engine","parameter-testing","vulnerability-assessment","vulnerability-detection","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ethicalhackingplayground.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-26T12:48:03.000Z","updated_at":"2025-01-02T19:20:04.000Z","dependencies_parsed_at":"2022-08-27T08:00:41.019Z","dependency_job_id":null,"html_url":"https://github.com/ethicalhackingplayground/erebus","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2Ferebus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2Ferebus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2Ferebus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethicalhackingplayground%2Ferebus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ethicalhackingplayground","download_url":"https://codeload.github.com/ethicalhackingplayground/erebus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249125958,"owners_count":21216705,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["erebus-engine","parameter-testing","vulnerability-assessment","vulnerability-detection","vulnerability-scanner"],"created_at":"2024-08-04T17:01:31.225Z","updated_at":"2025-04-15T18:03:20.273Z","avatar_url":"https://github.com/ethicalhackingplayground.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n\u003cimg src=\"https://images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com/f/d06120c6-10fa-49a6-8e5a-6de6024c71b5/ddaf69q-cbe86b59-8049-40b6-96ca-bb1929a0b073.gif?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1cm46YXBwOjdlMGQxODg5ODIyNjQzNzNhNWYwZDQxNWVhMGQyNmUwIiwiaXNzIjoidXJuOmFwcDo3ZTBkMTg4OTgyMjY0MzczYTVmMGQ0MTVlYTBkMjZlMCIsIm9iaiI6W1t7InBhdGgiOiJcL2ZcL2QwNjEyMGM2LTEwZmEtNDlhNi04ZTVhLTZkZTYwMjRjNzFiNVwvZGRhZjY5cS1jYmU4NmI1OS04MDQ5LTQwYjYtOTZjYS1iYjE5MjlhMGIwNzMuZ2lmIn1dXSwiYXVkIjpbInVybjpzZXJ2aWNlOmZpbGUuZG93bmxvYWQiXX0.n65EW1oBAX5Uc1gs3SvkpXvS-3Tc1uaP7BRVhSj04DE\" width=\"200px\" alt=\"Erebus\"\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eFast and customisable parameter based vulnerability scanner based on simple YAML Rules\u003c/h4\u003e\n\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://goreportcard.com/report/github.com/ethicalhackingplayground/erebus\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/ethicalhackingplayground/erebus\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/ethicalhackingplayground/erebus/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/ethicalhackingplayground/erebus/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/ethicalhackingplayground/erebus\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/z0idsec\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/z0idsec.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/MQWCem5b\"\u003e\u003cimg src=\"https://img.shields.io/discord/862900124740616192.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#how-templates-work\"\u003eHow\u003c/a\u003e •\n  \u003ca href=\"#install-erebus\"\u003eInstall\u003c/a\u003e •\n  \u003ca href=\"#erebus-templates\"\u003eTemplates\u003c/a\u003e •\n  \u003ca href=\"#setup-erebus-interceptor\"\u003eInterceptor\u003c/a\u003e •\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/MQWCem5b\"\u003eJoin Discord\u003c/a\u003e \n\u003c/p\u003e\n\n---\n\nErebus is used to test every parameter across targets based on Yaml templates leading to zero false positives and providing fast scanning on large number of hosts. Erebus offers many useful features including an intercepting proxy which allows researchers to browse the web, click on links and erebus will test every parameter that passes through the proxy.\n\nWe have a [dedicated repository](https://github.com/ethicalhackingplayground/erebus-templates) that houses various types of vulnerability templates.\n\n\n\n## How templates work\n\n\n\u003ch3 align=\"center\"\u003e\n  \u003cimg src=\"static/yaml.png\" alt=\"yaml-templates-flow\" width=\"700px\"\u003e\u003c/a\u003e\n\u003c/h3\u003e\n\n\n\n# Install Erebus\n\n```sh\n▶  GO111MODULE=off go get -u -v github.com/ethicalhackingplayground/erebus/erebus\n```\n\n# Install Templates\n\n```sh\n▶  erebus -ut\n```\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd\u003e  \n\n### Erebus Templates\n\nErebus has had built-in support for automatic update/download templates (https://github.com/ethicalhackingplayground/erebus/releases/latest). [**Erebus-Templates**](https://github.com/ethicalhackingplayground/erebus-templates) project provides a community-contributed list of ready-to-use templates that can be used with part of your testing.\n\nYou may use the `-ut` flag to update the nuclei templates at any time.\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd\u003e  \n\n### Setup Erebus Interceptor\n\nMake sure to setup a proxy in your browser before you use the **erebus interceptor** for firefox go to \n\n▶ Settings ▶ General ▶ Network Settings ▶ Manual proxy configuration\n\ntype in **127.0.0.1** in HTTP Proxy then for the port type in **8080** make sure to enable **Also use this proxy for FTP and HTTPS**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd\u003e \n\n### Install the SSL Certificates to use HTTPS\n\nI have provided the certificates for you to use for **HTTPS** testing, all you need to do is install these by:\n\n▶ Settings ▶ Privacy \u0026 Security ▶ Certificates ▶ View Certificates ▶ Import ▶ \n\nSelect the **.crt** file in the erebus directory and proceed by trusting and installing.\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\n### Usage\n\n```sh\nerebus -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n\u003cdetails\u003e\n\u003csummary\u003e 👉 erebus help menu 👈\u003c/summary\u003e\n\n```\nUsage of erebus:\n  -burp-sitemap string\n        scan burp xml sitemap (without base64 decoded)\n  -c int\n        the number of concurrent requsts (default 100)\n  -crawl\n        crawl through each intercepted request\n  -depth int\n        the crawl depth (default 5)\n  -interceptor\n        intercept the requests through the proxy and test each parameter\n  -o string\n        output results to a file\n  -p string\n        the port on which the interception proxy will listen on (default \"8080\")\n  -scope string\n        the scope for the proxy intercetor\n  -secure\n        determaines if the connection is secure or not\n  -silent\n        silent (only show vulnerable urls)\n  -t string\n        use the templates with all our yaml rules instead\n  -tc string\n        Use other tools by executing an os command (default \"qsreplace\")\n  -ut\n        Install or update the erebus-templates\n```\n\n\u003c/details\u003e\n\n\n# Usage\n\nHere are a few examples on how to use the erebus scanner for part of your testing.\n\n### Intercept and Crawl on HTTP\n\nScanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTP domains.\n\n```sh\n▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -scope \".*.\\.paypal.com\"\n```\n\n### Intercept and Crawl on HTTPS\n\nScanning for XSS vulnerabilities using the intercepting proxy with all of paypal inscope while crawling on HTTPS domains.\n\n```sh\n▶ erebus -t erebus-templates/xss-reflected.yaml -interceptor -crawl -secure -scope \".*.\\.paypal.com\"\n```\n\n### Tool Chaining Usage\n\nScanning for XSS vulnerabilities across range of subdomains using subfinder and Gau\n\n```sh\n▶ echo \"paypal.com\" | gau | erebus -t erebus-templates/xss-reflected.yaml\n```\n\nScan subdomains from a file in the format **https://** or **http://**\n\n```sh\n▶ cat alive | gau | erebus -t erebus-templates/xss-reflected.yaml\n```\n\n\n[![asciicast](https://asciinema.org/a/424487.svg)](https://asciinema.org/a/424487)\n\n### License\n\nErebus is distributed under [GPL-3.0 License](https://github.com/ethicalhackingplayground/erebus/blob/main/LICENSE)\n\n\u003ch1 align=\"left\"\u003e\n  \u003ca href=\"https://discord.gg/MQWCem5b\"\u003e\u003cimg src=\"static/Join-Discord.png\" width=\"380\" alt=\"Join Discord\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethicalhackingplayground%2Ferebus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fethicalhackingplayground%2Ferebus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethicalhackingplayground%2Ferebus/lists"}