{"id":28276343,"url":"https://github.com/moften/symfony-endpoint-scanner","last_synced_at":"2026-05-18T05:44:04.613Z","repository":{"id":292200373,"uuid":"980136241","full_name":"moften/Symfony-Endpoint-Scanner","owner":"moften","description":"Busca rutas públicas comunes de Symfony","archived":false,"fork":false,"pushed_at":"2025-09-16T03:24:23.000Z","size":24,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-16T05:45:49.930Z","etag":null,"topics":["symfony"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moften.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-08T16:11:21.000Z","updated_at":"2025-09-16T03:24:26.000Z","dependencies_parsed_at":"2025-08-18T21:15:03.481Z","dependency_job_id":"5b1bc17a-d4f5-4101-a3e6-76c70520255f","html_url":"https://github.com/moften/Symfony-Endpoint-Scanner","commit_stats":null,"previous_names":["moften/symfony-endpoint-scanner"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/moften/Symfony-Endpoint-Scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FSymfony-Endpoint-Scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FSymfony-Endpoint-Scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FSymfony-Endpoint-Scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FSymfony-Endpoint-Scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moften","download_url":"https://codeload.github.com/moften/Symfony-Endpoint-Scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moften%2FSymfony-Endpoint-Scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33166753,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T05:43:36.989Z","status":"ssl_error","status_checked_at":"2026-05-18T05:43:19.133Z","response_time":71,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["symfony"],"created_at":"2025-05-21T05:10:25.061Z","updated_at":"2026-05-18T05:44:04.607Z","avatar_url":"https://github.com/moften.png","language":"Python","funding_links":["https://www.paypal.com/paypalme/moften"],"categories":[],"sub_categories":[],"readme":"# 🏴‍☠️ Symfony Endpoint Scanner\n\nBusca rutas públicas comunes de aplicaciones Symfony.\n\nDesarrollado por **m10sec (2025)**.\n\n---\n\n## 🏴‍☠️ Descripción\nSymfony Endpoint Scanner es una herramienta avanzada escrita en Python diseñada para analizar de forma exhaustiva servidores web que potencialmente ejecutan Symfony o frameworks similares.\nEl script realiza miles de peticiones HTTP controladas, detecta endpoints expuestos, identifica artefactos de desarrollo, localiza archivos de backup y dumps filtrados, y detecta huellas de tecnologías que podrían representar una superficie de ataque crítica.\n\nAdemás, implementa fuzzing inteligente sobre plantillas parametrizadas para descubrir rutas internas o endpoints ocultos.\n\n---\n\n## Características\n\t•\tBasado en requests con reintentos (Retry) y pool HTTP.\n\t•\tWordlist adicional y paths por CLI.\n\t•\tHEAD primero (--head-first) y follow redirects (--follow).\n\t•\tProxy fácilmente integrable (Burp/ZAP).\n\t•\tFiltrado de códigos interesantes (--codes) y modo verbose.\n\t•\tGuardado en JSON o CSV.\n\t•\tDetección de fingerprints Symfony (p. ej., X-Debug-Token, FOSJsRouting, Encore manifest/entrypoints).\n\n---\n\n## 🏴‍☠️ Instalación\n\n```bash\n# Clonar el repositorio\ngit clone https://github.com/m10often/Symfony-Endpoint-Scanner.git\ncd Symfony-Endpoint-Scanner\n\n# (Opcional) Entorno virtual\npython3 -m venv venv \u0026\u0026 source venv/bin/activate\n\n# Instalar dependencias\npip3 install -r requirements.txt\n```\n---\n## 🏴‍☠️ Uso\n\n# [+] Escaneo rápido de rutas conocidas:\n\n```bash\npython3 SymfonyScanner.py https://example.com\n```\n\n# [+] Mostrar solo resultados que coincidan con ciertos códigos y, si quieres ver también no coincidentes, añade --verbose.\n```bash\npython3 SymfonyScanner.py https://example.com --codes 200,301,302,403 --verbose\n```\n\n# [+] Escaneo con wordlist adicional y seguimiento de redirecciones:\n\n```bash\npython3 SymfonyScanner.py https://example.com -w rutas.txt --follow\n```\n\n# [+] Escaneo con limitación de tasa y guardar resultados:\n\n```bash\npython3 SymfonyScanner.py https://example.com --rps 4 --threads 20 --format json --out host_scan.json --codes 200,301,302 --save-all\n```\n\n# [+] inimizar ruido en clientes:\n\n```bash\n--head-first --codes 200,301,302,401,403\n```\n# [+] Inspección en BurpSuite (proxy):\n\n```bash\n--proxy http://127.0.0.1:8080\n--insecure    # Desactiva verificación TLS\n```\n```bash\npython3 SymfonyScanner.py https://example.com --proxy http://127.0.0.1:8080\n```\n\n# [+] Probar HEAD antes de GET (más corto en respuestas que soportan HEAD)\n```bash\npython3 SymfonyScanner.py https://example.com --head-first\n```\n\n# [+] Ralentizar por petición (delay) — por hilo\n```bash\n# cada hilo espera ~100ms antes de cada petición\npython scanner.py https://example.com --threads 20 --delay 0.1\n```\n\n# Opciones:\n```bash\n\t•\t-w, --wordlist → Archivo de rutas adicionales.\n\t•\t-p, --paths → Rutas extra por CLI (/health /metrics).\n\t•\t--codes → Filtrar solo ciertos códigos de estado (200,301,302,403).\n\t•\t--head-first → Intenta HEAD antes de GET (más sigiloso).\n\t•\t--proxy → Enviar tráfico a un proxy (http://127.0.0.1:8080).\n\t•\t--threads → Número de hilos concurrentes (default: 20).\n\t•\t--format y --out → Guardar resultados en json o csv.\n```\n\n# Escanear una app Symfony filtrando solo respuestas relevantes:\n```bash\npython3 SymfonyScanner.py https://target.com --head-first --codes 200,301,302,401,403\n```\n\n# Las no coincidencias:\n```bash\npython3 SymfonyScanner.py https://target.com --head-first --codes 200,301,302,401,403 --verbose\n```\n\n# Escanear con wordlist y guardar en CSV:\n```bash\npython3 SymfonyScanner.py https://target.com -w symfony-common.txt --format csv --out resultados.csv\n```\n\n---\n\n\n## 🏴‍☠️ Ejemplo de salida\n\n```bash\n====================================================================================\n     ☠️ Symfony Endpoint Scanner v1.3.0 ☠️\n   Busca rutas públicas comunes de Symfony\n       + Smart placeholders \u0026 fuzzing\n====================================================================================\n\n☠️ Escaneando endpoints comunes de Symfony en: https://target.com \n\n[+] [base] https://target.com/_profiler (Status 200) (123 ms) [text/html] | X-Debug-Token presente (Symfony Profiler)\n[-] [base] https://target.com/build/vendor.js (Status 404) (45 ms) [text/html]\n[+] [base] https://target.com/_wdt/abcdef1234 (Status 200) (98 ms) [text/html]\n\n» Lanzando fuzzing dirigido: 12 variantes | hilos=8\n\n[+] [fuzz] https://target.com/_wdt/0000000000000000 (Status 200) (91 ms) [text/html] [parent=/ _wdt/abcdef1234]\n[-] [fuzz] https://target.com/_wdt/deadbeef (Status 404) (87 ms) [text/html] [parent=/ _wdt/abcdef1234]\n\n```\n---\n\n## 🏴‍☠️ Apóyame\n\nSi esta herramienta te ha sido útil o quieres apoyar futuros desarrollos, puedes invitarme un café ☕ o hacer una donación. ¡Cualquier apoyo cuenta!\n\n[![Donate with PayPal](https://img.shields.io/badge/PayPal-Donate-blue.svg)](https://www.paypal.com/paypalme/moften)\n\n---\n\n## 🏴‍☠️ Contacto y redes\n\n- 💌 Correo: [m10sec@proton.me](mailto:m10sec@proton.me)\n- 🌐 Blog: [https://m10.com.mx](https://m10.com.mx)\n- 🐦 Twitter: [@hack4lifemx](https://twitter.com/hack4lifemx)\n- 💼 LinkedIn: [Francisco Santibañez](https://www.linkedin.com/in/franciscosantibanez)\n- 🐙 GitHub: [github.com/m10sec](https://github.com/moften)\n\n---\n\n## 🏴‍☠️ Filosofía\n\nCreo en un mundo donde los usuarios tienen control sobre su privacidad. Esta herramienta nace desde la trinchera del pentesting real, con amor por la libertad digital y el hacking con propósito.\n\n---\n\n⭐ Si te gustó este proyecto, dale una estrella en GitHub y compártelo con tu comunidad.\nSi este proyecto te sirve, puedes invitarme un café ☕\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoften%2Fsymfony-endpoint-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoften%2Fsymfony-endpoint-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoften%2Fsymfony-endpoint-scanner/lists"}