Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/melbadry9/ScanApi

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
https://github.com/melbadry9/ScanApi

bugbounty recon s3-bucket-scanner subdomains-enumeration

Last synced: 3 months ago
JSON representation

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Host: GitHub
URL: https://github.com/melbadry9/ScanApi
Owner: melbadry9
Created: 2019-05-04T02:52:04.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-05-01T14:47:20.000Z (over 1 year ago)
Last Synced: 2024-05-08T01:33:02.873Z (6 months ago)
Topics: bugbounty, recon, s3-bucket-scanner, subdomains-enumeration
Language: Python
Homepage:
Size: 45.3 MB
Stars: 38
Watchers: 0
Forks: 19
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Awesome Lists containing this project

awesome-hacking-lists - melbadry9/ScanApi - Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner. (Python)

README

        # ScanApi ![Python 3.5](https://img.shields.io/badge/Python-3.x-blue.svg) ![linux 64-bit](https://img.shields.io/badge/Linux-64bit-blue.svg) [![Total alerts](https://img.shields.io/lgtm/alerts/g/melbadry9/ScanApi.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/melbadry9/ScanApi/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/melbadry9/ScanApi.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/melbadry9/ScanApi/context:python)

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

## Installing

- Linux

 ```bash

git clone https://github.com/melbadry9/ScanApi.git

cd ScanApi

sudo bash install.sh

python3 app.py

```

- Docker

```bash

docker build -t scanapi:latest .

docker run -d -p 8000:8000 scanapi

```

- Update `config.ini` before building docker image.

- Add slack hook in `config.ini` if Slack is Enabled.

- Commit docker image `docker commit  scanapi:latest` to avoid losing data from db.

## Endpoints  

1. `/enum/domain//`

    - Start subdomain enumeration task in background then update db

    - Domain ex: `example.com`

2. `/enum/s3//`

    - Start s3 bucket permissions scanner and update db

    - Bucket-name ex: `example-prod`

3. `/db/domain//`

    - Retrieve all subdomains from db if any exist

4. `/db/domain//?pro=http`

    - Retrieve subdomains with port 80 opened from db if any exist

5. `/db/domain//?pro=https`

    - Retrieve subdomains with port 443 opened from db if any exist

6. `/db/s3//`

    - Retrieve s3 bucket scanner data from db if any exist

7. `/scan/domain//`

    - Start scanning for possible subdomain takeover depending on db

    - Domain ex: `example.com`

## Supported Tools

- [Amass](https://github.com/OWASP/Amass)

- [Gasset](https://github.com/melbadry9/gasset)

- [Findomain](https://github.com/Edu4rdSHL/findomain)

- [Subfinder](https://github.com/projectdiscovery/subfinder)

- [Subover](https://github.com/melbadry9/SubOver)

- [Sublist3r](https://github.com/melbadry9/Sublist3r)

- [Httprobe](https://github.com/tomnomnom/httprobe)

- [Gobuster](https://github.com/OJ/gobuster)

- [Assetfinder](https://github.com/tomnomnom/assetfinder)

- [Chaos](https://github.com/projectdiscovery/chaos-client)

## To-Do list

- [ ] Add directory brute forcing monitoring

- [ ] Add open ports monitoring

- [ ] Add scheduling jobs

- [ ] Add UI

## Donation

[![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/black_img.png)](https://buymeacoffee.com/melbadry9)