Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/melbadry9/ScanApi
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
https://github.com/melbadry9/ScanApi
bugbounty recon s3-bucket-scanner subdomains-enumeration
Last synced: 21 days ago
JSON representation
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
- Host: GitHub
- URL: https://github.com/melbadry9/ScanApi
- Owner: melbadry9
- Created: 2019-05-04T02:52:04.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-05-01T14:47:20.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:34:24.740Z (4 months ago)
- Topics: bugbounty, recon, s3-bucket-scanner, subdomains-enumeration
- Language: Python
- Homepage:
- Size: 45.3 MB
- Stars: 38
- Watchers: 0
- Forks: 19
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-hacking-lists - melbadry9/ScanApi - Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner. (Python)
README
# ScanApi ![Python 3.5](https://img.shields.io/badge/Python-3.x-blue.svg) ![linux 64-bit](https://img.shields.io/badge/Linux-64bit-blue.svg) [![Total alerts](https://img.shields.io/lgtm/alerts/g/melbadry9/ScanApi.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/melbadry9/ScanApi/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/melbadry9/ScanApi.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/melbadry9/ScanApi/context:python)
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
## Installing
- Linux
```bash
git clone https://github.com/melbadry9/ScanApi.git
cd ScanApi
sudo bash install.sh
python3 app.py
```- Docker
```bash
docker build -t scanapi:latest .
docker run -d -p 8000:8000 scanapi
```- Update `config.ini` before building docker image.
- Add slack hook in `config.ini` if Slack is Enabled.
- Commit docker image `docker commit scanapi:latest` to avoid losing data from db.
## Endpoints
1. `/enum/domain//`
- Start subdomain enumeration task in background then update db
- Domain ex: `example.com`2. `/enum/s3//`
- Start s3 bucket permissions scanner and update db
- Bucket-name ex: `example-prod`3. `/db/domain//`
- Retrieve all subdomains from db if any exist4. `/db/domain//?pro=http`
- Retrieve subdomains with port 80 opened from db if any exist5. `/db/domain//?pro=https`
- Retrieve subdomains with port 443 opened from db if any exist6. `/db/s3//`
- Retrieve s3 bucket scanner data from db if any exist7. `/scan/domain//`
- Start scanning for possible subdomain takeover depending on db
- Domain ex: `example.com`## Supported Tools
- [Amass](https://github.com/OWASP/Amass)
- [Gasset](https://github.com/melbadry9/gasset)
- [Findomain](https://github.com/Edu4rdSHL/findomain)
- [Subfinder](https://github.com/projectdiscovery/subfinder)
- [Subover](https://github.com/melbadry9/SubOver)
- [Sublist3r](https://github.com/melbadry9/Sublist3r)
- [Httprobe](https://github.com/tomnomnom/httprobe)
- [Gobuster](https://github.com/OJ/gobuster)
- [Assetfinder](https://github.com/tomnomnom/assetfinder)
- [Chaos](https://github.com/projectdiscovery/chaos-client)## To-Do list
- [ ] Add directory brute forcing monitoring
- [ ] Add open ports monitoring
- [ ] Add scheduling jobs
- [ ] Add UI## Donation
[![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/black_img.png)](https://buymeacoffee.com/melbadry9)