Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Overview

EARScanner

Hacker GIF

                    This small python script can do really awesome work.

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, Can Scan Single & Multiple URLs, MultiThreaded, Fast & Reliable, Can Fuzz All URLs of target website & then can scan them for EAR

Disclaimer

💻 This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

Features

  • Works on Windows/Linux
  • MultiThreaded [Fast]
  • Uses GoBuster for Content Discovery (Fuzzing)
  • Can Scan Single URL
  • Can Scan Multiple URLs
  • Can Save Vulnerable URLs in text format
  • Reliable & Easy to Use [Very Less False Positive]

Tested On

Kali) Kali Linux

Windows) Windows 10

Prerequisite

  • Python 3.X
  • Few External Modules

How To Use in Linux

# Navigate to the /opt directory (optional)
$ cd /opt/

# Clone this repository
$ git clone https://github.com/PushpenderIndia/EARScanner.git

# Navigate to EARScanner folder
$ cd EARScanner

# Installing dependencies
$ sudo apt install python3-pip 
$ pip3 install -r requirements.txt

# Installing GoBuster (For More Installation Method, Visit: https://github.com/OJ/gobuster)
# NOTE: GoBuster Tool is Only Required for using --fuzz-scan flag
# PS: You need at least go 1.16.0 to compile gobuster.
$ go install github.com/OJ/gobuster/v3@latest

# Help Menu
$ chmod +x EARScanner.py
$ python3 EARScanner.py --help

# Scanning Single URL
$ python3 EARScanner.py -u https://example.com/admin/dashboard.php

# Scanning Multiple URLs
$ python3 EARScanner.py -uL url_list.txt

# Automatically FUZZ URLs and Scan Them for EAR 
$ python3 EARScanner.py -f https://www.example.com

How To Use in Windows

# Install dependencies 
$ Install latest python 3.x

# Clone this repository or Download this project
$ git clone https://github.com/PushpenderIndia/EARScanner.git

# Navigate to EARScanner folder
$ cd EARScanner

# Installing dependencies
$ pip install -r requirements.txt

# Help Menu
$ python EARScanner.py --help

# Scanning Single URL
$ python EARScanner.py -u https://example.com/admin/dashboard.php

# Scanning Multiple URLs
$ python EARScanner.py -uL url_list.txt

# Automatically FUZZ URLs and Scan Them for EAR 
$ python EARScanner.py -f https://www.example.com

Available Arguments

Short Hand Full Hand Description
-h --help show this help message and exit
-u URL --url URL Scan Single URL for EAR
-uL FILE_CONTAINING_URLS --url-list FILE_CONTAINING_URLS Provide a File Containing URLs [PRO_TIP: Fuzz ALL URLs using tools such as ffuf,gobuster,disbuter,etc & then pass urls_list.txt using this argument] [NOTE: One URL in One Line].
-f FUZZ_AND_SCAN --fuzz-scan FUZZ_AND_SCAN Provide a domain for scanning [It will Fuzz ALL URLs using GoBuster & Then It will scan them.]
-w WORDLIST --wordlist WORDLIST Provide a wordlist for fuzzing. [Only Use With --fuzz-scan]. default=content_discovery_all.txt
-t TIMEOUT --timeout TIMEOUT HTTP Request Timeout. default=60
-th THREADNUMBER --thread THREADNUMBER Parallel HTTP Request Number. default=100
-c CONTENTLENGTH --content-length CONTENTLENGTH Any Content Length for Confirming EAR Vulnerability. default=200
-o OUTPUT --output OUTPUT Output filename [Script will save vulnerable urls by given name]. default=vulnerable.txt

Screenshots:

Help Menu

Single URL Scan

Multiple URL Scan

Auto FUZZ & Scan

Contribute

  • All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.
You might also like...
Js File Scanner This is Js File Scanner
Js File Scanner This is Js File Scanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

USSR-Scanner - USSR Scanner with python
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Raphael is a vulnerability scanning tool based on Python3.
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

Extensive Python3 network scanner, simplified.

Snake Map Extensive Python3 network scanner, simplified. _,.--. --..,_ .'`__ o `;__, `'.'. .'.'` '---'` '

Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion
DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion.

The ultimate Metasploit apk binder with legit apk written in python3
The ultimate Metasploit apk binder with legit apk written in python3

Infector is a python3 based script which is officially made for linux based distro . It binds metasploit payload with original apk with avast antivirus bypassed .

Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX
Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX

🏆 Pancakeswap BSC Sniper Bot web3 with honeypot detector (ANDROID WINDOWS MAC LINUX) 🥇 ⭐️ ⭐️ ⭐️ First SNIPER BOT for ANDROID & WINDOWS with honeypot

Owner
Pushpender Singh
A Ethical Hacker, Programmer & Web Developer who just love to code in python
Pushpender Singh
How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

Stephen Tong 1.2k Dec 25, 2022
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
GRR Rapid Response: remote live forensics for incident response

GRR Rapid Response is an incident response framework focused on remote live forensics. Build Type Status Tests End-to-end Tests Windows Templates Linu

Google 4.3k Jan 5, 2023
Aiminsun 165 Dec 21, 2022
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py

RedHunt Labs 39 Nov 21, 2022
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

Anouar Ben Saad 47 Sep 22, 2022
A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download ?? Use Cases To see where an affiliate link ends up To see what affiliate network is bei

null 41 Nov 22, 2022