VXScan : Python3 Comprehensive Scanning Tool

VXScan is a Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station.

Version 1.0 Update

• 2019.6.18
• Fixed the problem of fingerprint recognition iis website error, modified apps.json
• Removed some third-party libraries and scripts that are prone to errors
• Scanning is completed if it flashes, it is because the program first detects dns parsing and ping operation.
• The first time you use Vxscan, fake_useragent will load the ua list of https://fake-useragent.herokuapp.com/browsers/0.1.11here, and a load timeout error may occur.

Also Read – WhatBreach : OSINT Tool To Find Breached Emails & Databases

Requirements

• Python version > 3.6
• requests
• tqdm
• pyfiglet
• fake-useragent
• beautifulsoup4
• geoip2
• tldextract
• python-nmap
• geoip2
• tldextract
• lxml
• pymongo
• virustotal_python
• apt install libpq-dev nmap
• wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
• After decompressing, put GeoLite2-City.mmdb inside to vxscan/db/GeoLite2-City.mmdb
• wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz
• After decompressing, put the GeoLite2-ASN.mmdb inside to vxscan/db/GeoLite2-ASN.mmdb
• pip3 install -r requirements.txt

Features

• Generate a dictionary list using Cartesian product method, support custom dictionary list
• Random UserAgent, XFF, X-Real-IP
• Customize 404 page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumps
• When scanning the directory, first detect the http port and add multiple http ports of one host to the scan target.
• Filter invalid Content-Type, invalid status?
• WAF/CDN detection
• Use the socket to send packets to detect common ports and send different payload detection port service fingerprints.
• Hosts that encounter full port open (portspoof) automatically skip
• Call wappalyzer.json and WebEye to determine the website fingerprint
• It is detected that the CDN or WAF website automatically skips
• Call nmap to identify the operating system fingerprint
• Call weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…)
• Call POC scan based on fingerprint identification or port, or click on the open WEB port of IP
• Analyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js file
• Grab website connections, test SQL injection, LFI, etc.
• Call some online interfaces to obtain information such as VT, www.yougetsignal.com and other websites, determine the real IP through VT pdns, and query the website by www.yougetsignal.com and api.hackertarget.com.

Usage

python3 Vxscan.py -h

optional arguments:
-h, –help show this help message and exit
-u URL, –url URL Start scanning this url -u xxx.com
-i INET, –inet INET cidr eg. 1.1.1.1 or 1.1.1.0/24
-f FILE, –file FILE read the url from the file
-t THREADS, –threads THREADS
Set scan thread, default 150
-e EXT, –ext EXT Set scan suffix, -e php,asp
-w WORD, –word WORD Read the dict from the file

• Scan a website

python3 vxscan.py -u http://www.xxx.com/

• Scan a website from a file list

python3 vxscan.py -f hosts.txt

• cidr eg. 1.1.1.1 or 1.1.1.0/24

python3 vxscan.py -i 127.0.0.0/24

• Set thread 100, combine only php suffix, use custom dictionary

python3 vxscan.py -u http://www.xxx.com -e php -t 100 -w ../dict.txt

Structure

Waf/CDN list

• 360
• 360wzws
• Anquanbao
• Armor
• BaiduYunjiasu
• AWS WAF
• AdNovum
• Airee CDN
• Art of Defence HyperGuard
• ArvanCloud
• Barracuda NG
• Beluga CDN
• BinarySEC
• BlockDoS
• Bluedon IST
• CacheFly CDN
• ChinaCache CDN
• Cisco ACE XML Gateway
• CloudFlare CDN
• Cloudfront CDN
• Comodo
• CompState
• DenyALL WAF
• DenyAll
• Distil Firewall
• DoSArrest Internet Security
• F5 BIG-IP APM
• F5 BIG-IP ASM
• F5-TrafficShield
• Fastly CDN
• FortiWeb
• FortiWeb Firewall
• GoDaddy
• GreyWizard Firewall
• HuaweiCloudWAF
• HyperGuard Firewall
• IBM DataPower
• ISAServer
• Immunify360
• Imperva SecureSphere
• Incapsula CDN
• Jiasule
• KONA
• KeyCDN
• ModSecurity
• NGENIX CDN
• NSFOCUS
• Naxsi
• NetContinuum
• NetContinuum WAF
• Neusoft SEnginx
• Newdefend
• Palo Alto Firewall
• PerimeterX Firewall
• PowerCDN
• Profense
• Qiniu CDN
• Reblaze Firewall
• SDWAF
• Safe3
• Safedog
• SiteLock TrueShield
• SonicWALL
• SonicWall
• Sophos UTM Firewall
• Stingray
• Sucuri
• Teros WAF
• Usp-Sec
• Varnish
• Wallarm
• WatchGuard
• WebKnight
• West263CDN
• Yundun
• Yunsuo
• ZenEdge Firewall
• aesecure
• aliyun
• azion CDN
• cloudflare CDN
• dotDefender
• limelight CDN
• maxcdn CDN
• mod_security
• yunsuo

Output

The following is the AWVS scanner test website results