Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfigurations and phishing domains – all powered by a blend of open-source and custom tools.
Click here to know more about the features in detail.
Mantis supports multiple installation types. Installing Mantis via Docker would be a good start to get a hang of the framework.
Considering that Mantis also includes MongoDB and AppSmith, we have provided a shell script that installs all the components.
Setup Video – Click Here
Clone the Mantis repository
git clone https://github.com/PhonePe/mantis.gitcd into the Mantis directory
cd mantis/setup/dockerRun the respective docker setup file based on your OS
./docker-setup-macos.sh
./docker-setup-ubuntu.shFor uninstalling Mantis (remove all the resources created by installation), run the following command in the same directory
docker compose downOnce the docker setup is complete, please run a scan and follow the below instructions to setup the dashboard.
mantis onboard -o org_name -t example.in
usage:
ONBOARD: (First time scan, Run this !!)
mantis onboard -o example_org -t www.example.org
mantis onboard -o example_org -f file.txt
SCAN:
mantis scan -o example_org
mantis scan -o example_org -a example_app
options:
-h, --help list command line options
subparser:
{onboard,scan}
onboard Onboard a target
scan Scan an orgusage:
ONBOARD: (First time scan, Run this !!)
mantis onboard -o example_org -t example.tld
mantis onboard -o example_org -f file.txt
options:
-h, --help show this help message and exit
-t HOST, --host HOST top level domain to scan
-f FILE_NAME, --file_input FILE_NAME
path to file containing any combination of TLD, subdomain, IP-range, IP-CIDR
-w WORKFLOW, --workflow WORKFLOW
workflow to be executed as specified in config file
-o ORG, --org ORG name of the organisation
-a APP, --app APP scan only subdomains that belong to an app
-p, --passive run passive port scan
-s, --stale mark domains as stale (domains purchased but not in use)
-i, --ignore_stale ignore stale domains during scan
-tc THREAD_COUNT, --thread_count THREAD_COUNT
thread count, default 10
-r, --use_ray use ray framework for distributed scans
-n NUM_ACTORS, --num_actors NUM_ACTORS
number of ray actors, default 10
-d, --delete_logs delete logs of previous scans
-v, --verbose print debug logs
-aws AWS_PROFILES, --aws_profiles AWS_PROFILES
List of comma separated aws profiles for Route53
You want to onboard an org with its TLDs/IPs/IP-CIDRs/IP Range for the first time, use the onboard mode. This runs the scan on the default workflow.
mantis onboard -o org_name -t example.in IP
mantis onboard -o org_name -t 10.123.123.12IP-Range
mantis onboard -o org_name -t 203.0.113.0-10IP-CIDR
mantis onboard -o org_name -t 203.0.113.0/24Onboard Known Assets and Scan
mantis onboard -o org_name -f input.txtNow that you have onboarded, you just need to run scheduled scans for an org, you can just use the scan mode
mantis scan -o org_nameScan on all assets belonging to an organisation and app
mantis scan -o org_name -a app_nameshadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…