SpyHunt v4.0: A comprehensive Network Scanner & Vulnerability Assessment tool. Automate OSINT, Reconnaissance, and Bug Bounty hunting with advanced scanners (XXE, SSRF, SSTI, SQLi) plus Nuclei & Shodan integration. (Fork from @gotr00t0day)
SpyHunt v4.0 (Security Hardened) - A comprehensive network scanning and vulnerability assessment tool designed for security professionals and penetration testers. This tool performs comprehensive reconnaissance and vulnerability assessment on target networks and web applications, combining multiple scanning techniques with various external tools to provide extensive security intelligence.
π What's New in v4.0
5 New Advanced Vulnerability Scanners
- β XXE Scanner - XML External Entity injection detection
- β SSRF Scanner - Server-Side Request Forgery detection
- β SSTI Scanner - Server-Side Template Injection (Jinja2, Twig, Freemarker, Velocity, ERB, Smarty)
- β NoSQL Injection Scanner - MongoDB and CouchDB injection detection
- β CRLF Scanner - HTTP header injection detection
Security Enhancements
- β Command Injection Protection - Secure command execution prevents shell injection attacks
- β
SSL Verification Control - SSL certificate verification enabled by default (use
--insecureto disable) - β
Structured Logging - All operations logged to
spyhunt.logwith rotation - β Input Validation - Comprehensive validation prevents injection attacks
- β HTTP Session Management - Connection pooling and automatic retries for better performance
Here's a high-level overview of its functionality
It imports various libraries for network operations, web scraping, and parallel processing.
The script defines a colorful banner and sets up command-line argument parsing for different scanning options.
It includes multiple scanning functions for different purposes:
π Advanced Vulnerability Scanners (v4.0)
- XXE (XML External Entity) Injection - File disclosure, SSRF via XXE, AWS metadata exposure
- SSRF (Server-Side Request Forgery) - Internal network probing, cloud metadata endpoints, bypass techniques
- SSTI (Server-Side Template Injection) - Jinja2, Twig, Freemarker, Velocity, ERB, Smarty detection
- NoSQL Injection - MongoDB and CouchDB authentication bypass and injection
- CRLF Injection - HTTP header injection, response smuggling, XSS via CRLF
Reconnaissance & Information Gathering
- Subdomain enumeration
- Technology detection
- DNS record scanning
- Web crawling and URL extraction
- Favicon hash calculation
- IP address extraction
- Domain information gathering
- Shodan integration for additional recon
- Network vulnerability analysis
- Wayback machine URL retrieval
- JavaScript file discovery
- Port Scanning & CIDR Notation Scanning
Vulnerability Detection
- SQL Injection
- XSS (Cross-Site Scripting)
- Host header injection testing
- CORS misconfiguration
- HTTP request smuggling detection
- Subdomain Takeover
- Open Redirect
- Directory Traversal
- Local File Inclusion (LFI) scanning with Nuclei
- 403 Forbidden bypass attempts
- Security header analysis
- JSON Web Token vulnerabilities
- Heap dump analysis
- DNS zone transfer
Fuzzing & Brute Forcing
- Directory and file brute-forcing
- API endpoint fuzzing
- Parameter mining
- Login form brute-forcing
- FTP brute-forcing with proxy support
- SMB password spraying
Cloud Security
- AWS S3 Bucket Enumeration
- Azure resource scanning
- GCP Storage scanning
Other Features
- Custom Headers
- Google dorking
- Broken link checking
- Auto Recon
- JavaScript file scanning for sensitive info
- Web Server Detection
The script uses multithreading and multiprocessing to perform scans efficiently.
It includes options to save results to files and customize scan parameters.
The tool integrates with external tools and APIs like Shodan, Nmap, and various web-based services.
It implements various techniques to bypass restrictions and discover vulnerabilities.
The script includes a CIDR notation scanner for port scanning across IP ranges.
INSTALLATION
Quick Installation (Recommended)
Linux / macOS / WSL
Install With CURL
curl -sSL https://raw.githubusercontent.com/Pymmdrza/SpyHunt/main/install.sh | bash
Install With wget
wget -qO- https://raw.githubusercontent.com/Pymmdrza/SpyHunt/main/install.sh | bash
Install With pip
curl -sSL https://raw.githubusercontent.com/Pymmdrza/SpyHunt/main/install.sh | bash -s -- --pip
Install virtual environment
curl -sSL https://raw.githubusercontent.com/Pymmdrza/SpyHunt/main/install.sh | bash -s -- --venv
Windows (Powershell)
Method 1
irm https://raw.githubusercontent.com/Pymmdrza/SpyHunt/refs/heads/main/install.ps1 | iex
Method 2
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Pymmdrza/SpyHunt/refs/heads/main/install.ps1" -OutFile "install.ps1"
.\install.ps1
Method Bypass
Set-ExecutionPolicy Bypass -Scope Process -Force; irm https://raw.githubusercontent.com/Pymmdrza/SpyHunt/refs/heads/main/install.ps1 | iex
Install directly from PyPI using pip:
[!NOTE]
If Not Installpip(root) :apt update&&apt upgrade -y&&apt install -y python3-pip
Linux Distributions:
pip3 install spyhunt
Upgrade Package :
pip install --upgrade spyhunt
Install with --break-system-packages without env in root:
sudo pip install spyhunt --break-system-packages
After installation, you can run SpyHunt from anywhere:
spyhunt --help
Manual Installation (Development)
For development or if you want to modify the code:
git clone https://github.com/Pymmdrza/spyhunt.git
cd spyhunt
pip3 install -r requirements.txt
sudo python3 install.py
Note: The install.py script installs external dependencies like nuclei, subfinder, and other tools required for full functionality.
USAGE
After installing via pip, you can use SpyHunt from anywhere:
spyhunt [options]
For detailed help:
spyhunt --help
Command Line Options
usage: spyhunt [-h] [-sv filename.txt | -wl filename.txt] [-th 25] [-s domain.com]
[-d domains.txt] [-p domains.txt] [-r domains.txt] [-b domains.txt]
[-pspider domain.com] [-w https://domain.com] [-j domain.com]
[-wc https://domain.com] [-fi https://domain.com] [-fm https://domain.com]
[-na https://domain.com] [-ri IP] [-rim IP] [-sc domain.com]
[-ph domain.txt] [-co domains.txt] [-hh domain.com] [-sh domain.com]
[-ed domain.com] [-smu domain.com] [-ips domain list] [-dinfo domain list]
[-isubs domain list] [-nft domains.txt] [-n domain.com or IP]
[-api domain.com] [-sho domain.com] [-fp domain.com] [-db domain.com]
[-cidr IP/24] [-ps 80,443,8443] [-pai IP/24]
[-xss https://example.com/page?param=value]
[-sqli https://example.com/page?param=value] [-shodan KEY]
[-webserver domain.com] [-javascript domain.com] [-dp DEPTH] [-je file.txt]
[-hibp password] [-pm domain.com] [-ch domain.com] [-or domain.com]
[-asn AS55555] [-st subdomains.txt] [-ar domain.com] [-jwt token]
[-jwt-modify token] [-heapds heapdump.txt] [-heapts domain.com]
[-f_p domain.com] [-nl] [-nc domain.com] [-nct template.yaml] [-v]
[-c CONCURRENCY] [-gs] [-e EXTENSIONS] [-x EXCLUDE] [-u]
[--shodan-api SHODAN_API] [--proxy PROXY] [--proxy-file PROXY_FILE]
[--heapdump HEAPDUMP] [--output-dir OUTPUT_DIR] [-aws domain.com]
[-az domain.com] [--s3-scan S3_SCAN] [-gcp domain.com] [-zt domain.com]
[-ssrfp domains.txt] [--ipinfo TARGET] [--token TOKEN]
[--save-ranges FILENAME] [--forbidden_domains FORBIDDEN_DOMAINS]
[--brute-user-pass domain.com] [--username_wordlist domain.com]
[--password_wordlist domain.com] [-fs HOST[:PORT]]
[--ftp-userlist users.txt] [--ftp-passlist passwords.txt]
[--ftp-proxylist proxies.txt] [--smb_scan] [--smb_auto]
[--spray-userlist SPRAY_USERLIST] [--spray-passlist SPRAY_PASSLIST]
[--spray-password SPRAY_PASSWORD] [--smb-target SMB_TARGET]
[--smb-user SMB_USER] [--smb-pass SMB_PASS] [--smb-domain SMB_DOMAIN]
options:
-h, --help show this help message and exit
-sv, --save filename.txt
save output to file
-wl, --wordlist filename.txt
wordlist to use
-th, --threads 25 default 25
-p, --probe domains.txt
probe domains.
-r, --redirects domains.txt
links getting redirected
-fi, --favicon https://domain.com
get favicon hashes
-fm, --faviconmulti https://domain.com
get favicon hashes
-ri, --reverseip IP reverse ip lookup
-rim, --reverseipmulti IP
reverse ip lookup for multiple ips
-sc, --statuscode domain.com
statuscode
-sh, --securityheaders domain.com
scan for security headers
-ed, --enumeratedomain domain.com
enumerate domains
-isubs, --importantsubdomains domain list
extract interesting subdomains from a list like dev, admin, test and etc..
-webserver, --webserver_scan domain.com
webserver scan
-v, --verbose Increase output verbosity
-c, --concurrency CONCURRENCY
Maximum number of concurrent requests
--shodan-api SHODAN_API
Shodan API key for subdomain enumeration
--proxy PROXY Use a proxy (e.g., http://proxy.com:8080)
--proxy-file PROXY_FILE
Load proxies from file
--heapdump HEAPDUMP Analyze Java heapdump file
--output-dir OUTPUT_DIR
Output directory
--forbidden_domains FORBIDDEN_DOMAINS
File containing list of domains to scan for forbidden bypass
Update:
-u, --update Update the script
Nuclei Scans:
-nl, --nuclei_lfi Find Local File Inclusion with nuclei
-nc, --nuclei domain.com
scan nuclei on a target
-nct, --nuclei_template template.yaml
use a nuclei template
Vulnerability:
π ADVANCED SCANNERS (v4.0):
--xxe, --xxe_scan https://example.com/api/xml
Scan for XXE (XML External Entity) vulnerabilities
--ssrf, --ssrf_scan https://example.com/api?url=test
Scan for SSRF (Server-Side Request Forgery) vulnerabilities
--ssti, --ssti_scan https://example.com/page?template=test
Scan for SSTI (Server-Side Template Injection) vulnerabilities
--nosqli, --nosql_scan https://example.com/api?id=test
Scan for NoSQL injection vulnerabilities
--crlf, --crlf_scan https://example.com/redirect?url=test
Scan for CRLF injection vulnerabilities
--callback-url http://your-server.com
Callback URL for out-of-band vulnerability testing
STANDARD SCANNERS:
-b, --brokenlinks domains.txt
search for broken links
-ph, --pathhunt domain.txt
check for directory traversal
-co, --corsmisconfig domains.txt
cors misconfiguration
-hh, --hostheaderinjection domain.com
host header injection
-smu, --smuggler domain.com
enumerate domains
-fp, --forbiddenpass domain.com
Bypass 403 forbidden
-xss, --xss_scan https://example.com/page?param=value
scan for XSS vulnerabilities
-sqli, --sqli_scan https://example.com/page?param=value
scan for SQLi vulnerabilities
-or, --openredirect domain.com
open redirect
-st, --subdomaintakeover subdomains.txt
subdomain takeover
-jwt, --jwt_scan token
analyze JWT token for vulnerabilities
-jwt-modify, --jwt_modify token
modify JWT token
-heapds, --heapdump_file heapdump.txt
file for heapdump scan
-heapts, --heapdump_target domain.com
target for heapdump scan
-zt, --zone-transfer domain.com
Test for DNS zone transfer vulnerability
-ssrfp, --ssrfparams domains.txt
Get SSRF parameters from a list of domains
Security Options:
--insecure Disable SSL certificate verification (insecure, not recommended)
Crawlers:
-pspider, --paramspider domain.com
extract parameters from a domain
-w, --waybackurls https://domain.com
scan for waybackurls
-j domain.com find javascript files
-wc, --webcrawler https://domain.com
scan for urls and js files
-javascript, --javascript_scan domain.com
scan for sensitive info in javascript files
-dp, --depth DEPTH Crawling depth (default: 2)
-je, --javascript_endpoints file.txt
extract javascript endpoints
-hibp, --haveibeenpwned password
check if the password has been pwned
Passive Recon:
-s domain.com scan for subdomains
-d, --dns domains.txt
scan a list of domains for dns records
-na, --networkanalyzer https://domain.com
net analyzer
-ips, --ipaddresses domain list
get the ips from a list of domains
-dinfo, --domaininfo domain list
get domain information like codes,server,content length
-sho, --shodan_ domain.com
Recon with shodan
-shodan, --shodan_api KEY
shodan api key
-gs, --google Google Search
Fuzzing:
-nft, --not_found domains.txt
check for 404 status code
-api, --api_fuzzer domain.com
Look for API endpoints
-db, --directorybrute domain.com
Brute force filenames and directories
-pm, --param_miner domain.com
param miner
-ch, --custom_headers domain.com
custom headers
-asn, --automoussystemnumber AS55555
asn
-ar, --autorecon domain.com
auto recon
-f_p, --forbidden_pages domain.com
forbidden pages
-e, --extensions EXTENSIONS
Comma-separated list of file extensions to scan
-x, --exclude EXCLUDE
Comma-separated list of status codes to exclude
Port Scanning:
-n, --nmap domain.com or IP
Scan a target with nmap
-cidr, --cidr_notation IP/24
Scan an ip range to find assets and services
-ps, --ports 80,443,8443
Port numbers to scan
-pai, --print_all_ips IP/24
Print all ips
Bruteforcing:
--brute-user-pass domain.com
Bruteforcing username and password input fields
--username_wordlist domain.com
Bruteforcing username and password input fields
--password_wordlist domain.com
Bruteforcing username and password input fields
FTP Scanning:
-fs, --ftp_scan HOST[:PORT]
FTP server to scan (e.g., host or host:port)
--ftp-userlist users.txt
Path to a custom username list for FTP bruteforcing
--ftp-passlist passwords.txt
Path to a custom password list for FTP bruteforcing
--ftp-proxylist proxies.txt
Path to a proxy list for FTP bruteforcing (format: socks5://host:port,
socks4://host:port, http://host:port, or just IP:PORT for SOCKS5; only working
proxies will be used automatically)
Cloud Security:
-aws, --aws-scan domain.com
Scan for exposed AWS resources
-az, --azure-scan domain.com
Scan for exposed Azure resources
--s3-scan S3_SCAN Scan for exposed S3 buckets
-gcp, --gcp-scan domain.com
Scan for exposed GCP Storage resources
IP Information:
--ipinfo TARGET Get IP info for a company domain/IP
--token TOKEN IPinfo API token
--save-ranges FILENAME
Save IP ranges to file
SMB Automated Pentest:
--smb_scan Run SMB scan
--smb_auto Run automated SMB pentest
--spray-userlist SPRAY_USERLIST
User list for password spraying
--spray-passlist SPRAY_PASSLIST
Password list for password spraying
--spray-password SPRAY_PASSWORD
Single password to test against userlist
--smb-target SMB_TARGET
Target IP or hostname for SMB automation
--smb-user SMB_USER Username for credential testing
--smb-pass SMB_PASS Password for credential testing
--smb-domain SMB_DOMAIN
Domain for credential testing
EXAMPLE
Scan for subdomains and save the output to a file.
spyhunt -s yahoo.com --save filename.txt
Scan for subdomains but also extract subdomains from shodan
spyhunt -s yahoo.com --shodan API_KEY --save filename.txt
Scan a file of domains to extract subdomains
spyhunt -s domains.txt --save filename.txt
Scan for javascript files
spyhunt -j yahoo.com --depth 4 --save jsfiles.txt -c 20
Scan for dns records
spyhunt -d domains.txt
Scan for FavIcon hashes
spyhunt -fi domain.com
Web Crawler
spyhunt -wc [https://www.domain.com](https://www.domain.com)
Web Crawler with depth
spyhunt -wc [https://www.domain.com](https://www.domain.com) --depth 5
Broken Links
spyhunt -b [https://www.domain.com](https://www.domain.com)
Cors Misconfiguration Scan
spyhunt -co domains.txt
Host Header Injection
spyhunt -hh domains.txt
Host Header Injection With proxy
spyhunt -hh domains.txt --proxy [http://proxy.com:8080](http://proxy.com:8080)
Directory Brute Forcing
spyhunt --directorybrute domain.com --wordlist list.txt --threads 50 -e php,txt,html -x 404,403
Directory Brute Forcing with no extensions
spyhunt --directorybrute domain.com --wordlist list.txt --threads 50 -x 404,403
Scanning a subnet
spyhunt --cidr_notation IP/24 --ports 80,443 --threads 200
Directory Traversal
spyhunt -ph domain.com?id=
sql injection
spyhunt -sqli domain.com?id=1
xss
spyhunt -xss domain.com?id=1
JavaScript file scanning for sensitive info
spyhunt -javascript domain.com
Javascript endpoint fuzzing
spyhunt -javascript_endpoint domains.txt -c 20 --save filename.txt
Modify the headers of the request
spyhunt -ch domain.com
Parameter bruteforcing
spyhunt -pf domain.com
Open Redirect
spyhunt -or domain.com -v -c 50
Haveibeenpwned
spyhunt -hibp password
Subdomain Takeover
spyhunt -st domains.txt --save vuln_subs.txt -c 50
Auto Recon
spyhunt -ar domain.com
JSON Web Token
spyhunt -jwt Token
JSON Web Token Modification
spyhunt -jwt-modify Token
AWS S3 Bucket Enumeration
spyhunt --s3-scan bucket.com
Heap Dump Analysis
spyhunt --heapdump heapdump_file
Spring Boot Actuator Scan
spyhunt --heapdump_target domain.com
Heap Dump Scan with file
spyhunt --heapdump_file heapdump.txt
Cloud Aws Scan
spyhunt --aws_scan domain.com
Cloud Azure Scan
spyhunt --azure_scan domain.com
Checks for 403 forbidden domains and saves it to a file
spyhunt --forbidden_pages domains.txt
Scan a list of domains to bypass 403 forbidden
spyhunt --forbidden_domains domains.txt
Scan google storage
spyhunt --gcp-scan domain.com
Brute Forcing Login Forms With Proxies
spyhunt --brute-user-pass [domain.com/login](https://domain.com/login) --username_wordlist usernames --password_wordlist passwords --proxy-file proxies.txt --verbose
Brute Forcing Login Forms Witout Proxies
spyhunt --brute-user-pass [domain.com/login](https://domain.com/login) --username_wordlist usernames --password_wordlist passwords --verbose
Nuclei Scan
spyhunt --nuclei domain.com --nuclei-template nuclei-templates/cves/CVE-2024-22208.yaml
SSRF Params
spyhunt --ssrfparams links.txt
FTP Scan
spyhunt -fs domain.com
FTP Scan with a port
spyhunt -fs domain.com:2121
FTP Scan with userlist and passlist
spyhunt -fs domain.com --ftp-userlist usernames.txt --ftp-passlist passwords.txt
SMB Automated Pentest (Anonymous, Blank Creds, RID Brute)
spyhunt --smb_auto --smb-target 10.129.228.111
SMB Pentest with Specific Credentials
spyhunt --smb_auto --smb-target 10.129.228.111 --smb-user mhope --smb-pass ""
SMB Pentest with Domain Credentials
spyhunt --smb_auto --smb-target 10.129.228.111 --smb-user mhope --smb-pass "" --smb-domain megabank.local
SMB Password Spraying with User and Password Lists
spyhunt --smb_auto --smb-target 10.129.228.111 --spray-userlist users.txt --spray-passlist passwords.txt
SMB Password Spraying with Single Password
spyhunt --smb_auto --smb-target 10.129.228.111 --spray-userlist users.txt --spray-password "Password1"
SMB Full Pentest (Credentials + Password Spray)
spyhunt --smb_auto --smb-target 10.129.228.111 --smb-user mhope --smb-pass "" --spray-userlist users.txt --spray-password "Welcome1"
π New Advanced Vulnerability Scanners (v4.0)
XXE (XML External Entity) Scanner
Test for XXE vulnerabilities in XML endpoints:
# Basic XXE scan
spyhunt --xxe https://example.com/api/xml
# With custom callback URL for out-of-band detection
spyhunt --xxe https://example.com/api/xml --callback-url http://your-server.com
# Save results to file
spyhunt --xxe https://example.com/api/xml --save xxe_results.json
# With verbose logging
spyhunt --xxe https://example.com/api/xml -v
What it detects:
- Classic XXE with callback
- Blind XXE
- File disclosure (Linux:
/etc/passwd, Windows:win.ini) - SSRF via XXE
- AWS metadata exposure
SSRF (Server-Side Request Forgery) Scanner
Test for SSRF vulnerabilities:
# Basic SSRF scan
spyhunt --ssrf "https://example.com/api?url=test"
# With callback domain
spyhunt --ssrf "https://example.com/api?url=test" --callback-url http://your-domain.com
# Save results
spyhunt --ssrf "https://example.com/fetch?url=test" --save ssrf_results.json
What it detects:
- Internal network access (127.0.0.1, localhost, 0.0.0.0)
- Cloud metadata endpoints (AWS, GCP, Azure, DigitalOcean, Oracle)
- Bypass techniques (octal, hex, decimal encoding, DNS rebinding)
- File disclosure via
file://protocol - Port scanning via SSRF
SSTI (Server-Side Template Injection) Scanner
Test for template injection vulnerabilities:
# Basic SSTI scan
spyhunt --ssti "https://example.com/page?template=test"
# Multiple parameters
spyhunt --ssti "https://example.com/render?name=test&title=hello"
# Save results
spyhunt --ssti "https://example.com/view?template=test" --save ssti_results.json
Template engines detected:
- Jinja2 (Python/Flask)
- Twig (PHP/Symfony)
- Freemarker (Java)
- Velocity (Java)
- ERB (Ruby/Rails)
- Smarty (PHP)
NoSQL Injection Scanner
Test for NoSQL injection in MongoDB and CouchDB:
# Basic NoSQL injection scan
spyhunt --nosqli "https://example.com/api?id=test"
# User authentication endpoint
spyhunt --nosqli "https://example.com/api/login?username=test&password=test"
# Save results
spyhunt --nosqli "https://example.com/api/users?id=test" --save nosql_results.json
What it detects:
- Authentication bypass
- Operator injection (
$ne,$gt,$regex,$where) - Time-based blind injection
- JavaScript injection in MongoDB
CRLF Injection Scanner
Test for HTTP header injection vulnerabilities:
# Basic CRLF scan
spyhunt --crlf "https://example.com/redirect?url=test"
# Multiple URL parameters
spyhunt --crlf "https://example.com/page?ref=test&return=home"
# Save results
spyhunt --crlf "https://example.com/goto?url=test" --save crlf_results.json
What it detects:
- Set-Cookie header injection
- Location header manipulation
- HTTP response smuggling
- XSS via CRLF injection
Security Features
SSL Verification Control
# SSL verification ON by default (recommended)
spyhunt --xxe https://example.com/api/xml
# Disable SSL verification for testing (not recommended for production)
spyhunt --xxe https://self-signed.local/api/xml --insecure
Logging
All operations are automatically logged to spyhunt.log:
# Enable verbose logging
spyhunt --xxe https://example.com/api/xml --verbose
# View logs in real-time
tail -f spyhunt.log
# Search logs
grep "XXE vulnerability" spyhunt.log
Bug Bounty Workflow Example
# 1. Enumerate subdomains
spyhunt -s target.com --save subdomains.txt
# 2. Probe for live hosts
spyhunt -p subdomains.txt --save live_hosts.txt
# 3. Run comprehensive vulnerability scans
spyhunt --xxe https://api.target.com/xml --save xxe_findings.json
spyhunt --ssrf "https://api.target.com/fetch?url=test" --save ssrf_findings.json
spyhunt --ssti "https://target.com/render?template=test" --save ssti_findings.json
spyhunt --nosqli "https://api.target.com/users?id=test" --save nosql_findings.json
spyhunt --crlf "https://target.com/redirect?url=test" --save crlf_findings.json
# 4. Traditional vulnerability scans
spyhunt --xss "https://target.com/search?q=test"
spyhunt --sqli "https://target.com/product?id=1"
spyhunt -co live_hosts.txt
Documentation
For detailed information:
- NEW_FEATURES_README.md - Quick start guide for v4.0 features
- INTEGRATION_COMPLETE.md - Complete integration details
- SECURITY_ANALYSIS_REPORT.md - Comprehensive security analysis
- WHAT_CHANGED.md - Summary of changes from v3.4 to v4.0
Security Notes
Default Security Settings (v4.0)
- β SSL certificate verification is enabled by default
- β
All operations are logged to
spyhunt.log - β Command injection protection is active
- β Input validation prevents injection attacks
Best Practices
- Always use SSL verification in production (
--insecureonly for testing) - Review logs regularly for security events
- Save scan results with
--savefor documentation - Use
--verbosefor detailed debugging - Test on authorized targets only
Version History
v4.0 (Security Hardened) - October 2025
- β Added XXE Scanner
- β Added SSRF Scanner
- β Added SSTI Scanner
- β Added NoSQL Injection Scanner
- β Added CRLF Injection Scanner
- π Fixed command injection vulnerabilities
- π Added SSL verification control
- π Added structured logging system
- β‘ Added HTTP session management
- π‘οΈ Added input validation framework
Top comments (0)