Skip to content

gotr00t0day/Gsec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

264 Commits

core

core

 
 

exploits

exploits

 
 

modules

modules

 
 

output

output

 
 

parsers

parsers

 
 

plugins

plugins

 
 

tools

tools

 
 

utils

utils

 
 

vuln_db

vuln_db

 
 

wordlists

wordlists

 
 

README.md

README.md

 
 

gsec.py

gsec.py

 
 

install.py

install.py

 
 

requirements.txt

requirements.txt

 
 

vulnerable.json

vulnerable.json

 
 

Repository files navigation

Gsec

Web Security Scanner & Exploitation.

Based on custom vulnerability scanners & Nuclei

Python Version Issues Stars Twitter

FeaturesKeysInstallUsageKeyWordsJoin Discord

Features

  • Passive Scan

    • Find assets with shodan
    • RapidDNS to get subdomains
    • Certsh to enumerate subdomains
    • DNS enumeration
    • Waybackurls to fetch old links
    • Find domains belonging to your target

  • Normal / Agressive Scan

    • Domain http code
    • Web port scanning
    • Server information
    • HTTP security header scanner
    • CMS security identifier / misconfiguration scanner
    • Technology scanner
    • Programming Language check
    • Path Traversal scan
    • Web Crawler
    • OS detection
    • Nuclei vulnerability scanning
    • SSRF, XSS, Host header injection and Cors Misconfiguration Scanners.

Installation

Make sure you have GoLang installed, with out it you won't be able to install nuclei.

git clone https://github.com/gotr00t0day/Gsec.git

cd Gsec

pip3 install -r requirements.txt

# Make sure that nuclei-templates is cloned in the / directory. Gsec fetches the templates from ~/nuclei-templates
python3 install.py

Keys

Gsec will fetch the shodan API key from the core directory, the passive recon script supports scanning with shodan,
please save your shodan key in core/.shodan for the scan to be able to work.

OUTPUT

Some outputs that are too large will be saved in a file in the output folder / directory.

Usage

# normal (passive and aggresive scans)

python3 gsec.py -t https://domain.com

# Passive Recon

python3 gsec.py -t https://domain.com --passive_recon

# Ultimate Scan (Scan for High and Severe CVEs and Vulnerabilities with nuclei)

python3 gsec.py --ultimatescan https://target.com

Anonimity

ProxyChains

You can use Proxychains with tor for anonimity.

proxychains -q python3 gsec.py -t https://target.com

Keywords

If Gsec finds a vulnerability and it has the POSSIBLE! keyword in the output that means it could be a false positive and you need to manually test the vulnerability to make sure it's actually vulnerable.

Coming Soon...

I'm working on adding proxy support for Gsec, it will be added in future releases.

Issues

In python3.10+ you might get an SSL error while running Gsec. To fix this issue just pip3 install ceritifi and then do /Applications/Python\ 3.10/Install\ Certificates.command and the issue will be fixed.

About

Web Security Scanner

Topics

security web hacking cybersecurity penetration-testing pentesting nuclei bugbounty vulnerability-scanners security-tools reconnaissance webapplication webappsecurity

Resources

Readme
Activity

Stars

258 stars

Watchers

4 watching

Forks

47 forks
Report repository

Releases 37

v2.1 Latest
Mar 9, 2024
+ 36 releases

Packages

No packages published

Contributors 2

Languages