Zeus-Scanner – Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.FeaturesA powerful built in URL parsing engineMultiple search engine compatibility (DuckDuckGo, AOL, Bing, and Google default is Google)Ability to extract the URL from Google’s ban URL thus bypassing IP blocksAbility to extract from Google’s webcache URLProxy compatibility (http, https, socks4, socks5)Tor proxy compatibility and Tor browser emulationParse robots.txt/sitemap.xml and save them to a fileMultiple vulnerability assessments (XSS, SQLi, clickjacking, port scanning, admin panel finding, whois lookups, and more)Tamper scripts to obfuscate XSS payloadsCan run with a custom default user-agent, one of over 4000 random user-agents, or a personal user-agentAutomatic issue creation when an unexpected error arisesAbility to crawl a webpage and pull all the linksCan run a singular dork, multiple dorks in a given file, or a random dork from a list of over 5000 carefully researched dorksDork blacklisting when no sites are found with the search query, will save the query to a blacklist fileIdentify WAF/IPS/IDS protection of over 20 different firewallsHeader protection enumeration to check what kind of protection is provided via HTTP headersSaving cookies, headers, and other vital information to log filesand much more…ScreenshotsRunning without a mandatory options, or running the –help flag will output Zeus’s help menu: A basic dork scan with the -d flag, from the given dork will launch an automated browser and pull the Google page results:  Calling the -s flag will prompt for you to start the sqlmap API server python sqlmapapi.py -s from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL’s. You can see more screenshots hereDemoRequirementsThere are some requirements for this to be run successfully.Basic requirementslibxml2-dev, libxslt1-dev, python-dev are required for the installation processFirefox web browser is required as of now, you will need Firefox version <=57 >=51 (between 51 and 57). Full functionality for other browsers will eventually be added.If you want to run sqlmap through the URL’s you will need sqlmap somewhere on your system.If you want to run a port scan using nmap on the URL’s IP addresses. You will need nmap on your system.Geckodriver is required to run the firefox web browser and will be installed the first time you run. It will be added to your /usr/bin so that it can be run in your ENV PATH.You must be sudo for the first time running this so that you can add the driver to your PATH, you also may need to run as sudo depending on your permissions. NOTE: Depending on permissions you may need to be sudo for any run involving the geckodriverxvfb is required by pyvirtualdisplay, it will be installed if not installed on your first runPython package requirementsselenium-webdriver package is required to automate the web browser and bypass API calls.requests package is required to connect to the URL, and the sqlmap APIpython-nmap package is required to run nmap on the URL’s IP addresseswhichcraft package is required to check if nmap and sqlmap are on your system if you want to use thempyvirtualdisplay package is required to hide the browser display while finding the search URLlxml is required to parse XML data for the sitemap and save it as suchpsutil is required to search for running sqlmap API sessionsbeautifulsoup is required to pull all the HREF descriptor tags and parse the HTML into an easily workable syntaxInstallationYou can download the latest tar.gz, the latest zip, or you can find the current stable release here. Alternatively you can install the latest development version by following the instructions that best match your operating system:NOTE: (optional but highly advised) add sqlmap and nmap to your environment PATH by moving them to /usr/bin or by adding them to the PATH via terminalUbuntu/Debiansudo apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.pycentOSsudo apt-get install gcc python-devel libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.pyOtherssudo apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.pyThis will install all the package requirements along with the geckodriverDownload Zeus-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/W-qNf01aRjU/zeus-scanner-advanced-reconnaissance.html