Greaper Scanner

Greaper is a multi-purpose web security scanner that performs various security checks on websites or lists of URLs. It includes options for checking status codes, scanning for vulnerabilities, checking content lengths, performing IP lookups, and much more.

Features

Status code checks (-sc)
Directory fuzzing (-df)
Subdomain enumeration (-s)
SQL Injection, XSS, LFI vulnerability scans (-sqli, -xss, -lfi)
IP lookup and bypass (-ip)
Content length checks (-cl)
Security header checks (-sec)
CORS misconfiguration checks (-cors)
Host header injection detection (-hh)
Live URL checks (-lv)
CVE scans by fingerprint (-cve)
JavaScript files scanning for sensitive info (-info)

Prerequisites

Python 3.6 or newer
Install required Python packages from requirements.txt.

Installation

Clone the repository with git clone https://github.com/algorethmpwd/greaper.git or download greaper.py and requirements.txt.
Install the dependencies listed in requirements.txt:
```
pip install -r requirements.txt
```

Usage

Greaper allows you to scan a single URL or a list of URLs. Each scan mode is activated using a specific flag. Here are some examples:

Basic Syntax

python3 greaper.py -u <url> -sc
python3 greaper.py -l <file_with_urls.txt> -sc

Examples

1. Checking Status Codes

python3 greaper.py -u https://example.com -sc

2. Directory Fuzzing

python3 greaper.py -u https://example.com -df

3. CORS Misconfiguration Scan

python3 greaper.py -u https://example.com -cors

4. SQL Injection Scan with a Payload File

python3 greaper.py -u https://example.com -sqli -p sqli_payloads.txt

5. Scanning Multiple URLs from a File

python3 greaper.py -l urls.txt -sec

Options and Flags

Option	Description
`-u`, `--url`	Specify a single URL to scan.
`-l`, `--list`	File containing multiple URLs to scan, one URL per line.
`-sc`	Check status codes.
`-df`	Directory fuzzing for common paths or with a custom list.
`-s`	Enable subdomain enumeration.
`-sqli`	Run SQL Injection detection. Requires `-p` for payloads.
`-xss`	Enable XSS scan. Requires `-p` with payloads.
`-lfi`	Enable Local File Inclusion scan. Requires `-p`.
`-cors`	Scan for CORS misconfiguration.
`-hh`	Scan for Host Header Injection.
`-ip`	Perform IP lookup for the target.
`-cl`	Check content length of the target URLs.
`-lv`	Check if the target subdomains are live.
`-info`	Scan JS files for sensitive information.
`-sec`	Check security headers on the URLs.
`-cve`	Scan for CVEs based on server fingerprint.
`-p`	File containing payloads for scans like SQLi, XSS, etc.
`-o`	Output file to save results.

Notes

URL Format: URLs should include http:// or https:// in the file specified by -l.
Results: Results will display in the terminal and save to an output file if specified with -o.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
src		src
.gitignore		.gitignore
README.md		README.md
greaper.py		greaper.py
index.html		index.html
package-lock.json		package-lock.json
package.json		package.json
postcss.config.js		postcss.config.js
requirements.txt		requirements.txt
tailwind.config.js		tailwind.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Greaper Scanner

Features

Prerequisites

Installation

Usage

Basic Syntax

Examples

1. Checking Status Codes

2. Directory Fuzzing

3. CORS Misconfiguration Scan

4. SQL Injection Scan with a Payload File

5. Scanning Multiple URLs from a File

Options and Flags

Notes

About

Uh oh!

Releases

Packages

Uh oh!

Languages

algorethmpwd/greaper

Folders and files

Latest commit

History

Repository files navigation

Greaper Scanner

Features

Prerequisites

Installation

Usage

Basic Syntax

Examples

1. Checking Status Codes

2. Directory Fuzzing

3. CORS Misconfiguration Scan

4. SQL Injection Scan with a Payload File

5. Scanning Multiple URLs from a File

Options and Flags

Notes

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages