You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
4 new scanner modules:
scanners/recon.py — Runs first on any URL. Resolves IP, does reverse DNS, pulls DNS records (A/MX/NS/TXT/CNAME/SOA via dnspython), Whois lookup, SSL/TLS certificate analysis, geolocation via ip-api.com, WAF detection against 10 WAF fingerprint libraries. Emits a RECON_JSON: line to stdout for the web GUI.
scanners/port_scanner.py — Scans 70 common ports concurrently (50 threads, 2.5s timeout). Grabs service banners. Classifies ports as CRITICAL (internet-exposed datastores like MongoDB, Redis, Elasticsearch), HIGH (RDP, MySQL, SMB), or INFO. Emits PORT_JSON:.
scanners/tech_detector.py — Fingerprints 80+ technologies from HTTP headers, HTML body, cookies, meta tags, and script URLs. Covers CMS (WordPress/Joomla/Drupal/Magento/Shopify…), frameworks (Laravel/Django/Rails/Spring/Next.js/React/Vue…), servers (Nginx/Apache/IIS/Tomcat/WebLogic…), JS libs, CDNs, analytics, payments. Emits TECH_JSON:.
scanners/cve_scanner.py — Queries NIST NVD API v2.0 (free, no key) for CVEs matching each detected technology. Runs 9 active exploit PoC tests: Drupalgeddon2, Laravel Ignition, Spring4Shell, Log4Shell, Joomla RCE, WordPress XMLRPC + user enum, phpMyAdmin exposure, Elasticsearch/MongoDB no-auth. Emits CVE_JSON:.
Updated files:
main.py — Added INTEL_REGISTRY, Phase-0 scan loop (runs recon→ports→tech→cve before vuln modules), --skip-recon, --skip-ports, --nvd-key flags. TechDetector passes self.technologies to CVEScanner.
web_gui.py — New 🔍 Intel tab in UI showing live cards for Host/IP, Geolocation, SSL, WAF, DNS records, open ports table, tech stack grid, CVE table. _detect_finding() now intercepts RECON_JSON:/PORT_JSON:/TECH_JSON:/CVE_JSON: and emits them as typed SSE events. Sidebar has Phase-0 toggles. scan_start route passes --skip-recon/--skip-ports to CLI.
requirements.txt — Added dnspython>=2.6.0 and python-whois>=0.9.4.
README.md — Fully rewritten with v2.0 feature matrix, architecture diagram, all commands.
commands.txt — Complete command reference with 50+ ready-to-paste commands covering every scenario.
This discussion was created from the release BugScanner v2.1.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
4 new scanner modules:
scanners/recon.py — Runs first on any URL. Resolves IP, does reverse DNS, pulls DNS records (A/MX/NS/TXT/CNAME/SOA via dnspython), Whois lookup, SSL/TLS certificate analysis, geolocation via ip-api.com, WAF detection against 10 WAF fingerprint libraries. Emits a RECON_JSON: line to stdout for the web GUI.
scanners/port_scanner.py — Scans 70 common ports concurrently (50 threads, 2.5s timeout). Grabs service banners. Classifies ports as CRITICAL (internet-exposed datastores like MongoDB, Redis, Elasticsearch), HIGH (RDP, MySQL, SMB), or INFO. Emits PORT_JSON:.
scanners/tech_detector.py — Fingerprints 80+ technologies from HTTP headers, HTML body, cookies, meta tags, and script URLs. Covers CMS (WordPress/Joomla/Drupal/Magento/Shopify…), frameworks (Laravel/Django/Rails/Spring/Next.js/React/Vue…), servers (Nginx/Apache/IIS/Tomcat/WebLogic…), JS libs, CDNs, analytics, payments. Emits TECH_JSON:.
scanners/cve_scanner.py — Queries NIST NVD API v2.0 (free, no key) for CVEs matching each detected technology. Runs 9 active exploit PoC tests: Drupalgeddon2, Laravel Ignition, Spring4Shell, Log4Shell, Joomla RCE, WordPress XMLRPC + user enum, phpMyAdmin exposure, Elasticsearch/MongoDB no-auth. Emits CVE_JSON:.
Updated files:
main.py — Added INTEL_REGISTRY, Phase-0 scan loop (runs recon→ports→tech→cve before vuln modules), --skip-recon, --skip-ports, --nvd-key flags. TechDetector passes self.technologies to CVEScanner.
web_gui.py — New 🔍 Intel tab in UI showing live cards for Host/IP, Geolocation, SSL, WAF, DNS records, open ports table, tech stack grid, CVE table. _detect_finding() now intercepts RECON_JSON:/PORT_JSON:/TECH_JSON:/CVE_JSON: and emits them as typed SSE events. Sidebar has Phase-0 toggles. scan_start route passes --skip-recon/--skip-ports to CLI.
requirements.txt — Added dnspython>=2.6.0 and python-whois>=0.9.4.
README.md — Fully rewritten with v2.0 feature matrix, architecture diagram, all commands.
commands.txt — Complete command reference with 50+ ready-to-paste commands covering every scenario.
This discussion was created from the release BugScanner v2.1.
Beta Was this translation helpful? Give feedback.
All reactions