Skip to content
/ zerro Public

This is the private automated vulnerability scanner

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

theamanrawat/zerro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
__pycache__
__pycache__
 
 
config
config
 
 
core
core
 
 
output
output
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
targets.txt
targets.txt
 
 
zerro.py
zerro.py
 
 

Repository files navigation

zerro

This is a vulnerability scanner which scans for reflected XSS and SSTI.

Scanning workflow

  1. Enumerate subdomains using Sublist3r.
  2. Crawl each subdomain using ZAP.
  3. Replace parameter value to HTML tags i:e., >, < and check for reflection.
  4. If found any then it will notify you on discord.

Installation & Setup

Requiremnts

  • ZAP Python API
pip install python-owasp-zap-v2.4

Setup

  1. Install the ZAP and get the API Key.
  2. Save the API key in /config/config.json
{
	"Version":"0.1",
	"ZapApiKey":"API-KEY-HERE"
}
  1. Create a discord server and get the webhook URL. Save the webhook URL in core/utils.py
def notifyIfFileMofidy():
		web_hook = "WEB-HOOK_URL-HERE"
		webhook = DiscordWebhook(url=web_hook, content=f'[+] Possible XSS reported please check found.txt')

Run

  1. Enter target to targets.txt
http://testphp.vulnweb.com 
*.evil.com

Add http:// or https:// for testing single website and *. for testing subdomains.

  1. Run zerro.py
python3 zerro.py

About

This is the private automated vulnerability scanner

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages