Giters

BetterDefender / anchorScan

This tool is designed to help penetration testers to access a large number of anchor paths in the JS and other files of a website in bulk, and to take screenshots of all anchor pages, and finally output reports through html files.该工具旨在帮助渗透测试人员批量访问网站JS和其他文件中的大量锚点路径,并对所有锚点页面进行截图,最后通过html文件输出报告。

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

anchorScan

This tool is designed to help penetration testers to access a large number of anchor paths in the JS and other files of a website in bulk, and to take screenshots of all anchor pages, and finally output reports through html files.

中文版本(Chinese version)

Installation

pip install -r requirements.txt

git clone https://github.com/BetterDefender/anchorScan.git

Chrome Headless

Since this tool uses Selenium to set up a headless browser, you will need to install a browser driver called Chrome Headless before you can use it.

For Windows:

  1. Install the latest version of Chrome browser on your computer
  2. Download Chrome Headless driver at http://chromedriver.chromium.org/downloads
  3. Decompress the downloaded zip file
  4. Add the extracted folder to the environment variables for easy invocation in the command line

For Mac:

  1. Open a terminal.
  2. Use the following command to install Homebrew.(Skip this step if already installed)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  1. Install Chrome using the following command. (Skip this step if already installed)
brew cask install google-chrome
  1. Install the Chrome Headless driver using the following command.
brew install chromedriver

For Linux:

Download Chrome Headless driver at http://chromedriver.chromium.org/downloads.

To install the Chrome Headless driver on your Linux system, the following conditions need to be met.

  1. You already have Google Chrome installed on your Linux system.
  2. You have downloaded the latest version of Chrome Headless driver.

Then, you can follow the steps below to install the Chrome Headless driver.

  1. Extract the downloaded driver file to your preferred directory.
  2. Go to the extracted directory and add the driver to the system path using the following command.
sudo mv chromedriver /usr/local/bin/chromedriver
  1. Use the following command to grant execute privileges.
sudo chmod +x /usr/local/bin/chromedriver

Usage

python3 anchorScan.py -u http://www.example.com/abc/#/

-u Target Site,URL to scan

-t Timeout in seconds,Default is 3 seconds

image-20230104145937912

The uri.txt file needs to be filled in with the anchor points that need to be accessed.

For example:

/test/edit
/test/view
/test/add

When the script is executed, the page will automatically survive the report in html format in the reports directory,screenshots will be saved in the images folder.

HTML report:

image-20230104152449732

Verification method:

  1. URL access requires a incognito browser window, otherwise the target anchor point may not be accessed properly.

image-20230104152034529

  1. You can also open the specified anchor page by typing 'windows.location.hash' into the console in the incognito window.

image-20230104152324193

About

This tool is designed to help penetration testers to access a large number of anchor paths in the JS and other files of a website in bulk, and to take screenshots of all anchor pages, and finally output reports through html files.该工具旨在帮助渗透测试人员批量访问网站JS和其他文件中的大量锚点路径,并对所有锚点页面进行截图,最后通过html文件输出报告。

License:MIT License

Languages

Language:Python 100.0%