Skip to content

N3LL4-01/Catcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
website_scanner
website_scanner
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 

Repository files navigation

Catcher - Web Vulnerability Scanner

animated-line-image-0379

  ______        __  ___________  ______    __    __    _______   _______   
 /" _  "\      /""\("     _   ")/" _  "\  /" |  | "\  /"     "| /"      \  
(: ( \___)    /    \)__/  \\__/(: ( \___)(:  (__)  :)(: ______)|:        | 
 \/ \        /' /\  \  \\_ /    \/ \      \/      \/  \/    |  |_____/   ) 
 //  \ _    //  __'  \ |.  |    //  \ _   //  __  \\  // ___)_  //      /  
(:   _) \  /   /  \\  \\:  |   (:   _) \ (:  (  )  :)(:      "||:  __   \  
 \_______)(___/    \___)\__|    \_______) \__|  |__/  \_______)|__|  \___)

DISCLAIMER - It's a community project and not finished yet!

videoooo.mp4

Catcher is a web vulnerability scanner that detects security holes in web applications. It supports the detection of CMS, XSS, unsafe file uploads and many other vulnerabilities. Please remember that it is a tool that provides you with the relevant information at first glance to give you an idea of ​​your target domain. It does NOT replace a professional scan! It is intended as an aid!

animated-line-image-0379

Goal-Features

  • Detects Vulnerable Cookies: Identifies cookies that are vulnerable based on three attributes: HttpOnly, Secure, and SameSite.
  • HttpOnly: False means the cookie is accessible via JavaScript, making it vulnerable.
  • Secure: False indicates the cookie is not encrypted over HTTPS, making it vulnerable.
  • SameSite: None allows the cookie to be sent with cross-site requests, making it vulnerable.
  • Cookies Collected: Lists specific cookies and their values, which might be used for further analysis or debugging.
    image

animated-line-image-0379

  • CMS Detection: Detects popular CMS like WordPress, Joomla, Drupal, and Typo3.
  • Domain Information: Provides initial domain information like IP address, server details,Plugins etc.
  • File Upload Checks: Checks for insecure file uploads and configuration files.
  • SQL Injection: Checks for simple SQL injection vulnerabilities.
  • Session Management: Checks for session management vulnerabilities.
  • DOM Changes: Analyzes insecure elements in the DOM.
  • Captcha Detection: Detects missing captchas in forms.

image

animated-line-image-0379

  • XSS Detection: Detects Cross-Site Scripting (XSS) vulnerabilities.
asfsafsafsafa.mp4

animated-line-image-0379

Installation

  1. Clone the repository:

    git clone https://github.com/N3LL4-01/Catcher.git
cd Catcher

  2. Install the required dependencies:

    pip install -r requirements.txt

  3. Download Geckodriver: Download Geckodriver and place it in the website_scanner directory.

  4. Set executable permissions for Geckodriver (macOS/Linux users only):

    chmod +x path/to/geckodriver

Usage

  1. Start the scanner:

    python run.py

  2. Follow the prompts: Enter the domain to scan (including http:// or https://).

Credits

thanks @xwolfde for CMS inspiration

About

Webscanner

Resources

Readme

License

MIT license
Activity

Stars

99 stars

Watchers

7 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages