# z0scan **Repository Path**: Biz-Spring_0/z0scan ## Basic Information - **Project Name**: z0scan - **Description**: An efficient active/passive scanning tool for vulnerability detection in risk assets. | 一款风险资产漏洞检测与辅助性的高效主、被动扫描工具. - **Primary Language**: Python - **License**: GPL-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 2 - **Created**: 2025-05-12 - **Last Updated**: 2025-05-12 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README



Z0SCAN

An efficient active/passive scanning tool for vulnerability detection and auxiliary assessment of risky assets.

English | 中文

GitHub Repo stars

## ⚠️ Disclaimer > If you engage in any illegal activities while using this project and its included tools, you shall bear all corresponding consequences. We assume no legal or joint liability. > By using this software or otherwise indicating your acceptance of this agreement, you are deemed to have read and agreed to be bound by this agreement. ## 🌟 Advantages 1. Integration of WAF detection, fingerprint information, and plugin scanning **"Fewer WAF triggers, lower request volume, precise targeting"** 2. Support for pseudo-static pages and other vulnerability types **"Broader detection coverage"** 3. Auxiliary discovery of sensitive information and potential vulnerabilities **"Enhanced discovery capabilities"** 4. SQLite3 support for scan records and data storage **"Large-scale, high-efficiency operations"** 5. Open-source Python3 implementation **"High customizability"** ## 🔧 Installation **cryptography** dependency installation (optional): |Environment|Command| |:---:|:----:| |Debian/Ubuntu| `apt install python-cryptography` | |Termux| `pkg install python-cryptography` | |Alpine/iSH| `apk add py3-cryptography` | Install via **Pypi** ```bash pip install z0scan z0scan ``` Install via **GitHub** clone ```bash git clone https://github.com/JiuZero/z0scan cd z0scan pip install -r requirements.txt python3 z0scan.py ``` ## 🚀 Usage ``` usage: z0scan [options] options: -h, --help show this help message and exit -v, --version Show program's version number and exit --debug Show programs's exception -l LEVEL, --level LEVEL Different level use different kind of scanner (Default [0, 1, 2, 3]) Proxy: Passive Agent Mode Options -s SERVER_ADDR, --server-addr SERVER_ADDR Server addr format:(ip:port) Target: Options has to be provided to define the target(s) -u URL, --url URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") -f URL_FILE, --file URL_FILE Scan multiple targets given in a textual file Request: Network request options -p PROXY, --proxy PROXY Use a proxy to connect to the target URL,Support http,https,socks5,socks4 eg:http@127.0.0.1:8080 or socks5@127.0.0.1:1080 --timeout TIMEOUT Seconds to wait before timeout connection (Default 10) --retry RETRY Time out retrials times (Default 2) --random-agent Use randomly selected HTTP User-Agent header value Output: Output options --html When selected, the output will be output to the output directory by default, or you can specify --json JSON The json file is generated by default in the output directory, you can change the path Optimization: Optimization options -t THREADS, --threads THREADS Max number of concurrent network requests (Default 31) -iw, --ignore-waf Ignore the WAF during detection -sc, --scan-cookie Scan cookie during detection --disable DISABLE Disable some plugins (e.g. --disable SQLiBool,SQLiTime) --able ABLE Enable some moudle (e.g. --enable SQLiBool,SQLiTime) ``` ## ⚡️ Plugin List - PerFile |Plugin Name|Description| |:---:|:----:| |sqli-bool|SQL Boolean-based Blind Injection| |sqli-time|SQL Time-based Blind Injection| |sqli-error|SQL Error-based Injection| |codei-asp|ASP Code Execution| |codei-php|PHP Code Execution| |cmdi|Command Execution| |objectdese|Deserialization Parameter Analysis| |sensi-js|JavaScript Sensitive Information Leakage| |sensi-jsonp|JSONP Sensitive Information Leakage| |sensi-php-phprealpath|PHP Real Path Discovery| |redirect|Redirect| |xpathi-error|Error-based XPATH Injection| |trave-path|Path Traversal| - PerFolder |Plugin Name|Description| |:---:|:----:| |sensi-backupfolder|Backup File Scanning| |trave-dir|Directory Traversal| |sensi-repositoryleak|Source Code Repository Leakage| |sensi-php-phpinfo|Phpinfo File Discovery| - PerServer |Plugin Name|Description| |:---:|:----:| |sensi-iis-shortname|IIS Short File Name Vulnerability| |other-nginx_iis-parse|IIS and Nginx Parsing Vulnerabilities| |sensi-errorpage|Error Page Sensitive Information Leakage| |takeover-oss|OSS Bucket Takeover| |xss-net|.NET Universal XSS| |crlf-nginx|Nginx CRLF Injection| |other-nginx-clearcache|Nginx Misconfiguration - Cache Clearing| |xss-flash|Flash Universal XSS| |sensi-nginx-readvar|Nginx Misconfiguration - Variable Reading| |other-idea-parse|Idea Directory Parsing| |sensi-backupdomain|Domain-based Backup File Detection| |upload-oss| OSS bucket file overwriting upload vulnerability| |sensi-viewstate|unencrypted VIEWSTATE discovery| - Plugin development guidelines: [DEV.MD](https://github.com/JiuZero/z0scan/blob/master/doc/DEV.MD) ## ✨ References During the development of z0scan, we referenced numerous projects including but not limited to: ``` - [w13scan](https://github.com/w-digital-scanner/w13scan) - [sqlmap](https://github.com/sqlmapproject/sqlmap) - [Vxscan](https://github.com/al0ne/Vxscan) - [Sitadel](https://github.com/shenril/Sitadel) etc… ``` - Full list available [here](https://github.com/JiuZero/z0scan/blob/master/doc/THANKS.MD) ## 🔆 Changelog & License - Changelog: [CHANGELOG](https://github.com/JiuZero/z0scan/blob/master/doc/CHANGE.MD) - GPL-2.0 License: [LICENSE](https://github.com/JiuZero/z0scan/blob/master/LICENSE) ## ❤️ Contact |Platform|Contact| |:---:|:----:| |QQ|3973580951| |Email|jiuzer0@qq.com| |WeiXin|JiuZer1|