Skip to main content

Web pentesting CLI - scan ports, fuzz directories, hunt headers, and probe for vulns

Project description

██████╗ ██╗   ██╗███╗   ██╗███████╗ ██████╗ ██████╗
██╔══██╗╚██╗ ██╔╝████╗  ██║╚══███╔╝██╔═══██╗██╔══██╗
██████╔╝ ╚████╔╝ ██╔██╗ ██║  ███╔╝ ██║   ██║██████╔╝
██╔═══╝   ╚██╔╝  ██║╚██╗██║ ███╔╝  ██║   ██║██╔══██╗
██║        ██║   ██║ ╚████║███████╗╚██████╔╝██║  ██║
╚═╝        ╚═╝   ╚═╝  ╚═══╝╚══════╝ ╚═════╝ ╚═╝  ╚═╝

Web pentesting, sharpened.

PyPI version Python License: MIT GitHub Stars

Scan ports · Fuzz directories · Hunt headers · Probe for SQLi & XSS · Enumerate subdomains

Demo · Install · Usage · Commands · Download


Demo

Watch the demo on YouTube


Features

  • One command, full scan — run every module against a target in a single invocation
  • Modular architecture — each technique is an isolated Python module, easy to extend
  • Rich terminal output — color-coded severity levels, live spinners, clean layout
  • JSON & HTML reports — export results for sharing or archiving
  • Async HTTP enginehttpx-powered parallel requests for speed
  • Bundled wordlists — works out of the box, no setup required
  • Fully testedpytest test suite with async support

Install

pipx (recommended for CLI users)

pipx installs Pynzor into its own isolated venv, keeping your system Python clean:

pipx install Pynzor

pip

pip install Pynzor

From source

git clone https://github.com/yal212/Pynzor.git
cd Pynzor
pip install -e .

uv

uv sync
uv run Pynzor --help

Download

No Python required — grab a prebuilt binary from GitHub Releases:

Platform File Run
Windows Pynzor.exe Pynzor.exe --help
macOS Pynzor-macos chmod +x Pynzor-macos && ./Pynzor-macos --help
Linux Pynzor-linux chmod +x Pynzor-linux && ./Pynzor-linux --help

macOS note: If blocked by Gatekeeper, run xattr -d com.apple.quarantine ./Pynzor-macos or allow it via System Settings → Privacy & Security.


Usage

Full scan with HTML report

Pynzor scan -t https://example.com -f html
Sample output
Running full scan on https://example.com

╭─ Port Scanner ─╮
╰────────────────╯
 Port   Status   Service     Latency
 80     open     http        0.042s
 443    open     https       0.039s
 22     closed                0.012s

╭─ Directory Fuzzer ─╮
╰────────────────────╯
 URL                         Status   Size
 https://example.com/admin   401      92
 https://example.com/api     200      4213
Found 2 directories

╭─ Security Headers ─╮
╰────────────────────╯
 Header                      Status   Risk
 Strict-Transport-Security   ✓        high
 Content-Security-Policy     ✗        high
Score: 65/100 (Grade: D)

JSON report saved to: reports/scan_20260421_141203.json
HTML report saved to: reports/scan_20260421_141203.html

Directory fuzzing

Pynzor fuzz -t https://example.com --wordlist ./mylist.txt --threads 30
Sample output
Fuzzing directories on https://example.com
! SPA/catch-all detected (probe '/pynzor-baseline-4f3a...' returned 200,
  4213 bytes). Filtering matches.
 URL                         Status   Size
 https://example.com/admin   401      92
 https://example.com/api/v1  200      1842
Found 2 directories
Filtered 128 paths matching catch-all baseline (use --no-baseline to disable)

Baseline filtering protects against SPAs and reverse proxies that return 200 OK + the same body for every path. Use --no-baseline to see raw results.

Security header analysis

Pynzor headers -t https://example.com
Sample output
Analyzing headers on https://example.com
 Header                      Status   Risk
 Strict-Transport-Security   ✓        high
 Content-Security-Policy     ✗        high
 X-Frame-Options             ✓        high
 X-Content-Type-Options      ✓        medium
 Referrer-Policy             ✗        medium
Score: 70/100 (Grade: C)
Missing: Content-Security-Policy, Referrer-Policy

Subdomain enumeration

Pynzor subdomain -t https://example.com
Sample output
Enumerating subdomains of example.com
! Wildcard DNS detected → 203.0.113.42. Subdomains resolving to these IPs
  are filtered (use --include-wildcard to show them).
 Subdomain                 Status
 api.example.com           responded
 mail.example.com          responded
Found 2 subdomains
Filtered 87 subdomains matching wildcard DNS

Wildcard detection probes two random subdomains first; if both resolve to the same IP set, matching wordlist hits are filtered to avoid false positives.

SQL injection probe

Pynzor sqli -t "https://example.com/item?id=1"

XSS detection

Pynzor xss -t https://example.com -v

Sample reports


Commands

Command Description
scan Full scan — run all modules
fuzz Directory & file fuzzing
headers Security header analysis
sqli SQL injection probe
xss Reflected XSS detection
subdomain Subdomain enumeration
report Re-generate report from JSON

Configuration

Source installs include a config.yaml for fine-tuning:

  • HTTP timeout, retries, user-agent string
  • Rate limiting and redirect behavior
  • Output format and directory
  • Port lists, wordlist paths, thread counts

Disclaimer

Pynzor is for authorized testing only. Only use it on systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.


MIT License — see LICENSE · Made by yal212

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pynzor-1.0.8.tar.gz (37.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pynzor-1.0.8-py3-none-any.whl (46.3 kB view details)

Uploaded Python 3

File details

Details for the file pynzor-1.0.8.tar.gz.

File metadata

  • Download URL: pynzor-1.0.8.tar.gz
  • Upload date:
  • Size: 37.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pynzor-1.0.8.tar.gz
Algorithm Hash digest
SHA256 3c340e944d9af39b37496748a103485cbc67f23a7505ad74aecb937e0660f1ea
MD5 7d8c99b91d6ad4d74686a81949f8437e
BLAKE2b-256 4f66a657d3225caf4928a68fdae638aac06e7bc2bbb69b8e7cedb2126a06b41d

See more details on using hashes here.

Provenance

The following attestation bundles were made for pynzor-1.0.8.tar.gz:

Publisher: release.yml on yal212/Pynzor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pynzor-1.0.8-py3-none-any.whl.

File metadata

  • Download URL: pynzor-1.0.8-py3-none-any.whl
  • Upload date:
  • Size: 46.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pynzor-1.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 c0bfdc2b9a387d51d3f30dfe4851f1ce3bac4cb673548fe52f511b7f56cb833b
MD5 5be9880c14dd3f54fcfdf740a782ddc3
BLAKE2b-256 6987a231b662e3b9bbde5e5a91fb38871d90614d59da9ee2b5dbaf1bea52381f

See more details on using hashes here.

Provenance

The following attestation bundles were made for pynzor-1.0.8-py3-none-any.whl:

Publisher: release.yml on yal212/Pynzor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page