Website endpoint reconnaissance tool and rate limit tester that bypasses simple captchas.
Project description
Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.0.4)
For Installation, please go to the Installation section below!
How it works
- Uses curl_cffi and playwright-stealth to bypass simple captchas
- Uses a fake path to test which are real paths and which are shells. (websites like SPAs give a lot of trouble to current tools)
- Scrapes all
.jsfiles and<script>tags inside the html with a regex to find paths - Differentiates paths by website endpoints, assets, redirects etc.
- Autofills {id} variables in endpoints as '1' to test the endpoints (can reveal potential IDORs)
- Checks server uptime and prints out JS Stack of the website
- Has a rate limit tester by sending n requests to a certain endpoint
- Can scan extra files like robots.txt for more endpoints
- Also scans for assets like images with a flag to disable showing them
How to run
Command to run after installing (For installation, look for the 'Installation' section.):
Passable arguments:
| Argument | What the argument does |
|---|---|
--ratelimit |
how many requests to send to server to test. Without this argument, the rate limit test is not performed. |
--testpath |
which endpoint to test for rate limiting. Without this argument, the rate limit test will happen on the root directory ('/'). If an endpoint here returns a 404, it also defaults to the root directory. |
--show-404s |
Show inaccessible endpoints. |
--disable-extra-files |
The script won't scan through extra map files like robots.txt for extra endpoints. |
--show-assets |
Show assets like images that the script finds. |
Example command to run (assuming you are testing on https://example.com):
endpointscanner https://example.com --ratelimit 100 --testpath /login --show-404s --show-assets
Installation
You MUST have python 3.9 or above to use this!! To install endpointscanner, run the command:
python3 -m pip install endpointscanner
After that, install chromium on playwright (playwright will be installed when you install endpointscanner):
playwright install chromium
You may need to create a virtual environment if there is PEP 668. (For the endpointscanner installation, not playwright install chromium.)
To create a virtual environment named 'myvenv':
python3 -m venv myvenv
To activate virtual environment on Mac/Linux:
source myvenv/bin/activate
To activate virtual environment on Windows Command Prompt:
myvenv\Scripts\activate
To activate virtual environment on Windows PowerShell:
myvenv\Scripts\Activate.ps1
Alternative (Not Recommended)
If you do not want to create a virtual environment, you can run:
python3 -m pip install endpointscanner --break-system-packages
to install it without PEP 668.
Warning: Using --break-system-packages may corrupt your OS-managed python environment. Proceed entirely at your own risk. The author is not liable for any system damage if you run this.
Updating script
To update the script, you can run:
python3 -m pip install --upgrade endpointscanner
Weaknesses
- If there is a login page, the script will either show that all of the pages require login, or label all of them as 403.
- If there are shells (e.g. React SPA shells) in the page, it may give false positives for sensitive endpoints. If you see sensitive endpoints in the scan, they may not actually be exposed on the website if the website has a shell. (E.g. .gitignore, .env.local)
What was added
Version 7 (7.0.4 is just updating toml and readme) added:
- Patches for more accuracy in scanning
- Showing original endpoints (replaces with 1, but also prints out the endpoint with variables in the actual website code)
Plans for next version
Version 7.1 is planned to have:
- Flag to display endpoints as it finds them to show progress
- Flag to export endpoints found to a text file
- Flag to disable showing the original endpoints to reduce cluttering (So it just replaces the endpoint with 1 and doesn't show end original endpoint with variables, makes terminal neater but loses original endpoint)
ai assisted code btw
Legal Disclaimer
Note that this tool is strictly meant for authorised testing and security research. Running this script on websites where you are not permitted to do so can result in legal action. The author of this script assumes no responsibility for any misuse or legal consequences from running this script. Ensure you have received permission from the owner of the target website before performing tests or scans on their website.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file endpointscanner-7.0.4.tar.gz.
File metadata
- Download URL: endpointscanner-7.0.4.tar.gz
- Upload date:
- Size: 12.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9440ce8a5ed49f43f8bd1ba0e973a19a08dc875f6a4251b666ab2c1aaee85bbf
|
|
| MD5 |
3809fbf82718590950356ea0a054f5dd
|
|
| BLAKE2b-256 |
1fcb8077dbaab5e7b5e9448b06cb0120294479ff6512ba26401f6b852af9d2d1
|
File details
Details for the file endpointscanner-7.0.4-py3-none-any.whl.
File metadata
- Download URL: endpointscanner-7.0.4-py3-none-any.whl
- Upload date:
- Size: 12.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
55fcfe58bd0ba2e3fa41925287be91123e4a7a8a416c8da16dbc4163b6959b99
|
|
| MD5 |
13f1c0451fc96041685714fb0eda474c
|
|
| BLAKE2b-256 |
150fcdcfe82b252b8bb00a50cc71a374a12aba7da35f0a3319cabf5fdd8e6410
|