Web pentesting CLI - scan ports, fuzz directories, hunt headers, and probe for vulns
Project description
██████╗ ██╗ ██╗███╗ ██╗███████╗ ██████╗ ██████╗
██╔══██╗╚██╗ ██╔╝████╗ ██║╚══███╔╝██╔═══██╗██╔══██╗
██████╔╝ ╚████╔╝ ██╔██╗ ██║ ███╔╝ ██║ ██║██████╔╝
██╔═══╝ ╚██╔╝ ██║╚██╗██║ ███╔╝ ██║ ██║██╔══██╗
██║ ██║ ██║ ╚████║███████╗╚██████╔╝██║ ██║
╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝
Web pentesting, sharpened.
Scan ports · Fuzz directories · Hunt headers · Probe for SQLi & XSS · Enumerate subdomains
Demo
Features
- One command, full scan — run every module against a target in a single invocation
- Modular architecture — each technique is an isolated Python module, easy to extend
- Rich terminal output — color-coded severity levels, live spinners, clean layout
- JSON & HTML reports — export results for sharing or archiving
- Async HTTP engine —
httpx-powered parallel requests for speed - Bundled wordlists — works out of the box, no setup required
- Fully tested —
pytesttest suite with async support
Install
pipx (recommended for CLI users)
pipx installs Pynzor into its own isolated venv, keeping your system Python clean:
pipx install Pynzor
pip
pip install Pynzor
From source
git clone https://github.com/yal212/Pynzor.git
cd Pynzor
pip install -e .
uv
uv sync
uv run Pynzor --help
Download
No Python required — grab a prebuilt binary from GitHub Releases:
| Platform | File | Run |
|---|---|---|
| Windows | Pynzor.exe |
Pynzor.exe --help |
| macOS | Pynzor-macos |
chmod +x Pynzor-macos && ./Pynzor-macos --help |
| Linux | Pynzor-linux |
chmod +x Pynzor-linux && ./Pynzor-linux --help |
macOS note: If blocked by Gatekeeper, run
xattr -d com.apple.quarantine ./Pynzor-macosor allow it via System Settings → Privacy & Security.
Usage
Full scan with HTML report
Pynzor scan -t https://example.com -f html
Sample output
Running full scan on https://example.com
╭─ Port Scanner ─╮
╰────────────────╯
Port Status Service Latency
80 open http 0.042s
443 open https 0.039s
22 closed 0.012s
╭─ Directory Fuzzer ─╮
╰────────────────────╯
URL Status Size
https://example.com/admin 401 92
https://example.com/api 200 4213
Found 2 directories
╭─ Security Headers ─╮
╰────────────────────╯
Header Status Risk
Strict-Transport-Security ✓ high
Content-Security-Policy ✗ high
Score: 65/100 (Grade: D)
JSON report saved to: reports/scan_20260421_141203.json
HTML report saved to: reports/scan_20260421_141203.html
Directory fuzzing
Pynzor fuzz -t https://example.com --wordlist ./mylist.txt --threads 30
Sample output
Fuzzing directories on https://example.com
! SPA/catch-all detected (probe '/pynzor-baseline-4f3a...' returned 200,
4213 bytes). Filtering matches.
URL Status Size
https://example.com/admin 401 92
https://example.com/api/v1 200 1842
Found 2 directories
Filtered 128 paths matching catch-all baseline (use --no-baseline to disable)
Baseline filtering protects against SPAs and reverse proxies that return
200 OK + the same body for every path. Use --no-baseline to see raw
results.
Security header analysis
Pynzor headers -t https://example.com
Sample output
Analyzing headers on https://example.com
Header Status Risk
Strict-Transport-Security ✓ high
Content-Security-Policy ✗ high
X-Frame-Options ✓ high
X-Content-Type-Options ✓ medium
Referrer-Policy ✗ medium
Score: 70/100 (Grade: C)
Missing: Content-Security-Policy, Referrer-Policy
Subdomain enumeration
Pynzor subdomain -t https://example.com
Sample output
Enumerating subdomains of example.com
! Wildcard DNS detected → 203.0.113.42. Subdomains resolving to these IPs
are filtered (use --include-wildcard to show them).
Subdomain Status
api.example.com responded
mail.example.com responded
Found 2 subdomains
Filtered 87 subdomains matching wildcard DNS
Wildcard detection probes two random subdomains first; if both resolve to the same IP set, matching wordlist hits are filtered to avoid false positives.
SQL injection probe
Pynzor sqli -t "https://example.com/item?id=1"
XSS detection
Pynzor xss -t https://example.com -v
Sample reports
- Sample JSON report
- Sample HTML report — open in a browser
Commands
| Command | Description |
|---|---|
scan |
Full scan — run all modules |
fuzz |
Directory & file fuzzing |
headers |
Security header analysis |
sqli |
SQL injection probe |
xss |
Reflected XSS detection |
subdomain |
Subdomain enumeration |
report |
Re-generate report from JSON |
Configuration
Source installs include a config.yaml for fine-tuning:
- HTTP timeout, retries, user-agent string
- Rate limiting and redirect behavior
- Output format and directory
- Port lists, wordlist paths, thread counts
Disclaimer
Pynzor is for authorized testing only. Only use it on systems you own or have explicit written permission to test. Unauthorized use is illegal and unethical.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pynzor-1.0.8.tar.gz.
File metadata
- Download URL: pynzor-1.0.8.tar.gz
- Upload date:
- Size: 37.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3c340e944d9af39b37496748a103485cbc67f23a7505ad74aecb937e0660f1ea
|
|
| MD5 |
7d8c99b91d6ad4d74686a81949f8437e
|
|
| BLAKE2b-256 |
4f66a657d3225caf4928a68fdae638aac06e7bc2bbb69b8e7cedb2126a06b41d
|
Provenance
The following attestation bundles were made for pynzor-1.0.8.tar.gz:
Publisher:
release.yml on yal212/Pynzor
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pynzor-1.0.8.tar.gz -
Subject digest:
3c340e944d9af39b37496748a103485cbc67f23a7505ad74aecb937e0660f1ea - Sigstore transparency entry: 1382682536
- Sigstore integration time:
-
Permalink:
yal212/Pynzor@af9f569ec796e55fdcba74de5cf4ad28dac0b8d9 -
Branch / Tag:
refs/tags/v1.0.8 - Owner: https://github.com/yal212
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@af9f569ec796e55fdcba74de5cf4ad28dac0b8d9 -
Trigger Event:
push
-
Statement type:
File details
Details for the file pynzor-1.0.8-py3-none-any.whl.
File metadata
- Download URL: pynzor-1.0.8-py3-none-any.whl
- Upload date:
- Size: 46.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0bfdc2b9a387d51d3f30dfe4851f1ce3bac4cb673548fe52f511b7f56cb833b
|
|
| MD5 |
5be9880c14dd3f54fcfdf740a782ddc3
|
|
| BLAKE2b-256 |
6987a231b662e3b9bbde5e5a91fb38871d90614d59da9ee2b5dbaf1bea52381f
|
Provenance
The following attestation bundles were made for pynzor-1.0.8-py3-none-any.whl:
Publisher:
release.yml on yal212/Pynzor
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pynzor-1.0.8-py3-none-any.whl -
Subject digest:
c0bfdc2b9a387d51d3f30dfe4851f1ce3bac4cb673548fe52f511b7f56cb833b - Sigstore transparency entry: 1382682549
- Sigstore integration time:
-
Permalink:
yal212/Pynzor@af9f569ec796e55fdcba74de5cf4ad28dac0b8d9 -
Branch / Tag:
refs/tags/v1.0.8 - Owner: https://github.com/yal212
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@af9f569ec796e55fdcba74de5cf4ad28dac0b8d9 -
Trigger Event:
push
-
Statement type: