Plugin-based web vulnerabillity scanner library
Project description
S2N — Plugin-based Web Vulnerability Scanner
stateDiagram-v2
state "<pre><code>
.-') .-') _
( OO ). ( OO ) )
(_)---\_) .-----. ,--./ ,--,'
/ _ | / ,-. \| \ | |\
\ :` `. '-' | || \| | )
'..`''.) .' / | . |/
.-._) \ .' /__ | |\ |
\ /| || | \ |
`-----' `-------'`--' `--'
</pre></code>" as logo
style logo color: #FFF, fill:#0022FF
A lightweight, plugin-driven web vulnerability scanner library. Core data types and interfaces are defined in
s2n.s2nscanner.interfaces. More detailed type Documentation is available ininterfaces.en.md.
Quick install
CLI Usage
Execute a scan from the command line:
s2n scan \
--url http://target.com \
--all \
--auth auto \
--username admin \
--password pass \
--output-format html \
--output results.html
Common options:
-u, --url: Target URL to scan (Required)-p, --plugin: Select specific plugins (multiple allowed)--all: Run all default plugins-a, --auth: Authentication type (NONE, BASIC, BEARER, AUTO, etc.)--login-url: Login page URL for automatic authentication-o, --output: Save results to a file--output-format: Output format (JSON, HTML, CSV, CONSOLE, MULTI)--crawler-depth: Set crawling depth (Default: 2)-v, --verbose: Enable detailed logging
Chrome Extension Usage (GUI)
S2N provides a user-friendly scanning experience via a Chrome Extension alongside the CLI. Follow these steps to link the extension with your local S2N host.
- Install Extension: Install the S2N Scanner extension from the Chrome Web Store or via Developer Mode.
- Link Host: Run the following command in your terminal to install the Native Messaging Host. This establishes communication between your browser and the local scanner. (It will automatically link to the official default Extension ID)
s2n install-gui - Restart your browser and click the extension icon to start scanning.
Python usage
from s2n import Scanner, ScanConfig, PluginConfig, AuthConfig
from s2n.interfaces import Severity, AuthType
# Create ScanConfig
config = ScanConfig(
target_url="http://target.com",
scanner_config=ScannerConfig(crawl_depth=3),
plugin_configs={
"sql": PluginConfig(
enabled=True,
max_payloads=50
)
},
auth_config=AuthConfig(
auth_type=AuthType.BASIC,
username="admin",
password="pass"
)
)
# Execute Scan with ScanConfig parameter
scanner = Scanner(config)
report = scanner.scan()
# 결과 처리
print(f"[RESULT]: {report.summary.total_vulnerabilities}개")
for result in report.plugin_results:
for finding in result.findings:
if finding.severity in [Severity.CRITICAL, Severity.HIGH]:
print(f"[{finding.severity}] {finding.title}")
Key type references
Documentation
- Data type reference:
interfaces.en.md - Source:
interfaces.py
Core types and data models:
s2n.s2nscanner.interfaces.ScanConfigs2n.s2nscanner.interfaces.PluginConfigs2n.s2nscanner.interfaces.ScannerConfig
Results & reporting:
s2n.s2nscanner.interfaces.ScanReports2n.s2nscanner.interfaces.Finding
Enums:
s2n.s2nscanner.interfaces.Severitys2n.s2nscanner.interfaces.PluginStatus
Features
- Plugin-based Architecture: Modular vulnerability checks for easy expansion.
- Advanced Crawling & Discovery: Universal login support and automatic attack point detection.
- Supported Plugins: SQL Injection, XSS, CSRF, JWT, OS Command Injection, File Upload, Brute Force, etc.
- Multiple UI Clients: Powerful CLI and Chrome Extension GUI for various workflows.
- Rich Reporting: Structured data models with support for JSON, HTML, CSV, and Console outputs.
- Cross-Platform Support: Optimized detection patterns for Windows, Linux, and macOS environments.
- Automated Testing: Integrated CI/CD support for security regression testing.
LICENSE
Contributing
Follow the project coding style and add tests for new features.
Update type docs in interfaces.en.md when interfaces change.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
s2n-0.3.0.tar.gz
(138.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
s2n-0.3.0-py3-none-any.whl
(181.5 kB
view details)
File details
Details for the file s2n-0.3.0.tar.gz.
File metadata
- Download URL: s2n-0.3.0.tar.gz
- Upload date:
- Size: 138.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9d82e013c4e8e4af6a977ee191342ceb158eae3a9da2e1585a1c2588c01727d5
|
|
| MD5 |
ca51eba4824f7dbe2ffb89f50503a936
|
|
| BLAKE2b-256 |
371e4273a6021f1049472f6e1daed0187c139cbd1a87dc3b44307212c5b5df09
|
File details
Details for the file s2n-0.3.0-py3-none-any.whl.
File metadata
- Download URL: s2n-0.3.0-py3-none-any.whl
- Upload date:
- Size: 181.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e6b8f8a9bde6b5d737feb14d69c49c278d6873dc65f8d87306fa5719106f2379
|
|
| MD5 |
bc2aa95d7c6e9919289c709267c918b7
|
|
| BLAKE2b-256 |
dd0919629e2e8f8fc438b4040324abee1e2e4275200419325d218ba2603700a0
|
