• Stars
    star
    953
  • Rank 47,957 (Top 1.0 %)
  • Language
    Python
  • Created about 7 years ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Advanced reconnaissance utility

NOTE: due to dumbass people, automatic issue creation has been turned off until further notice


GitHub stars GitHub forks GitHub issues GitHub license Twitter Donate

Helpful links directory

Zeus-Scanner

What is Zeus?

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas.

Features

  • A powerful built in URL parsing engine
  • Multiple search engine compatibility (DuckDuckGo, AOL, Bing, and Google default is Google)
  • Ability to extract the URL from Google's ban URL thus bypassing IP blocks
  • Ability to extract from Google's webcache URL
  • Proxy compatibility (http, https, socks4, socks5)
  • Tor proxy compatibility and Tor browser emulation
  • Parse robots.txt/sitemap.xml and save them to a file
  • Multiple vulnerability assessments (XSS, SQLi, clickjacking, port scanning, admin panel finding, whois lookups, and more)
  • Tamper scripts to obfuscate XSS payloads
  • Can run with a custom default user-agent, one of over 4000 random user-agents, or a personal user-agent
  • Automatic issue creation when an unexpected error arises
  • Ability to crawl a webpage and pull all the links
  • Can run a singular dork, multiple dorks in a given file, or a random dork from a list of over 5000 carefully researched dorks
  • Dork blacklisting when no sites are found with the search query, will save the query to a blacklist file
  • Identify WAF/IPS/IDS protection of over 20 different firewalls
  • Header protection enumeration to check what kind of protection is provided via HTTP headers
  • Saving cookies, headers, and other vital information to log files
  • and much more...

Screenshots

Running without a mandatory options, or running the --help flag will output Zeus's help menu: zeus-help A basic dork scan with the -d flag, from the given dork will launch an automated browser and pull the Google page results: zeus-dork-scan Calling the -s flag will prompt for you to start the sqlmap API server python sqlmapapi.py -s from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL's. zeus-sqlmap-api

You can see more screenshots here

Demo

to_video

Requirements

There are some requirements for this to be run successfully.

Basic requirements
  • libxml2-dev, libxslt1-dev, python-dev are required for the installation process
  • Firefox web browser is required as of now, you will need Firefox version <=58 >=52 (between 52 and 58). Full functionality for other browsers will eventually be added.
  • If you want to run sqlmap through the URL's you will need sqlmap somewhere on your system.
  • If you want to run a port scan using nmap on the URL's IP addresses. You will need nmap on your system.
  • Geckodriver is required to run the firefox web browser and will be installed the first time you run. It will be added to your /usr/bin so that it can be run in your ENV PATH.
  • You must be sudo for the first time running this so that you can add the driver to your PATH, you also may need to run as sudo depending on your permissions. NOTE: Depending on permissions you may need to be sudo for any run involving the geckodriver
  • xvfb is required by pyvirtualdisplay, it will be installed if not installed on your first run
Python package requirements
  • selenium-webdriver package is required to automate the web browser and bypass API calls.
  • requests package is required to connect to the URL, and the sqlmap API
  • python-nmap package is required to run nmap on the URL's IP addresses
  • whichcraft package is required to check if nmap and sqlmap are on your system if you want to use them
  • pyvirtualdisplay package is required to hide the browser display while finding the search URL
  • lxml is required to parse XML data for the sitemap and save it as such
  • psutil is required to search for running sqlmap API sessions
  • beautifulsoup is required to pull all the HREF descriptor tags and parse the HTML into an easily workable syntax

Installation

You can download the latest tar.gz, the latest zip, or you can find the current stable release here. Alternatively you can install the latest development version by following the instructions that best match your operating system:

NOTE: (optional but highly advised) add sqlmap and nmap to your environment PATH by moving them to /usr/bin or by adding them to the PATH via terminal

Ubuntu/Debian
sudo apt-get install libxml2-dev libxslt1-dev python-dev &&  git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py
centOS
sudo apt-get install gcc python-devel libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py

Backbox

64 bit installation:

sudo -s << EOF
aptitude purge firefox
wget https://ftp.mozilla.org/pub/firefox/releases/57.0/linux-x86_64/en-US/firefox-57.0.tar.bz2
tar -xjf firefox-57.0.tar.bz2
rm -rf /opt/firefox*
mv firefox /opt/firefox57
mv /usr/bin/firefox /usr/bin/firefoxold
ln -s /opt/firefox57/firefox-bin /usr/bin/firefox
apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && pip2 install -r requirements.txt && python zeus.py
EOF

32 bit installation:

sudo -s << EOF
aptitude purge firefox
wget https://ftp.mozilla.org/pub/firefox/releases/57.0/linux-i686/en-US/firefox-57.0.tar.bz2
tar -xjf firefox-57.0.tar.bz2
rm -rf /opt/firefox*
mv firefox /opt/firefox57
mv /usr/bin/firefox /usr/bin/firefoxold
ln -s /opt/firefox57/firefox-bin /usr/bin/firefox
apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && pip2 install -r requirements.txt && python zeus.py
EOF
Others
sudo apt-get install libxml2-dev libxslt1-dev python-dev && git clone https://github.com/ekultek/zeus-scanner.git && cd zeus-scanner && sudo pip2 install -r requirements.txt && sudo python zeus.py

This will install all the package requirements along with the geckodriver

Donations

Zeus is created by a small team of developers that have an aspiration for information security and a strive to succeed. If you like Zeus and want to donate to our funding, we gladly and appreciatively accept donations via:

You can be assured that all donations will go towards Zeus funding to make it more reliable and even better, thank you from the Zeus development team

Shoutouts

OpenSource Projects

OpenSource Projects is a Facebook community page who's goal is to give developers, new and old, a easy and simple place to share their opensource contributions and projects. I personally think this is an awesome idea, I know how hard it is to get your code noticed by people and support these guys 100%. Go ahead and give them a like here. They will share any opensource project you send them for free. Thank you OpenSource Projects for giving developers a place to share work with one another!

Translations

More Repositories

1

WhatWaf

Detect and bypass web application firewalls and protection systems
Python
2,604
star
2

BlueKeep

Proof of concept for CVE-2019-0708
Python
1,170
star
3

WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information
Python
1,126
star
4

Pybelt

The hackers tool belt
Python
510
star
5

Graffiti

A tool to generate obfuscated one liners to aid in penetration testing
Python
176
star
6

Dagon

Advanced Hash Manipulation
Python
171
star
7

XanXSS

A simple XSS finding tool
Python
107
star
8

tadpole

Download files out of open AWS buckets
Python
37
star
9

HacApt

Package manager for hackers built by hackers
Python
35
star
10

Checkers

Determine everything you need to know to about a system
Python
30
star
11

GitRekt

Search .git folders for emails and URL's that should otherwise be hidden
Python
28
star
12

WhatDir

Multi-threaded web application directory bruteforcer
Python
24
star
13

Strutter

Proof of Concept for CVE-2018-11776
Python
20
star
14

PoC

Leveraging CVE-2018-19788 without root shells
Python
18
star
15

CVE-2019-17625

Working exploit code for CVE-2019-17625
Python
17
star
16

soapy

log file scrubber
Python
15
star
17

CVE-2019-7216

Filechucker filter bypass Proof Of Concept
10
star
18

letmein

Lightweight easy to use password manager
Python
9
star
19

Whisper

Intellegent detection system to determine if a computer has been compromised
8
star
20

arpper

Simple tool to determine live IP addresses on a local network
Python
7
star
21

ISIE

InfoSlut Image Editor
Python
6
star
22

pen-test

Pentesting tools
Python
6
star
23

elastic-custom-scraper

Python
4
star
24

Throwing-Shade

You all know what this is for.
3
star
25

codecademy

Python codecademy
Python
3
star
26

TikTok-Pixel-Code

Deobfuscated and comments TikTok pixel Javascript code
JavaScript
3
star
27

email-tool

An email generator CLI based tool
Ruby
3
star
28

charmed

Issues reported to jetbrains that they decided weren't issues
Python
3
star
29

Gignor

Stashing for computer cleaning
Python
2
star
30

Analyzer.

Simple text Analyzer
Ruby
2
star
31

Inventory-Management-Framework

A basic overview framework of an inventory management system
Python
2
star
32

archiver

Extremely quick file archiver, send files to a zip file in under 30 seconds.
C#
2
star
33

IDENT

Ip address DENying Tool
Python
1
star
34

u2b

Holding repo for a reimage
Python
1
star
35

exercism-io-answers

Exercism.IOanswers
Python
1
star
36

Python-Challenges

Challenges that I've done using Python
Python
1
star
37

C

Learning C from learncthehardway
C
1
star