# z0scan **Repository Path**: frontcold/z0scan ## Basic Information - **Project Name**: z0scan - **Description**: No description available - **Primary Language**: Unknown - **License**: GPL-2.0 - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-02-14 - **Last Updated**: 2026-02-06 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README ![z0scan](https://socialify.git.ci/JiuZero/z0scan/image?description=1&font=Raleway&language=1&logo=https%3A%2F%2Fraw.githubusercontent.com%2FJiuZero%2Fz0scan%2Frefs%2Fheads%2Fmain%2Fdoc%2Flogo.png&owner=1&pattern=Solid&theme=Auto)

中文 • Guide • Download • Changelog

## 😘 Acknowledgments

_{WeiLing Security}
_{Blue Sword Lab}
_{ZAC Security}
_{Fengtian Security}
_{Falcon Eye Security}
_HackTwo
_ShennongSec
_{Cotton Candy}

_{WindChime Sec}
_{Silver Shield Security}
_{X Black Hand Network}
_{Sec Explorer}
_{Snow Mountain Alliance}
_{Night Team Security}
_{Starfall Security}
_Cyber-Tools

--- ## ✨ Core Features

🔍 Security Detection

Fingerprint & Plugin Synergy - WAF detection, fingerprint identification to guide plugin scanning

Distributed & Local Integration - Flexibly adapt to different scanning and scenario requirements

Third-party Scanning Integration - ObserverWard fingerprint detection, Nuclei POCs precision scanning

Highly Customizable Plugin System - Externally extensible and dynamically importable plugin system

Headless Crawler - Built-in Crawlergo implementation

🌐 Deployment Architecture

Open Source & Deployment - Python3 open source, supports Docker deployment, out-of-the-box releases

High Performance - Nuitka compilation, Rust cross-language

Integrability - Open API, allowing users to freely integrate scanning

Fully Cross-platform - Supports Windows, Linux, macOS and other systems

📊 Data Processing

Complex Parameter Parsing - Supports Json, XML and pseudo-static parameter parsing

Secondary Parameter Parsing - Supports parsing the values of GET and POST parameters as new parameters and automatically decoding them

Data Storage - Provides data storage support through SQLite3

💡 Intelligent Verification

AI-driven JS Sensitive Information Verification - Intelligently verify sensitive data in JavaScript

--- ## 🚀 Installation 📢 Please take some time to read this documentation, which will help you quickly become familiar with Z0SCAN! ### ✔ Release Version Get the release version: [Download](https://github.com/JiuZero/z0scan/releases) - Want to build an executable file suitable for your environment? Please refer to: [Guide](https://jiuzero.github.io/tags/z0scan/) ### ✔ Clone Installation > [!Note] > Gitee mirror: https://gitee.com/JiuZero/z0scan ```bash git clone https://github.com/JiuZero/z0scan cd z0scan pip install -r requirements.txt playwright install python3 z0.py help ``` ### ✔ Container Installation ```bash git clone https://github.com/JiuZero/z0scan docker build -t z0scan . docker run z0scan # python3 z0.py help ``` ## 📝 Usage Examples ### Ling - Visualization ![Example](doc/example3.png) - Please go to Ling's [project page](https://github.com/JiuZero/Ling) to get it > [!WARNING] > Ling does not include the z0scan core, requires a locally available z0 executable file or script ### z0 - Command Line > [!Note] > ObserverWard fingerprint, Nuclei POCs linkage - Configure ObserverWard and nuclei to environment variables and configure plugins & fingerprints, refer to: [Guide](https://jiuzero.github.io/tags/z0scan/) ### ✔ Passive Scanning > [!Note] > HTTPS support - Start z0scan passive scanning, then visit http://z0scan.ca in your browser to download and trust the certificate Default configuration for passive scanning (forward browser traffic to port 5920): ``` z0 scan -s 127.0.0.1:5920 ``` ![Example](doc/example0.png) Common recommended configuration: ``` z0 scan -s 127.0.0.1:5920 --risk 0,1,2,3 --level 2 --disable cmdi,unauth ``` Console Interface ![Example](doc/example4.png) ### ✔ Active Scanning Default configuration for active scanning: ``` # Passive scanning converted to active (recommended) via Burp/Yakit request traffic z0 scan -s 127.0.0.1:5920 ``` ![Example](doc/example1.png) ``` # Direct detection z0 scan -u https://example.com/?id=1 # Basic crawler (path depth 3) and detection z0 scan -u https://example.com/?id=1 -c 3 # Batch detection from URL list z0 scan -f urls.txt # Sequential crawling from URL list (path depth 3) and detection z0 scan -f urls.txt -c 3 ``` ![Example](doc/example2.png) - For more details, please refer to: [Documentation](https://jiuzero.github.io/tags/z0scan/) --- ## 🔖 Plugin List ### Page-level Scanning Plugins (PerPage) | Plugin Name | Function Description | Risk Level | |:--------:|:--------:|:--------:| | cmdi | Command Execution | 3 | | cmdi-blind | Command Execution (Blind) | 3 | | codei-asp | ASP Code Execution | 3 | | codei-java | Java Code Injection Vulnerability Scanner (EL/SpEL/OGNL) | 3 | | codei-php | PHP Code Execution | 3 | | cors-passive | CORS Vulnerability (Passive Analysis) | 1 | | crlf_1 | CRLF Injection Vulnerability Detection | 2 | | fileinclude | File Include | 2 | | jndi-error | JNDI Injection Vulnerability Scanner | 3 | | jsonp | JSONP Sensitive Information Leak & Jacking | 1 | | ldap-error | Error-based LDAP Injection | 2 | | leakpwd-page-passive | Weak Password on Login Page | 2 | | objectdese | Deserialization Parameter Analysis | 3 | | other-captcha-bypass | Frontend Captcha Bypass Detection | 0 | | other-fastjson-blind | Fastjson Blind Injection | 2 | | other-json-error | JSON Error Injection | 2 | | other-webdav-passive | WebDAV Service Passive Detection | 0 | | redirect | Redirect Vulnerability | 1 | | redos | Regular Expression Denial of Service (ReDoS) Vulnerability Scanner | -1 | | sensi-backup_1 | Backup File Detection (File-based) | 1 | | sensi-editfile | Editor Backup File Leak Detection | 1 | | sensi-js | JavaScript Sensitive Information Leak (with AI Context Validation) | 0 | | sensi-php-realpath | PHP Real Path Discovery | 0 | | sensi-retirejs | Outdated JS Component Detection | -1 | | sensi-sourcecode | Source Code Disclosure Detection | 1 | | sensi-viewstate | Unencrypted VIEWSTATE Discovery | 0 | | sqli-bool | SQL Boolean-based Blind Injection | 2 | | sqli-dnslog | SQL DNS Out-of-band Injection | 2 | | sqli-error | SQL Error-based Injection | 2 | | sqli-time | SQL Time-based Blind Injection | 2 | | ssrf | server-side request forgery vulnerabilities | 2 | | ssti | SSTI Vulnerability Detection | 3 | | ssti-angularjs | AngularJS Client-Side Template Injection Detection | 2 | | unauth | Unauthorized Access Vulnerability | 2 | | webpack | Webpack Source Code Leak | 1 | | xpathi-error | Error-based XPATH Injection | 2 | | xss | JS Semantic-based XSS Scanning | 1 | | xxe | XML external entity injection vulnerabilities | 3 | | xxe-blind | Blind XXE plugin detects out-of-band data exfiltration | 3 | ### Directory-level Scanning Plugins (PerDir) | Plugin Name | Function Description | Risk Level | |:--------:|:--------:|:--------:| | dirlisting | Directory Browsing Vulnerability (Directory-based) | 2 | | sensi-backup_2 | Backup File of Each Folder (Directory-based) | 1 | | sensi-files | Sensitive File Leak (e.g., phpinfo, .git) | 1 | | sensi-frontpage | FrontPage Configuration Information Disclosure | 1 | | upload-oss | OSS Arbitrary File Upload Vulnerability Detection | 3 | ### Domain-level Scanning Plugins (PerDomain) | Plugin Name | Function Description | Risk Level | |:--------:|:--------:|:--------:| | clickjacking | Clickjacking Vulnerability Scanner | -1 | | cors-active | CORS Vulnerability (Active Detection) | 2 | | crlf_3 | CRLF Line Injection Vulnerability (Domain-based) | 2 | | dns-zonetransfer | DNS Zone Transfer Vulnerability | 1 | | hosti | Host Header Injection Detection | 1 | | idea-parse | Idea Directory Parsing | 1 | | listing | Directory Listing | 2 | | oss-takeover | OSS Bucket Takeover | 3 | | sensi-backup_3 | Backup File Detection (Domain-based) | 1 | | sensi-baseline | Check for Version Leak on Response | -1 | | sensi-errorpage | Error Page Information Leak | 0 | | smuggling | Request Smuggling Vulnerability | 3 | | unauth-webdav-active | WebDAV Authentication Bypass Vulnerability | 1 | | upload-put | PUT-based Arbitrary File Upload | 3 | | xss-flash | Flash SWF XSS | 1 | | xss-net | .NET XSS | 1 | | xst | Cross-Site Tracing Vulnerability Detection | -1 | ### Host-level Scanning Plugins (PerHost) | Plugin Name | Function Description | |:--------:|:--------:| | leakpwd-activemq | Weak Password on ActiveMQ | | leakpwd-mssql | Weak Password on MSSQL Server | | leakpwd-mysql | Weak Password on MySQL Server | | leakpwd-postgresql | Weak Password on PostgreSQL Server | | leakpwd-redis | Weak Password on Redis Server | | leakpwd-smb | Weak Password on SMB Server | | leakpwd-ssh | Weak Password on SSH Server | | other-ftp-anonymous | FTP anonymous Login | | rce-javarmi | Check the JavaRMI RCE | | rce-solr | Apache Solr RCE via Velocity | | unauth-docker | Docker Unauthorized Access | | unauth-elastic | Elasticsearch Unauthorized Access | | unauth-jenkins | Jenkins Unauthorized Access | | unauth-ldaps | Ldaps Unauthorized Access | | unauth-memcache | Memcache Unauthorized Access | | unauth-mongodb | Mongodb Unauthorized Access | | unauth-resis | Redis Unauthorized Access | | unauth-rsync | Rsync Unauthorized Access | | unauth-solr | Apache Solr Unauthorized Access | | unauth-zookeeper | Zookeeper Unauthorized access | --- ## 🔀 Workflow ![Workflow Diagram](doc/lct.png) --- ## 🔗 Contact - In my third year of high school, the project is maintained and updated irregularly QAQ - Welcome masters to apply for collaboration positions with me~

Official Account

90Safe

WeChat

JiuZer1

QQ

1703417187

QQ Group

1058256508

--- ## 🍀 Contributing ![Alt](https://repobeats.axiom.co/api/embed/9c54ad12caa9f9b34f4da6bca8090f388f3538d0.svg "Repobeats analytics image") --- ## 💖 Star Trend

_{WeiLing Security}	_{Blue Sword Lab}	_{ZAC Security}	_{Fengtian Security}	_{Falcon Eye Security}	_HackTwo	_ShennongSec	_{Cotton Candy}
_{WindChime Sec}	_{Silver Shield Security}	_{X Black Hand Network}	_{Sec Explorer}	_{Snow Mountain Alliance}	_{Night Team Security}	_{Starfall Security}	_Cyber-Tools