Metadata-Version: 1.1
Name: Helios-Scanner
Version: 1.1
Summary: A Python based Web Application security scanner
Home-page: https://github.com/stefan2200/Helios
Author: stefan2200
Author-email: stefan@stefanvlems.nl
License: Apache 2.0
Description: Helios
        ======
        
        Multi-threaded open-source web application security scanner
        
        The current version can detect the following vulnerabilities:
        
        SQL-Injections - Error Based - Boolean Based - Time Based
        
        Cross-Site-Scripting - Reflected - Stored
        
        File-inclusion - Local file inclusion - Remote file inclusion
        
        File uploads - Command Injection -
        Backup-files - Error disclosure - Source code disclosure - Web
        application fingerprint and much more :)
        
        How to install
        ==============
        
        ::
        
            git clone https://github.com/stefan2200/Helios.git
            cd Helios
            pip3 setup.py install
        
            or pip3 install Helios-Scanner
        
            helios-update-db
            helios -h
        
        How to use (Command Line)
        =========================
        
        ::
        
            usage: helios: args [-h] [-u URL] [--urls URLS]
                                             [--user-agent USER_AGENT] [-a] [-o OUTFILE]
                                             [-d] [--driver-path DRIVER_PATH]
                                             [--show-driver] [--interactive] [--no-proxy]
                                             [--proxy-port PROXY_PORT] [-c]
                                             [--max-urls MAXURLS] [--scopes SCOPES]
                                             [--scope-options SCOPE_OPTIONS] [-s] [--adv]
                                             [--cms] [--webapp] [--optimize]
                                             [--options CUSTOM_OPTIONS]
                                             [--login LOGIN_TYPE]
                                             [--login-creds LOGIN_CREDS]
                                             [--login-url LOGIN_URL]
                                             [--login-data LOGIN_DATA]
                                             [--token-url TOKEN_URL]
                                             [--header LOGIN_HEADER] [--threads THREADS]
                                             [--sslverify] [--database DB] [-v] [--msf]
                                             [--msf-host MSF_HOST] [--msf-port MSF_PORT]
                                             [--msf-creds MSF_CREDS]
                                             [--msf-endpoint MSF_URI]
                                             [--msf-nossl MSF_NOSSL] [--msf-start]
        
            optional arguments:
              -h, --help            show this help message and exit
              -u URL, --url URL     URL to start with
              --urls URLS           file with URL's to start with
              --user-agent USER_AGENT
                                    Set the user agent
              -a, --all             Run everything
              -o OUTFILE, --output OUTFILE
                                    Output file to write to (JSON)
        
            Chromedriver Options:
              -d, --driver          Run WebDriver for advanced discovery
              --driver-path DRIVER_PATH
                                    Set custom path for the WebDriver
              --show-driver         Show the WebDriver window
              --interactive         Dont close the WebDriver window until keypress
              --no-proxy            Disable the proxy module for the WebDriver
              --proxy-port PROXY_PORT
                                    Set a custom port for the proxy module, default: 3333
        
            Crawler Options:
              -c, --crawler         Enable the crawler
              --max-urls MAXURLS    Set max urls for the crawler
              --scopes SCOPES       Extra allowed scopes, comma separated hostnames (* can
                                    be used as wildcard)
              --scope-options SCOPE_OPTIONS
                                    Various scope options (additional info in wiki)
              --wordlist WL_FILE    Additional web discovery wordlist
              --wordlist-ext WL_EXT
                                    Additional comma separated web discovery extensions
                                    (requires wordlist)
              --wordlist-404 WL_404
                                    Custom 404 text pattern (default: use status code)
              --wordlist-status-codes WL_CODES
                                    Custom comma separated found status codes
        
            Scanner Options:
              -s, --scan            Enable the scanner
              --adv                 Enable the advanced scripts
              --cms                 Enable the CMS module
              --webapp              Enable scanning of web application frameworks like
                                    Tomcat / Jboss
              --optimize            Optimize the Scanner engine (uses more resources)
              --options CUSTOM_OPTIONS
                                    Comma separated list of scan options (discovery,
                                    passive, injection, dangerous, all)
        
            Login Options:
              --login LOGIN_TYPE    Set login method: basic, form, form-csrf, header
              --login-creds LOGIN_CREDS
                                    Basic Auth credentials username:password
              --login-url LOGIN_URL
                                    Set the URL to post to (forms)
              --login-data LOGIN_DATA
                                    Set urlencoded login data (forms)
              --token-url TOKEN_URL
                                    Get CSRF tokens from this page (default login-url)
              --header LOGIN_HEADER
                                    Set this header on all requests (OAuth tokens etc..)
                                    example: "Key: Bearer {token}"
        
            Advanced Options:
              --threads THREADS     Set a custom number of crawling / scanning threads
              --sslverify           Enable SSL verification (requests will fail without
                                    proper cert)
              --database DB         The SQLite database to use
              -v, --verbose         Show verbose stuff
        
            Metasploit Options:
              --msf                 Enable the msfrpcd exploit module
              --msf-host MSF_HOST   Set the msfrpcd host
              --msf-port MSF_PORT   Set the msfrpcd port
              --msf-creds MSF_CREDS
                                    Set the msfrpcd username:password
              --msf-endpoint MSF_URI
                                    Set a custom endpoint URI
              --msf-nossl MSF_NOSSL
                                    Disable SSL
              --msf-start           Start msfrpcd if not running already
        
        
        
        
            Crawl and scan an entire domain
            helios.py -u "http://example.com/" -c -s
        
            Safe scan
            helios.py -u "http://example.com/" -c -s --options "passive,discovery" --adv
        
            Full scan (with unsafe scripts)
            helios.py -u "http://example.com/" -a --options all --max-urls 1000
        
            Scan a single URL
            helios.py -u "http://example.com/vuln.php?id=1" -s
        
            Scan webapps and CMS systems
            helios.py -u "http://example.com/blog/" --webapp --cms
        
            Pwn a web server
            helios.py -u "http://example.com/" --msf
        
        Helios is built for authorized use only!
        
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Operating System :: POSIX
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: MacOS :: MacOS X
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Testing
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development :: Libraries :: Python Modules
