Karibu sana! Welcome to CSCAN.
CSCAN is a professional, all-in-one security testing framework designed to make your reconnaissance and vulnerability scanning work easier and more effective. Whether you are a security researcher, a system administrator, or an ethical hacker, CSCAN provides you with the right tools to identify weaknesses in your systems before the bad actors do.
We have designed CSCAN to be powerful but very simple to use. It handles everything from finding subdomains and gathering open-source intelligence (OSINT) to crawling websites and testing for vulnerabilities like XSS and SQL Injection.
- Deep Web Crawler: Discovers hidden pages, forms, and parameters automatically.
- Active Vulnerability Scanner: Tests for XSS, SQLi, SSRF, and Command Injection using real data found by the crawler.
- Live CVE Mapping: Checks your server software against the live NIST National Vulnerability Database to see if there are any known bugs.
- Passive OSINT Reconnaissance: Gathers intelligence from free sources (like AlienVault, URLScan, and ThreatCrowd) without ever touching the target directly.
- Authenticated Scanning: Allows you to put your session cookies so you can scan pages that require a login.
- Stealth & WAF Evasion: Built-in techniques to safely bypass basic Web Application Firewalls (WAF) like Cloudflare.
Kindly follow the steps below depending on the system you are using. It is very simple to set up.
Linux is the most recommended environment for running CSCAN smoothly.
Step 1: Open your terminal and clone the repository:
git clone https://github.com/your-repo/cscaner.git
cd cscanerStep 2: Make the installation script executable and run it:
chmod +x install.sh
./install.shStep 3: Download the professional wordlists to make your scans accurate:
chmod +x fetch_wordlists.sh
./fetch_wordlists.shStep 4: You can now start CSCAN by typing:
python3 cscan.pyFor our mobile users who want to do security assessments on the go, Termux is highly supported.
Step 1: Update your Termux packages first:
pkg update && pkg upgrade -yStep 2: Install the required dependencies:
pkg install python git rust binutils -yStep 3: Clone the project and enter the folder:
git clone https://github.com/your-repo/cscaner.git
cd cscanerStep 4: Install the Python requirements and fetch the wordlists:
pip install -r requirements.txt
chmod +x fetch_wordlists.sh
./fetch_wordlists.shStep 5: Start CSCAN:
python cscan.pyYou can run CSCAN on Windows using Python, or preferably using Windows Subsystem for Linux (WSL) for the best experience.
Option A: Using Python directly
- Download and install Python from the official website. Kindly make sure to check the box that says "Add Python to PATH" during installation.
- Open your Command Prompt (CMD) or PowerShell and clone the repository:
git clone https://github.com/your-repo/cscaner.git cd cscaner - Install the requirements:
pip install -r requirements.txt
- Start the tool:
python cscan.py
(Note: To get the professional wordlists on Windows, you may need to use Git Bash to run ./fetch_wordlists.sh)
Option B: Using WSL (Highly Recommended) If you have WSL installed (Ubuntu on Windows), simply open your WSL terminal and follow the Linux installation steps above. It works perfectly!
Using CSCAN is very straightforward. When you run python3 cscan.py, you will be greeted by a beautiful, interactive menu.
Step-by-step Usage:
- Set your target: Press
Ton your keyboard and enter the website or IP address you want to scan (for example:example.com). - Run OSINT (Menu 40): We advise you to start with passive reconnaissance. This will gather information from public databases without alerting the target.
- Run the Web Crawler (Menu 42): This is a very important step. Let CSCAN spider the website to find all hidden links, forms, and JavaScript secrets.
- Configure Authentication (Menu 43): If the website requires a login, go here to paste your session cookies.
- Run Active Scan (Menu 35): Finally, run the active vulnerability scanner. CSCAN will use the data from the crawler to test for serious bugs.
- Auto Scan (Menu 17): If you are in a hurry, you can choose the Auto Scan option, and CSCAN will run all the necessary steps automatically for you.
Security is always changing, and we frequently update CSCAN with new features and better payloads. To make sure you always have the latest version, kindly do the following:
Open your terminal, go into the CSCAN folder, and pull the latest changes:
cd cscaner
git pull origin mainIf we have added new libraries, you may also need to update the requirements:
pip install -r requirements.txt --upgradeIt is a good practice to run git pull every week so that you do not miss out on any important security updates.
Please read this carefully: CSCAN is an advanced tool that generates real cyber-attacks for testing purposes. You are strictly advised to use this tool only on systems that you own, or systems where you have been given explicit, written permission to test (such as bug bounty programs or authorized penetration tests).
Using CSCAN on unauthorized targets is illegal and can lead to serious consequences. Be a professional, act responsibly, and happy hunting!
Developed with dedication for the cybersecurity community.