Share
## https://sploitus.com/exploit?id=802B21C7-350B-55E3-94CF-F4EBFA431B2E
# Shadow-Scan - Advanced Security Audit Framework
# đĽ Overview
Shadow-Scan is a comprehensive, all-in-one security auditing and reconnaissance framework built for ethical hackers, penetration testers, and security researchers. This tool combines multiple offensive security testing modules into a single, powerful CLI application.
## ⨠Features
## đŻ Target Reconnaissance
¡ Subdomain enumeration via DNS and Certificate Transparency
¡ Port scanning with service/version detection
¡ Technology stack fingerprinting
¡ Web directory and file discovery
¡ SSL/TLS certificate analysis
## đ Network Mapping
¡ Host discovery (ARP, ICMP, SYN)
¡ Network topology visualization
¡ Device type identification
¡ OS fingerprinting
¡ Route tracing and hop analysis
## ⥠Vulnerability Assessment
¡ Automated CVE database integration
¡ Common misconfiguration detection
¡ Security header analysis
¡ Weak cipher detection
¡ Risk scoring system (0-10 scale)
## đ Threat Intelligence
¡ Real-time CVE feeds from multiple sources
¡ IP reputation checking
¡ Malware/Phishing URL databases
¡ Active threat monitoring
¡ Custom threat feed integration
## đĄď¸ Exploitation Modules
¡ Common vulnerability exploitation
¡ Credential testing modules
¡ Service-specific attack vectors
¡ Post-exploitation enumeration
¡ Privilege escalation checks
## đ Reporting System
¡ Professional PDF/HTML reports
¡ JSON/XML output for automation
¡ Executive summaries
¡ Technical documentation
¡ Remediation recommendations
## đľď¸ Stealth Operations
¡ Rate limiting and request throttling
¡ Random delay injection
¡ User-agent rotation
¡ Proxy/TOR support
¡ Log evasion techniques
# đ Quick Installation
## Termux (Android)
```bash
pkg update && pkg upgrade
pkg install python git nmap
git clone https://github.com/abhi-exploits/Shadow-Scan.git
cd Shadow-Scan
pip install -r requirements.txt
chmod +x shadowscan.py
```
## Linux/Debian
```bash
sudo apt update
sudo apt install python3 python3-pip nmap
git clone https://github.com/abhi-exploits/Shadow-Scan.git
cd Shadow-Scan
pip3 install -r requirements.txt
sudo chmod +x shadowscan.py
```
Windows (WSL)
```bash
# Run in WSL Ubuntu terminal
sudo apt update
sudo apt install python3 python3-pip nmap
git clone https://github.com/abhi-exploits/Shadow-Scan.git
cd Shadow-Scan
pip3 install -r requirements.txt
```
# đ Basic Usage
Help Menu
```bash
python3 shadowscan.py --help
```
Quick Target Scan
```bash
# Basic scan
python3 shadowscan.py scan -t example.com
# Stealth scan
python3 shadowscan.py scan -t target.com --stealth
# Save to report
python3 shadowscan.py scan -t example.com -o report.pdf
```
Network Discovery
```bash
# Discover hosts
python3 shadowscan.py netmap -n 192.168.1.0/24
# Visual network map
python3 shadowscan.py netmap -n 10.0.0.0/24 -o network.png
```
Vulnerability Assessment
```bash
# Check target vulnerabilities
python3 shadowscan.py vuln -t 192.168.1.1
# Specific services
python3 shadowscan.py vuln -t target.com --service ssh,http,mysql
```
Full Security Audit
```bash
# Complete assessment
python3 shadowscan.py full -t target.com --stealth -o audit_report.pdf
```
## đ§ Advanced Commands
1. Exploitation Mode
```bash
# Test for common exploits
python3 shadowscan.py exploit -t target.com --type web
# Service-specific exploitation
python3 shadowscan.py exploit -t 192.168.1.100 --service smb
# Custom exploit module
python3 shadowscan.py exploit -t victim.com --module custom_exploit.py
```
2. Credential Testing
```bash
# SSH brute force (ethical use only)
python3 shadowscan.py creds -t 192.168.1.1 --service ssh --user admin
# FTP credential testing
python3 shadowscan.py creds -t ftp.server.com --service ftp --wordlist common.txt
# Web login testing
python3 shadowscan.py creds -t admin.example.com --service http --form
```
3. Post-Exploitation
```bash
# System enumeration
python3 shadowscan.py post -t compromised-host --enum system
# Network pivoting
python3 shadowscan.py post -t 192.168.1.100 --pivot internal-network
# Data exfiltration simulation
python3 shadowscan.py post -t target --exfiltrate --test
```
4. Privilege Escalation Checks
```bash
# Linux privilege escalation
python3 shadowscan.py privesc -t linux-target --type linux
# Windows privilege escalation
python3 shadowscan.py privesc -t windows-target --type windows
# Automated escalation testing
python3 shadowscan.py privesc -t target --auto
```
## đŻ Module Reference
Scan Module
```bash
python3 shadowscan.py scan -t TARGET [OPTIONS]
Options:
-t, --target Target domain/IP (required)
-o, --output Output file (.pdf, .html, .json, .md)
--stealth Enable stealth mode
--ports Custom ports (default: 1-1000)
--timeout Connection timeout (default: 5)
--threads Number of threads (default: 50)
--subdomains Enable subdomain enumeration
--dirscan Enable directory scanning
```
Exploit Module
```bash
python3 shadowscan.py exploit -t TARGET [OPTIONS]
Options:
-t, --target Target to exploit
--type Exploit type (web, service, local)
--service Specific service to target
--module Custom exploit module
--payload Payload to use
--lhost Listener host for reverse shells
--lport Listener port (default: 4444)
--check-only Only check, don't exploit
```
Credential Module
```bash
python3 shadowscan.py creds -t TARGET [OPTIONS]
Options:
-t, --target Target for credential testing
--service Service (ssh, ftp, http, smb)
--user Username/username file
--pass Password/password file
--wordlist Wordlist file
--threads Brute force threads
--rate Requests per second limit
```
## đ Output Examples
PDF Report Sample
```
SHADOW-SCAN SECURITY AUDIT REPORT
==================================
Target: example.com
Date: 2024-01-15 14:30:00
Risk Score: 7.8/10 (HIGH)
FINDINGS:
- 5 Critical vulnerabilities
- 12 Open ports
- 3 Misconfigurations
- 8 Security headers missing
RECOMMENDATIONS:
1. Close unnecessary ports
2. Update Apache to latest version
3. Implement WAF
4. Enable HTTPS enforcement
```
# JSON Output
```json
{
"target": "example.com",
"scan_date": "2024-01-15T14:30:00Z",
"risk_score": 7.8,
"vulnerabilities": [
{
"type": "CVE-2023-12345",
"severity": "CRITICAL",
"description": "Remote Code Execution",
"remediation": "Update to version 2.5.0"
}
]
}
```
## âď¸ Configuration
Edit config/config.yaml:
```yaml
# Exploitation settings
exploitation:
default_payloads: true
custom_payload_dir: "/payloads"
reverse_shell_ports: [4444, 5555, 6666]
auto_exploit: false
safety_checks: true
# Credential testing
credentials:
default_wordlists: true
wordlist_dir: "/wordlists"
max_attempts: 10
rate_limit: 5
common_users: ["admin", "root", "user"]
# Post-exploitation
post_exploit:
enumeration_depth: 3
data_collection: true
persistence: false
cleanup: true
```
đ Legal & Ethical Use
â ď¸ IMPORTANT DISCLAIMER
This tool is designed for:
¡ Authorized penetration testing
¡ Security research and education
¡ CTF competitions
¡ Ethical hacking training
đŤ STRICTLY PROHIBITED
¡ Unauthorized network scanning
¡ Illegal hacking activities
¡ Malicious attacks
¡ Privacy violations
¡ Any criminal activity
## â
Always:
1. Obtain written permission
2. Follow responsible disclosure
3. Respect privacy laws
4. Use in controlled environments
5. Keep results confidential
## đ ď¸ Development
Project Structure
```
Shadow-Scan/
âââ shadowscan.py # Main entry point
âââ modules/
â âââ scanner.py # Scanning module
â âââ exploit.py # Exploitation module
â âââ credcheck.py # Credential testing
â âââ postexploit.py # Post-exploitation
âââ payloads/ # Exploit payloads
âââ wordlists/ # Wordlists
âââ reports/ # Generated reports
âââ config/
âââ config.yaml # Configuration
```
Adding Custom Modules
```python
# Create custom exploit module
class CustomExploit:
def __init__(self, target):
self.target = target
def check(self):
# Check if vulnerable
return True
def exploit(self):
# Exploitation code
return "Exploited successfully"
# Register in main.py
from modules.exploit import ExploitManager
ExploitManager.register('custom', CustomExploit)
```
# đ¤ Contributing
1. Fork the repository
2. Create feature branch: git checkout -b feature-name
3. Commit changes: git commit -m 'Add feature'
4. Push to branch: git push origin feature-name
5. Open Pull Request
Contribution Guidelines
¡ Follow PEP 8 coding standards
¡ Add comprehensive documentation
¡ Include test cases
¡ Update README if needed
¡ No malicious code allowed
## đ Support
Issues and Questions
¡ GitHub Issues: Report Bugs
¡ Discussions: Community Forum
## â Show Your Support
If you find this project useful, please:
¡ Star the repository â
¡ Share with other security enthusiasts
¡ Contribute to development
¡ Report issues and suggestions
---
Developed with â¤ď¸ by abhiexploits | For Ethical Security Research Only
â ď¸ Warning: Unauthorized use of this tool against networks you don't own or have explicit permission to test is illegal and punishable by law.