Share
## https://sploitus.com/exploit?id=9A8AAEA3-0324-5DD5-8719-0F68634CC714
# EREBUS
Web application security assessment framework.
> For authorized testing only â pentest engagements, CTF, personal labs...
---
## Install
```bash
git clone https://github.com/1863rd/erebus
cd erebus
pip install -r requirements.txt
```
**Requires:** Python 3.9+ · `requests` · `beautifulsoup4` · `colorama` · `pycryptodome` · `flask` · `flask-socketio`
---
## Features
- **Vulnerability scanner** â crawls the target, discovers endpoints, and runs all modules in parallel
- **9 detection modules** â SQLi, XSS, RCE, XXE, SSTI, broken auth, access control, sensitive data, misconfiguration
- **WAF detection & evasion** â fingerprints 22 WAF products and adapts payloads automatically
- **Exploitation engine** â auto-exploits confirmed findings directly from the CLI
- **Report generation** â JSON, Markdown, and interactive HTML with filtering and remediation hints
- **C2 infrastructure** â teamserver and beacon agent with AES-256 encryption and domain fronting support
---
## Usage
```bash
python erebus.py --scan --target https://target.com --output report.html
```
```bash
python erebus.py --help
```
---
## Scan modes
| | `fast` | `balanced` | `deep` |
|---|---|---|---|
| Depth | 1 | 2 | 4 |
| Max URLs | 80 | 300 | 1000 |
| Coverage | Core modules | Full | Full, thorough |
---
## Modules
| Module | Description |
|--------|-------------|
| `sqli` | SQL injection â 7 techniques, 12 DBMS |
| `xss` | Cross-site scripting â reflected, stored, DOM |
| `rce` | Remote code execution and command injection |
| `xxe` | XML external entity injection |
| `ssti` | Template injection and NoSQL injection |
| `auth` | Authentication weaknesses |
| `acl` | Access control and privilege escalation |
| `sensitive` | Sensitive data and information disclosure |
| `misconfig` | Security misconfiguration |
---
## Reports
Output formats: `.json` · `.md` · `.html`
The HTML report is self-contained with severity filtering, expandable finding details, one-click payload copy, and per-finding remediation guidance.