Share
## https://sploitus.com/exploit?id=9A8AAEA3-0324-5DD5-8719-0F68634CC714
# EREBUS

Web application security assessment framework.

> For authorized testing only — pentest engagements, CTF, personal labs...

---

## Install

```bash
git clone https://github.com/1863rd/erebus
cd erebus
pip install -r requirements.txt
```

**Requires:** Python 3.9+ · `requests` · `beautifulsoup4` · `colorama` · `pycryptodome` · `flask` · `flask-socketio`

---

## Features

- **Vulnerability scanner** — crawls the target, discovers endpoints, and runs all modules in parallel
- **9 detection modules** — SQLi, XSS, RCE, XXE, SSTI, broken auth, access control, sensitive data, misconfiguration
- **WAF detection & evasion** — fingerprints 22 WAF products and adapts payloads automatically
- **Exploitation engine** — auto-exploits confirmed findings directly from the CLI
- **Report generation** — JSON, Markdown, and interactive HTML with filtering and remediation hints
- **C2 infrastructure** — teamserver and beacon agent with AES-256 encryption and domain fronting support

---

## Usage

```bash
python erebus.py --scan --target https://target.com --output report.html
```

```bash
python erebus.py --help
```

---

## Scan modes

| | `fast` | `balanced` | `deep` |
|---|---|---|---|
| Depth | 1 | 2 | 4 |
| Max URLs | 80 | 300 | 1000 |
| Coverage | Core modules | Full | Full, thorough |

---

## Modules

| Module | Description |
|--------|-------------|
| `sqli` | SQL injection — 7 techniques, 12 DBMS |
| `xss` | Cross-site scripting — reflected, stored, DOM |
| `rce` | Remote code execution and command injection |
| `xxe` | XML external entity injection |
| `ssti` | Template injection and NoSQL injection |
| `auth` | Authentication weaknesses |
| `acl` | Access control and privilege escalation |
| `sensitive` | Sensitive data and information disclosure |
| `misconfig` | Security misconfiguration |

---

## Reports

Output formats: `.json` · `.md` · `.html`

The HTML report is self-contained with severity filtering, expandable finding details, one-click payload copy, and per-finding remediation guidance.