FGscanner is a completely rewritten version of littlescanner script (no longer available on this site starting from Oct,19 2013).
FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support. Any comments, contribution or request is more than welcome!
### How it works ?
FGscanner read the Directories wordlist and analyze the HTTP return code. If the directory exist on the target FGscanner starts reading pages list for a dictionary-based attack. Depending by –dump switch, if the page exists FGscanner dump it on disk.
If you need to avoid detection you can use the advanced featues
- –tor switch to adddress GET requests via TOR network (TOR must be running on your system)
- –tordns to resolve target via TOR network (otherwise DNS request will be directed to your dns)
- –sec to slow down the scan or randomize time between requests
- –uarnd to randomize User-Agent.
### Quick reference for switches
Usage: ./fgscan.pl –host=hostname [–proxy=filepath] [–sec=n] [–dump] [–dirlist=filepath] [–wordlist=filepath] [–tor] [–tordns] [–uarnd][–debug] [–help]
–debug : Print debug information
–dirs : Specify the directory list file
–pages : Specify the wordlist file
–uarnd : Enable User Agent randomization
–host : Specify hostname to scan (without http:// or https://)
–proxy : Specify a proxy list
–sec : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
–dump : Save found pages on disk
–tor : Use TOR as proxy for each request
–tordns : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network
–help : Show this help
git clone https://github.com/FantaGhost/FGscanner.git cd ./FGscanner chmod +x fgscan.pl
The official repository for FGscanner is hosted by GitHub