Sec-Tools is a Python-Django based multifunctional web security penetration testing platform offering comprehensive vulnerability scanning, port scanning, fingerprinting, and asset discovery.
🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。
This tool is designed for security professionals and web administrators to perform thorough security assessments of web applications by identifying vulnerabilities, exposed services, and potential attack surfaces. It facilitates asset discovery, vulnerability detection, and risk evaluation to help users improve their web security posture.
This tool is intended strictly for authorized security testing and learning purposes only; commercial use or unauthorized testing is prohibited by the author. Users must comply with applicable laws such as the Chinese Cybersecurity Law. The tool integrates with AWVS API for vulnerability scanning, so appropriate API access and configuration may be required. User credentials are securely stored using salted SHA256 hashes with base64 encoding.
Clone the repository from GitHub: git clone https://github.com/jwt1399/Sec-Tools.git
Ensure Python 3.7.0 and Django 3.1.4 are installed
Install required dependencies (not explicitly listed, but implied to include Django and related packages)
Configure the SQLite database (default used)
Run Django migrations to set up database tables
Start the Django development server to access the web interface
Register a new user to access system featuresRegister and login via the web interface
New users must register and login to use the system; guests have limited access.
Use the web UI to input target URL for vulnerability scanning
Initiates scans for SQL injection, XSS, weak passwords, and middleware vulnerabilities.
Select CVE numbers for middleware vulnerability scanning
Allows targeted scanning of known middleware vulnerabilities like Weblogic, Struts2, Tomcat, etc.
Perform port scanning and fingerprinting via the web interface
Collects information about open ports and identifies web technologies used by the target.
Use domain and bypass site detection features
Discovers related domains and proxy sites to expand asset visibility.