A comprehensive Rust-based security enumeration tool with real-time dashboard
- π΅οΈ Subdomain Enumeration - haktrails, subfinder, certificate transparency
- π DNS Resolution - Fast IP resolution with dnsx
- β‘ Port Scanning - masscan for speed, httpx for validation
- π Web Crawling - JavaScript analysis, endpoint discovery
- π¨ Vulnerability Scanning - Nuclei integration
- ποΈ Infrastructure Mode - Network scanning with IP ranges
- π Real-time Dashboard - Web UI with live progress tracking
- π Admin Panel Discovery - Scans 15 ports & 80+ admin paths
- π Default Credential Testing - Tests 40+ common username/password combinations
- π Discord Notifications - Real-time alerts for critical findings
- π― Multi-Auth Support - Form-based, Basic Auth, API JSON
- π₯ Instant Alerts - Valid credentials, secrets, vulnerabilities
- π Detailed Reports - JSON + TXT outputs for bug submissions
- 70+ Token Patterns - GitHub (PAT, OAuth, App), AWS, GCP, Azure, Vercel, Stripe, Twilio, SendGrid, Slack, Discord, and more
- Token Validation - Automatic validation against real APIs to confirm if secrets are active
- Code Context - Shows exact line number and code snippet where secret was found
- Remediation Guidance - Provides specific steps to fix each type of exposed secret
- S3 Bucket Testing - Tests for anonymous read/write/list permissions
- GCS & Azure Blob - Multi-cloud storage exposure detection
- Risk Level Assessment - Automatic severity classification
- CDN Detection - Automatically filters out IPs from Cloudflare, Akamai, Fastly, AWS CloudFront, Google Cloud CDN, Azure CDN, Incapsula
- Smart IP Validation - Removes invalid IPs and duplicates from scan results
- False Positive Reduction - Only scans real target infrastructure, not shared CDN IPs
- NPM Package Detection - Extracts packages from require(), import statements
- Public Registry Validation - Checks if internal packages exist on public npm registry
- Dependency Confusion Alert - Identifies potential supply chain attack vectors
- Multi-source Collection - Aggregates JS from URLFinder, HTTP200, DOM parsing
- Deep Secret Extraction - Analyzes JavaScript content for hardcoded credentials
- API Endpoint Discovery - Extracts REST/GraphQL endpoints from JS code
- 15 Port Scanning - Covers ports 80, 443, 8080, 8443, 8000, 3000, 5000, 9000, 8888, 8088, 8081, 9090, 3001, 4200, 5001
- 80+ Admin Paths - WordPress, Joomla, Laravel, Django, phpMyAdmin, and more
- Smart Fingerprinting - Identifies CMS type from response content
- 40+ Default Credentials - Common admin/password combinations
- Multi-Auth Support - Form-based, HTTP Basic Auth, API JSON authentication
- Rate Limiting - Built-in delays to avoid account lockouts
# Clone repository
git clone https://github.com/KingOfBugbounty/enumrust.git
cd enumrust
# Build release version
cargo build --release# Domain enumeration with full scan
./target/release/enumrust -d example.com --subfinder --full-scan
# Domain enumeration (basic)
./target/release/enumrust -d example.com --subfinder# Start dashboard on default port 8080
./target/release/enumrust --dashboard
# Start dashboard on custom port
./target/release/enumrust --dashboard --dashboard-port 3000
# Run scan with dashboard monitoring
./target/release/enumrust -d target.com --subfinder --full-scan --dashboardFirst Access Setup:
π Dashboard server starting on http://0.0.0.0:8080
π Access the dashboard and complete the initial setup
Setup Code: <random_16_char_code>
- Open
http://localhost:8080in your browser - Use the Setup Code displayed in terminal (generated randomly each startup)
- Create your own username and password
- Login and start monitoring your scans
- Progress Bar - Animated, shows current scan phase
- Event Stream - Live feed of tool execution
- Statistics Cards - Vulnerability counts by severity
- Two-Panel Layout - File list + content viewer
- Syntax Highlighting - Terminal-style display
- Domain Filtering - Select specific target to view
- Severity Filters - Critical, High, Medium, Low
- Detailed View - Template ID, host, description
- Export Options - JSON data for reporting
- Random Credentials - Setup code generated at each startup
- JWT Authentication - Secure session management
- No Hardcoded Secrets - All credentials created by user
# Bug bounty scan with Discord notifications
./target/release/enumrust -d target.com \
--bugbounty \
--discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"
# Aggressive bug bounty scan
./target/release/enumrust -d target.com \
--bugbounty \
--full-scan \
--workers 20 \
--discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"What it does:
- β Discovers admin panels on 15 different ports
- β Tests 40+ default credentials automatically
- β Sends Discord alerts for valid credentials found
- β Notifies about critical vulnerabilities & secrets
- β Generates detailed reports for bug submissions
π See BUGBOUNTY_MODE.md for complete guide
# Full enumeration with all sources
./target/release/enumrust -d target.com --full-scan
# Quick scan with specific tools
./target/release/enumrust -d target.com --subfinder# Single IP
./target/release/enumrust --infraestrutura --ip-range 192.168.1.100
# CIDR notation
./target/release/enumrust --infraestrutura --ip-range 192.168.1.0/24
# IP range
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1-192.168.1.254
# Comma-separated IPs
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1,192.168.1.5,192.168.1.10
# From file
./target/release/enumrust -f targets.txt --full-scan# Full IP scan with directory fuzzing
./target/release/enumrust -d target.com \
--ip-scan \
--ip-full-scanAfter scanning example.com, results are saved in:
example.com/
βββ subdomains.txt # Discovered subdomains
βββ ips.txt # Resolved IP addresses
βββ http200.txt # Active HTTP(S) hosts
βββ masscan.txt # Port scan results
βββ ports.txt # Validated open ports
βββ nuclei.txt # Vulnerability findings
βββ urls.txt # Discovered URLs
βββ js_endpoints.txt # JavaScript endpoints
βββ js_secrets.txt # Potential secrets in JS
βββ s3.txt # S3 bucket URLs
βββ ferox_200_only.txt # Directory bruteforce results
βββ all_results.txt # Consolidated report
βββ current_status.json # Scan status
βββ progress.jsonl # Real-time progress log
βββ metrics.json # Performance metrics
- haktrails - Subdomain discovery
- subfinder - Subdomain enumeration
- dnsx - DNS resolution
- masscan - Fast port scanner
- httpx - HTTP toolkit
- nuclei - Vulnerability scanner
- feroxbuster - Directory bruteforce
# Install all dependencies
./target/release/enumrust --install-tools- Concurrent Scanning - Parallel tool execution
- Async I/O - Non-blocking operations
- Resource Management - Automatic cleanup
- Timeout Handling - Prevents hanging scans
Typical Scan Times:
- Small domain (< 10 subdomains): 2-5 minutes
- Medium domain (10-50 subdomains): 5-15 minutes
- Large domain (> 50 subdomains): 15-30 minutes
- Path Validation - Prevents directory traversal
- Input Sanitization - Command injection protection
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
MIT License - see LICENSE for details.
OFJAAAH
- GitHub: @ofjaaah
Made with β€οΈ and Rust π¦
