endpointscanner 7.2__tar.gz → 7.2.2__tar.gz

{endpointscanner-7.2 → endpointscanner-7.2.2}/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: endpointscanner
-Version: 7.2
-Summary: Website endpoint reconnaissance tool and rate limit tester that bypasses simple captchas.
+Version: 7.2.2
+Summary: Website endpoint reconnaissance tool and rate limit tester that can bypass simple captchas and WAFs.
 Project-URL: Homepage, https://github.com/SphericalFlower52811/endpointscanner
 Project-URL: Issues, https://github.com/SphericalFlower52811/endpointscanner/issues
 Project-URL: Repository, https://github.com/SphericalFlower52811/endpointscanner
-Keywords: endpoint-scanner,website-recon,bug-bounty,rate-limiting,dir-search,url-discovery,web-reconnaissance
+Keywords: web-crawler,rate-limiting,bug-bounty,web-crawler-python,pentest-tool,endpoint-discovery,crawler-python,bugbounty-tool,web-reconnaissance,web-recon-tool,cybersecurity-tools,endpoint-extraction,spa-crawler,reconnaissance,directory-crawler,directory-discoverer,directory-enumeration
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
@@ -16,9 +16,9 @@ Requires-Dist: playwright-stealth
 Requires-Dist: httpx[http2]>=0.27.0
 Dynamic: license-file
 
-# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.0)
+# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.2)
 
-A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Tests for IDOR or other broken access control bugs on websites by changing variables in endpoints to 1. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
+A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Automates IDOR and broken access control vulnerability testing through replacing variables with 1 in endpoints. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
 
 For Installation, please go to the Installation section below!
 
@@ -67,8 +67,8 @@ Passable arguments:
 
 ## Installation
 
-You MUST have python 3.9 or above to use this!!
-To install endpointscanner, run the command:
+You MUST have python 3.9 or above to use this tool!
+To install the official [endpointscanner Python package](https://pypi.org/project/endpointscanner/), run the command:
 
 ```bash
 python3 -m pip install endpointscanner
@@ -182,17 +182,24 @@ Version 7.2 added:
 - More accurate sorting (previous bug that put /api/health in SPAs patched)
 - Removed the 'Scraped from JS' label as extra files and html src are being scraped.
 
+Version 7.2.1 (patch update) added:
+
+- fixed bug where paths would still show /
+- fixed bug where some external links were coded into files like e.g. https://n. It is not a real link but got included, and the bug was fixed.
+
+Version 7.2.2 just changed wording and description of the tool to be more clear.
+
 ## Plans for next version and the future
 
 Version 7.3 is planned to have:
 
-- Optimisation to make sorting of endpoints faster
+- More JS Stacks to detect
 - Detecting what type of captcha was used if the script is blocked.
 
 Future plans (May be added in the next version):
 
 - Recursive scanning (Going into each valid path to find more endpoints as some files only show up in specific endpoints.)
-- More JS Stacks to detect
+- Optimisation to make sorting of endpoints faster
 
 ai assisted code btw
 

{endpointscanner-7.2 → endpointscanner-7.2.2}/README.md

@@ -1,6 +1,6 @@
-# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.0)
+# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.2)
 
-A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Tests for IDOR or other broken access control bugs on websites by changing variables in endpoints to 1. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
+A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Automates IDOR and broken access control vulnerability testing through replacing variables with 1 in endpoints. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
 
 For Installation, please go to the Installation section below!
 
@@ -49,8 +49,8 @@ Passable arguments:
 
 ## Installation
 
-You MUST have python 3.9 or above to use this!!
-To install endpointscanner, run the command:
+You MUST have python 3.9 or above to use this tool!
+To install the official [endpointscanner Python package](https://pypi.org/project/endpointscanner/), run the command:
 
 ```bash
 python3 -m pip install endpointscanner
@@ -164,17 +164,24 @@ Version 7.2 added:
 - More accurate sorting (previous bug that put /api/health in SPAs patched)
 - Removed the 'Scraped from JS' label as extra files and html src are being scraped.
 
+Version 7.2.1 (patch update) added:
+
+- fixed bug where paths would still show /
+- fixed bug where some external links were coded into files like e.g. https://n. It is not a real link but got included, and the bug was fixed.
+
+Version 7.2.2 just changed wording and description of the tool to be more clear.
+
 ## Plans for next version and the future
 
 Version 7.3 is planned to have:
 
-- Optimisation to make sorting of endpoints faster
+- More JS Stacks to detect
 - Detecting what type of captcha was used if the script is blocked.
 
 Future plans (May be added in the next version):
 
 - Recursive scanning (Going into each valid path to find more endpoints as some files only show up in specific endpoints.)
-- More JS Stacks to detect
+- Optimisation to make sorting of endpoints faster
 
 ai assisted code btw
 

{endpointscanner-7.2 → endpointscanner-7.2.2}/endpointscanner.egg-info/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: endpointscanner
-Version: 7.2
-Summary: Website endpoint reconnaissance tool and rate limit tester that bypasses simple captchas.
+Version: 7.2.2
+Summary: Website endpoint reconnaissance tool and rate limit tester that can bypass simple captchas and WAFs.
 Project-URL: Homepage, https://github.com/SphericalFlower52811/endpointscanner
 Project-URL: Issues, https://github.com/SphericalFlower52811/endpointscanner/issues
 Project-URL: Repository, https://github.com/SphericalFlower52811/endpointscanner
-Keywords: endpoint-scanner,website-recon,bug-bounty,rate-limiting,dir-search,url-discovery,web-reconnaissance
+Keywords: web-crawler,rate-limiting,bug-bounty,web-crawler-python,pentest-tool,endpoint-discovery,crawler-python,bugbounty-tool,web-reconnaissance,web-recon-tool,cybersecurity-tools,endpoint-extraction,spa-crawler,reconnaissance,directory-crawler,directory-discoverer,directory-enumeration
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
@@ -16,9 +16,9 @@ Requires-Dist: playwright-stealth
 Requires-Dist: httpx[http2]>=0.27.0
 Dynamic: license-file
 
-# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.0)
+# Website Endpoint Scanner and Rate Limit Tester For Websites (Version 7.2.2)
 
-A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Tests for IDOR or other broken access control bugs on websites by changing variables in endpoints to 1. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
+A fast automated website reconnaissance tool that extracts endpoints, files, and even external links from websites. Automates IDOR and broken access control vulnerability testing through replacing variables with 1 in endpoints. Has a built in rate limit tester that can test on any endpoint, and can bypass simple WAFs/captchas and client-side SPAs.
 
 For Installation, please go to the Installation section below!
 
@@ -67,8 +67,8 @@ Passable arguments:
 
 ## Installation
 
-You MUST have python 3.9 or above to use this!!
-To install endpointscanner, run the command:
+You MUST have python 3.9 or above to use this tool!
+To install the official [endpointscanner Python package](https://pypi.org/project/endpointscanner/), run the command:
 
 ```bash
 python3 -m pip install endpointscanner
@@ -182,17 +182,24 @@ Version 7.2 added:
 - More accurate sorting (previous bug that put /api/health in SPAs patched)
 - Removed the 'Scraped from JS' label as extra files and html src are being scraped.
 
+Version 7.2.1 (patch update) added:
+
+- fixed bug where paths would still show /
+- fixed bug where some external links were coded into files like e.g. https://n. It is not a real link but got included, and the bug was fixed.
+
+Version 7.2.2 just changed wording and description of the tool to be more clear.
+
 ## Plans for next version and the future
 
 Version 7.3 is planned to have:
 
-- Optimisation to make sorting of endpoints faster
+- More JS Stacks to detect
 - Detecting what type of captcha was used if the script is blocked.
 
 Future plans (May be added in the next version):
 
 - Recursive scanning (Going into each valid path to find more endpoints as some files only show up in specific endpoints.)
-- More JS Stacks to detect
+- Optimisation to make sorting of endpoints faster
 
 ai assisted code btw
 

{endpointscanner-7.2 → endpointscanner-7.2.2}/enumerateendpoint.py

@@ -7,7 +7,7 @@ import argparse
 import time
 import json
 from playwright.sync_api import sync_playwright #headless browser to solve captcha
-from playwright_stealth import Stealth #Ensure strict firewalls do not block the playwright browser
+from playwright_stealth import Stealth #ensure strict firewalls do not block the playwright browser
 
 HEADER = {
     "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
@@ -653,6 +653,7 @@ def main():
             matches = re.findall(p, respo.text)
             for m in matches:
                 m_clean = re.sub(r'(\$\{.*?\}|:[a-zA-Z0-9]+)', '1', m)
+                m_clean = m_clean.strip()
                 if m_clean != m:
                    m_display = f"{m_clean} [Original: {m}]"
                 else:
@@ -705,6 +706,7 @@ def main():
                     matches = re.findall(p, script.string)
                     for m in matches:
                         m_clean = re.sub(r'(\$\{.*?\}|:[a-zA-Z0-9]+)', '1', m)
+                        m_clean = m_clean.strip()
                         if m_clean != m:
                            m_display = f"{m_clean} [Original: {m}]"
                         else:
@@ -772,7 +774,7 @@ def main():
                         matches = re.findall(p, js_res.text)
                         for m in matches:
                             m_clean = re.sub(r'(\$\{.*?\}|:[a-zA-Z0-9]+)', '1', m)
-
+                            m_clean = m_clean.strip()
                             if m_clean != m:
                                 m_display = f"{m_clean} [Original: {m}]"
                             else:
@@ -783,7 +785,7 @@ def main():
                                     if m_clean != m:
                                         m_display = '/' + m_display
                             if not m_clean.lower().endswith(ignored_extensions):
-                                if m_clean in ["/", "//", "///", "/.", "/..", "/...", "/./", "/ "]:
+                                if m_clean.strip in ["/", "//", "///", "/.", "/..", "/...", "/./", "/ "]:
                                     continue
                                 if any(term in m_clean.lower() for term in USELESSSTUFF):
                                     continue
@@ -809,7 +811,7 @@ def main():
                     if urlparse(target_x_url).netloc == urlparse(target if "://" in target else f"https://{target}").netloc:
                         if clean_f not in xml_files:
                             xml_files.append(clean_f)
-
+            
             for xmlfile in xml_files:
                 if args.scan_timeout:
                     ts = checktime(start_test_time, args.scan_timeout) #timer status
@@ -827,6 +829,10 @@ def main():
                         for loc in locs:
                             clean_path = loc.strip()
                             if clean_path and clean_path != "/" and clean_path not in found_paths:
+                                if clean_path in ["/", "//", "///", "/.", "/..", "/...", "/./", "/ "]:
+                                    continue
+                                if any(term in clean_path.lower() for term in USELESSSTUFF):
+                                    continue
                                 found_paths.add(clean_path)
                                 
                                 if not args.tidy:
@@ -853,6 +859,11 @@ def main():
             for path in sorted(found_paths):
                 display_path = discovered_in_js.get(path, path)
                 #take away original if disable og actiev
+                pure_path = display_path.split(" [Original:")[0]
+                if pure_path.strip() in ["/", "//", "///", "/.", "/..", "/...", "/./", "/ "]:
+                    continue
+                if not any(char.isalnum() for char in pure_path):
+                    continue
                 if args.only_original and " [Original: " in display_path:
                     display_path = display_path.split(" [Original: ")[1].rstrip(']')
                 elif args.disable_og and " [Original:" in display_path:
@@ -870,6 +881,8 @@ def main():
                     is_external = parsed_path.netloc and get_base(parsed_path.netloc) != get_base(target_domain)
 
                     if is_external:
+                        if "." not in pure_path:
+                            continue
                         results_ext.append(f"{display_path.lstrip('/')}")
                         continue
                     if "://" in path and parsed_path.netloc == target_domain:
@@ -878,6 +891,8 @@ def main():
                             internal_route += f"?{parsed_path.query}"
                         path = internal_route if internal_route.startswith('/') else '/' + internal_route
                         display_path = path
+                        if display_path.strip() in ["/", "//", "///", "/.", "/..", "/...", "/./"]:
+                            continue
                     elif parsed_path.netloc and parsed_path.netloc != target_domain:
                         results_subd.append(display_path.lstrip('/'))
                         continue
@@ -992,6 +1007,11 @@ def main():
         else:
             for path in sorted(found_paths):
                 display_path = discovered_in_js.get(path, path)
+                pure_path = display_path.split(" [Original:")[0]
+                if pure_path.strip() in ["/", "//", "///", "/.", "/..", "/...", "/./", "/ "]:
+                    continue
+                if not any(char.isalnum() for char in pure_path):
+                    continue
                 if args.only_original and " [Original: " in display_path:
                     display_path = display_path.split(" [Original: ")[1].rstrip(']')
                 elif args.disable_og and " [Original:" in display_path:

{endpointscanner-7.2 → endpointscanner-7.2.2}/pyproject.toml

@@ -4,11 +4,30 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "endpointscanner"
-version = "7.2"
+version = "7.2.2"
 readme = "README.md"
-description = "Website endpoint reconnaissance tool and rate limit tester that bypasses simple captchas."
+description = "Website endpoint reconnaissance tool and rate limit tester that can bypass simple captchas and WAFs."
 requires-python = ">=3.9"
-keywords = ["endpoint-scanner", "website-recon", "bug-bounty", "rate-limiting", "dir-search", "url-discovery", "web-reconnaissance"]
+keywords = [
+    "web-crawler",
+    "rate-limiting",
+    "bug-bounty",
+    "web-crawler-python",
+    "pentest-tool",
+    "endpoint-discovery",
+    "crawler-python",
+    "bugbounty-tool",
+    "web-reconnaissance",
+    "web-recon-tool",
+    "cybersecurity-tools",
+    "endpoint-extraction",
+    "spa-crawler",
+    "reconnaissance",
+    "directory-crawler",
+    "directory-discoverer",
+    "directory-enumeration"
+]
+
 dependencies = [
     "curl_cffi",
     "beautifulsoup4",