ScopeSentry
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
Install / Use
/learn @Autumn-27/ScopeSentryREADME
English | 中文
Introduction
Scope Sentry is a tool with functions such as asset mapping, subdomain enumeration, information leakage detection, vulnerability scanning, directory scanning, subdomain takeover, crawler, and page monitoring. By building multiple nodes, users can freely choose nodes to run scanning tasks. When new vulnerabilities emerge, it can quickly check whether the concerned assets have related components.
Distributed Implementation Reference Articles: https://mp.weixin.qq.com/s/xfgRxUjljoQ8KzacblktxA
Server Recommendation: lightnode
Discord:
Language
Server:python - FastApi
Scan:go
Front-end:vue - vue-element-plus-admin
Website
- Official Website: https://www.scope-sentry.top
- Github: https://github.com/Autumn-27/ScopeSentry
- Scanner source code: https://github.com/Autumn-27/ScopeSentry-Scan
- UI source code: https://github.com/Autumn-27/ScopeSentry-UI
- Plugin Market: Plugin Market
- Plugin Template:https://github.com/Autumn-27/ScopeSentry-Plugin-Template
Install
git clone https://github.com/Autumn-27/ScopeSentry.git
cd ScopeSentry
# Change the MongoDB and Redis account passwords in the. env file.
docker-compose -f single-host-deployment.yml up -d
After running, there will be four containers: mongodb, redis, scope-sentry (server), and scopesentry-scan (scan). By default, there will be one scanning node.
View the initial user password and the secondary verification password of the plug-in
docker logs scope-sentry
Add new nodes(Optional)
git clone https://github.com/Autumn-27/ScopeSentry-Scan.git
cd ScopeSentry-Scan/build
# Edit the connection information for MongoDB and Redis in the .env file. NodeName is the node name, and each node name should be unique (if it is empty, it will be randomly generated, and you can change the name in the web interface).
docker-compose -f scan-docker-compose.yml up -d
Plugin Flowchart
<img src="流程图.svg"/>Current Features
- Plugin System (Add any tool through extension)
- Subdomain Enumeration
- Subdomain Takeover Detection
- Port Scanning
- Asset Identification
- Directory Scanning
- Vulnerability Scanning
- Sensitive Information Leakage Detection
- URL Extraction
- Crawler
- Page Monitoring
- Custom WEB Fingerprint
- POC Import
- Asset Grouping
- Multi-Node Scanning
- Webhook
To Do
- Weak Password Cracking
Installation
For installation instructions, see the official website
Communication
Discord:
Screenshots
Login
Homepage Dashboard
Plugin System
Asset Data
Assets
Quick syntax search:
Root Domain
Subdomains
Subdomain Takeover
APP
小程序
URL
Crawler
Sensitive Information
Directory Scanning
Vulnerabilities
Page Monitoring
Projects
Project asset aggregation
Panel - Overview
Subdomains
Port
Service
Tasks
Task Progress
Nodes
#License
All branches of this project follow AGPL-3.0, and additional terms need to be followed:
- The commercial use of this software requires a separate commercial license.
- Companies, organizations, and for-profit entities must obtain a commercial license before using, distributing, or modifying this software. Individuals and non-profit organizations are free to use this software in accordance with the terms of AGPL-3.0.
- If you have any commercial license inquiries, please contact rainy-autumn@outlook.com .
Related Skills
healthcheck
334.5kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
334.5kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
334.5kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
82.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
