Z0scan
A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin import, and is dedicated to exploring web black-box vulnerabilities.
Install / Use
/learn @JiuZero/Z0scanREADME
😘 致谢
<div><table frame=void> <tr> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/1.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=Mzg4Mzg4OTIyMA====&scene=124#wechat_redirect"><sub>威零安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/2.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzkxMzI5NzI5Mg==&scene=124#wechat_redirect"><sub>蓝剑实验室</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/4.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzkzMjIxMDU5OA==&scene=124#wechat_redirect"><sub>ZAC安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/5.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=Mzk0NjQ2NzQ0Ng==&scene=124#wechat_redirect"><sub>奉天安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/10.jpg"alt="Typora-Logo"/> <br> <a href="https://www.cn-fnst.top"><sub>隼目安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/3.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/s/XvCq_kBAY-aDUH0uE3-oOQ"><sub>HackTwo</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/6.jpg"alt="Typora-Logo"/> <br> <a href="https://xz.aliyun.com/users/141291/"><sub>神农Sec</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/7.jpg"alt="Typora-Logo"/> <br> <a href="javascript:void(0)"><sub>棉花糖</sub></a> </td> </tr> <tr> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/8.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=Mzk0MjY1ODE5Mg==&scene=124#wechat_redirect"><sub>风铃Sec</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/11.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzU3MjU4MjM3MQ==&scene=124#wechat_redirect"><sub>银遁安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/9.png"alt="Typora-Logo"/> <br> <a href="https://xheishou.com"><sub>X黑手网络</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/12.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzkyNDYwNTcyNA==&scene=124#wechat_redirect"><sub>Sec探索者</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/13.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzE5MTQ3MjE0OQ==&scene=124#wechat_redirect"><sub>雪山盟</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/14.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=Mzk0ODM0NDIxNQ==&scene=124#wechat_redirect"><sub>夜组安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/15.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzkwNjczOTQwOA==&scene=124#wechat_redirect"><sub>星落安全</sub></a> </td> <td align="center"> <img src="https://images.weserv.nl/?mask=circle&w=60&h=60&url=raw.githubusercontent.com/JiuZero/z0scan/main/doc/acknowledgments/16.jpg"alt="Typora-Logo"/> <br> <a href="https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzkzNTc0OTgwMA==&scene=124#wechat_redirect"><sub>Cyber-Tools</sub></a> </td> </tr> </table></div>✨ 核心特性
<table> <tr> <td width="50%" valign="top"> <h3>🔍 安全检测</h3> <ul> <li><b>指纹与扫描插件联动</b> - WAF嗅探、指纹信息识别指导插件扫描</li> <li><b>分布式与本地式一体化</b> - 灵活适应不同的扫描与情景需求</li> <li><b>第三方绑定</b> - ObserverWard指纹检测、Nuclei POCs精准切入</li> <li><b>高自定义插件系统</b> - 可外部扩展并动态导入的插件系统</li> <li><b>无头爬虫支持</b> - 联动Crawlergo实现</li> </ul> </td> <td width="50%" valign="top"> <h3>🌐 部署架构</h3> <ul> <li><b>开源与部署</b> - 基于Python3开源、支持Docker部署、发行版开箱即用</li> <li><b>高性能</b> - 采用Nuitka编译、Rust跨语言</li> <li><b>可集成性</b> - API开放、允许用户自由集成扫描</li> <li><b>完全跨平台</b> - 支持Windows、Linux、MacOS等系统</li> </ul> </td> </tr> <tr> <td width="50%" valign="top"> <h3>📊 数据处理</h3> <ul> <li><b>复杂参数解析</b> - 支持Json、XML和伪静态参数解析</li> <li><b>二级参数解析</b> - 支持解析GET、POST参数的值作为新参数并自动解码</li> <li><b>数据存储</b> - 通过SQLite3提供数据存储支持</li> </ul> </td> <td width="50%" valign="top"> <h3>💡 智能验证</h3> <ul> <li><b>AI驱动的JS敏感信息后验证</b> - 智能校验JavaScript中的敏感数据</li> </ul> </td> </tr> </table>🚀 安装
📢 请务必花一点时间阅读此文档,有助于你快速熟悉Z0SCAN!
✔ 发行版本
获取发布版本:下载
- 想要构建适合您环境的可执行文件?请参阅:指南
✔ 克隆安装
[!Note] 国内码云:https://gitee.com/JiuZero/z0scan
git clone https://github.com/JiuZero/z0scan
cd z0scan
pip install -r requirements.txt
python3 z0.py help
✔ 容器安装
git clone https://github.com/JiuZero/z0scan
docker build -t z0scan .
docker run z0scan
# python3 z0.py help
📝 使用示例
Ling - 可视化
- 请前往 Ling 的 项目主页 获取她
[!WARNING] Ling 不包含 z0scan 核心, 需本地存在可用的 z0 可执行文件或脚本
z0 - 命令行
[!Note] Crawlergo无头爬虫、ObserverWard+Nuclei联动 - 需要配置Crawlergo或(ObserverWard与nuclei)到环境变量中,参阅:指南
✔ 被动扫描
[!Note] HTTPS支持 - 启动z0scan被动扫描,然后在浏览器中访问 http://z0scan.ca 下载证书并信任它
被动扫描的默认配置(将浏览器流量转发到端口5920):
z0 scan -s 127.0.0.1:5920
常用推荐配置:
z0 scan -s 127.0.0.1:5920 --risk 0,1,2,3 --level 2 --disable cmdi,unauth
控制台界面
✔ 主动扫描
主动扫描的默认配置:
# 通过Burp/Yakit请求流量的主动化被动扫描(推荐)
z0 scan -s 127.0.0.1:5920
# 直接检测
z0 scan -u https://example.com/?id=1
# 从URL列表进行批量检测
z0 scan -f urls.txt
# 爬虫并检测
z0 scan -u https://example.com/?id=1 --crawler
# 从URL列表中依次爬虫并检测
z0 scan -f urls.txt --crawler
- 更多详细信息,请参阅:文档
🔖 插件列表
页面级扫描插件 (PerPage)
| 插件名称 | 功能描述 | 风险等级 | |:--------:|:------
Related Skills
feishu-drive
335.2k|
things-mac
335.2kManage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database)
clawhub
335.2kUse the ClawHub CLI to search, install, update, and publish agent skills from clawhub.com
SchoolAnalytics
Skill: IB MYP Analytics & Grading Activation Trigger - Any task involving grade calculations, student flagging, or analytics dashboarding. - Questions about Criteria A, B, C, or D. Knowledge
